Jump to content

Fake Customer Registrations & spam


Recommended Posts

Hello all

Lately I have had hacker-types register as clients in my CC store (typically with names such as "MxFcgAVH, MXFcgAVH".  As I do not get notifications of new user registrations, I'm unaware of these registrations until I log in to the admin panel again, when I just delete them. However, these sorts of registrations have gone hand-in-hand with the sending out of spam from the store address, typically in Russian, but with a tag at the bottom of the emails :

"This email is sent from the stores master email address but it is possible to reply directly to the sender using the reply button on your email software."

This tag is what "accompanies" genuine emails sent by clients using the "contact us" page . I have reCaptcha enabled

Queries:

  1. Can CC be set to advise me when a new user registers, so that I can act on "fake" registrations more quickly?
  2. Any suggestions on how to better protect the store against such registrations?

 

I'm using CC 6.0.11 on PHP 5.6.40 with MySQL 5.5.5-10.2.33 (MariaDB). Have not wanted to upgrade CC as there have been a few mods.

Thanks

Colin

Link to post
Share on other sites

Thanks for that, Brian. ( I searched on the forum for hacks etc, but not for this thread...) 

I'll create that PHP script and see how we go.

As a matter of interest (maybe not), in reading the thread you pointed to, I noted the comments from others re clients registering with shouted characters. I did a quick check on the clients in my shop. Over all the clients, only just more than 3% register with CAPS. However, that rate has more than double over the past while, for some reason. 

It is interesting about recaptcha being circumvented, though. 

 

thanks again

Link to post
Share on other sites
  • 3 months later...

As well as implementing the file mentioned above can anyone see any issues with using the following select statement to delete existing customers created by the hacker?

SELECT * FROM `CubeCart_customer` WHERE `first_name`=`last_name` and `order_count`=0 and CUSTOMER_ID NOT IN (SELECT CUSTOMER_ID FROM CubeCart_addressbook)

the above should show what will be deleted and should only get accounts with matching first and last name, no orders and no address's registered once happy with that i intend to run as a delete statement.

Link to post
Share on other sites

I am not sure if the database engine knows to interpret the recordset array from CubeCart_addressbook as a comma delimited list.

There may be a database function that will do that, but I've never seen such a thing.

Instead, you may want to DELETE (SELECT * CubeCart_customer LEFT JOIN CubeCart_addressbook) and delete any records where the addressbook portion is null.

(Do not use the above query directly. It is only a vague representation of the correct syntax to use.)

Well, maybe that won't work:

MySQL docs: "You cannot delete from a table and select from the same table in a subquery."

Although this query (from https://dev.mysql.com/doc/refman/8.0/en/delete.html) may work:

To delete rows that exist in t1 that have no match in t2, use a LEFT JOIN:

DELETE t1 FROM t1 LEFT JOIN t2 ON t1.id=t2.id WHERE t2.id IS NULL;

Be sure to include your other WHERE conditionals.

Edited by bsmither
Link to post
Share on other sites
On 12/18/2020 at 10:38 PM, Malvarlin said:

I will give it a spin on my test store over the weekend and see what happens!

OK so I exported all the customer data from my live store and imported it to the test database then ran the query below and it works :)

DELETE FROM `CubeCart_customer` WHERE `first_name`=`last_name` and `order_count`=0 and CUSTOMER_ID NOT IN (SELECT CUSTOMER_ID FROM CubeCart_addressbook)

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...