cpierrep Posted August 27, 2020 Share Posted August 27, 2020 Hello all Lately I have had hacker-types register as clients in my CC store (typically with names such as "MxFcgAVH, MXFcgAVH". As I do not get notifications of new user registrations, I'm unaware of these registrations until I log in to the admin panel again, when I just delete them. However, these sorts of registrations have gone hand-in-hand with the sending out of spam from the store address, typically in Russian, but with a tag at the bottom of the emails : "This email is sent from the stores master email address but it is possible to reply directly to the sender using the reply button on your email software." This tag is what "accompanies" genuine emails sent by clients using the "contact us" page . I have reCaptcha enabled Queries: Can CC be set to advise me when a new user registers, so that I can act on "fake" registrations more quickly? Any suggestions on how to better protect the store against such registrations? I'm using CC 6.0.11 on PHP 5.6.40 with MySQL 5.5.5-10.2.33 (MariaDB). Have not wanted to upgrade CC as there have been a few mods. Thanks Colin Link to comment Share on other sites More sharing options...
bsmither Posted August 27, 2020 Share Posted August 27, 2020 This conversation may be of interest: https://forums.cubecart.com/topic/54715-potential-malicous-attack/ Link to comment Share on other sites More sharing options...
cpierrep Posted August 27, 2020 Author Share Posted August 27, 2020 Thanks for that, Brian. ( I searched on the forum for hacks etc, but not for this thread...) I'll create that PHP script and see how we go. As a matter of interest (maybe not), in reading the thread you pointed to, I noted the comments from others re clients registering with shouted characters. I did a quick check on the clients in my shop. Over all the clients, only just more than 3% register with CAPS. However, that rate has more than double over the past while, for some reason. It is interesting about recaptcha being circumvented, though. thanks again Link to comment Share on other sites More sharing options...
cpierrep Posted September 1, 2020 Author Share Posted September 1, 2020 I've edited my ini-custom.inc.php file with the recommended edits, and so far everything seems to work "as advertised". thanks again Link to comment Share on other sites More sharing options...
keat Posted September 1, 2020 Share Posted September 1, 2020 I'm still seeing these, but not as many as i used to, so i just now delete them when they appear. I get maybe 1 per week. Link to comment Share on other sites More sharing options...
Malvarlin Posted December 18, 2020 Share Posted December 18, 2020 As well as implementing the file mentioned above can anyone see any issues with using the following select statement to delete existing customers created by the hacker? SELECT * FROM `CubeCart_customer` WHERE `first_name`=`last_name` and `order_count`=0 and CUSTOMER_ID NOT IN (SELECT CUSTOMER_ID FROM CubeCart_addressbook) the above should show what will be deleted and should only get accounts with matching first and last name, no orders and no address's registered once happy with that i intend to run as a delete statement. Link to comment Share on other sites More sharing options...
bsmither Posted December 18, 2020 Share Posted December 18, 2020 I am not sure if the database engine knows to interpret the recordset array from CubeCart_addressbook as a comma delimited list. There may be a database function that will do that, but I've never seen such a thing. Instead, you may want to DELETE (SELECT * CubeCart_customer LEFT JOIN CubeCart_addressbook) and delete any records where the addressbook portion is null. (Do not use the above query directly. It is only a vague representation of the correct syntax to use.) Well, maybe that won't work: MySQL docs: "You cannot delete from a table and select from the same table in a subquery." Although this query (from https://dev.mysql.com/doc/refman/8.0/en/delete.html) may work: To delete rows that exist in t1 that have no match in t2, use a LEFT JOIN: DELETE t1 FROM t1 LEFT JOIN t2 ON t1.id=t2.id WHERE t2.id IS NULL; Be sure to include your other WHERE conditionals. Link to comment Share on other sites More sharing options...
Malvarlin Posted December 18, 2020 Share Posted December 18, 2020 I will give it a spin on my test store over the weekend and see what happens! Link to comment Share on other sites More sharing options...
Malvarlin Posted December 20, 2020 Share Posted December 20, 2020 On 12/18/2020 at 10:38 PM, Malvarlin said: I will give it a spin on my test store over the weekend and see what happens! OK so I exported all the customer data from my live store and imported it to the test database then ran the query below and it works DELETE FROM `CubeCart_customer` WHERE `first_name`=`last_name` and `order_count`=0 and CUSTOMER_ID NOT IN (SELECT CUSTOMER_ID FROM CubeCart_addressbook) Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.