Announcement

Collapse
No announcement yet.

Someone is creating new fake customers accounts

Collapse
X
Collapse
 
  • Page of 9
  • Filter
  • Time
  • Show
Clear All
new posts
Previous 1 5 6 7 8 9 template Next
  • lesliekirk
    replied
    Originally posted by InvincibleRecordings View Post
    I have a ticket in with Bruce at PhosphorMedia to install his Easy Contact and remove the "Create New Account" page. I will keep you posted on if this fixes the issue. Below is a screen shot of customers being added.
    Does Bruce's module replace the abbreviated Create Account on the login page? I had forgotten about that option in Shadows.

    Question - have you set up the Payment Settings reCAPTCHA? I wonder if there is a way to add it to the Customer Log In page?

    https://docs.miva.com/reference-guid...​​

    Leave a comment:

  • alphabet
    replied
    That looks horrible!

    For posterity, a method to block bad bots through the htaccess file by USER_AGENT or IP:

    Code:
    # block bad bots
RewriteCond %{HTTP_USER_AGENT} (SemrushBot|Screaming|Sogou|Spyfu) [NC,OR]
RewriteCond %{REMOTE_ADDR} ^xxx\.xxx\.xxx\.xxx
RewriteRule ^.* - [F,L]
    Also, many hosts maintain a badbot file and will offer to block them upstream so you may want to check with your host.

    Leave a comment:

  • InvincibleRecordings
    replied
    I have a ticket in with Bruce at PhosphorMedia to install his Easy Contact and remove the "Create New Account" page. I will keep you posted on if this fixes the issue. Below is a screen shot of customers being added.
    Attached Files
    Last edited by InvincibleRecordings; 10-09-19, 05:39 AM.

    Leave a comment:

  • alphabet
    replied
    Code:
              <input type="hidden" name="CSRF_Token" value="&mvte:global:Basket:csrf_token;" />
    Would adding the CSRF token to the form work? And will the CSRF token still work after 9.13 Defer Empty Baskets update?

    Leave a comment:

  • InvincibleRecordings
    replied
    So I guess I am leaning towards using the Phosphor Media Easy Account module if that will really fix the issue. Bruce - is this the golden magic?

    Leave a comment:

  • William Davis
    replied
    Have you been able to identify the culprit yet? If it's a bot, "disallow" from login page on your robots.txt file. This will at the very least accomplish one thing, is it intentional.

    Leave a comment:

  • dreamingdigital
    replied
    You can create a completly blank page in Miva and send the right form post to it and you can make an account, add to cart, etc etc.

    The only way I was able to stop a bot today was though htaccess but that's not going to last forever.

    I see that merchant.mv is in the LSK so in theory one could edit and compile that with some blocking stuff. I see this being a not good idea.... but I don't know what else to do. There are hundreds of thousands of spam customer accounts being created on multiple sites.

    Leave a comment:

  • dreamingdigital
    replied
    Any "Action" that gets sent to a page gets done before the page template runs anyways (most of the time) so, for example, you can add a product to your cart from the OCST page and end up on the OCST page. I don't want to post anymore. Obviously somebody already has something programmed in and is passing it around the 'Net for bots and the like. I'm going to put in programming into the HTML PROFILE SMT code but I think that's still not the best solution. An alternate or modified merchant.mvc would be my best idea - I don't do that kind of programing though.

    Leave a comment:

  • Bruce - PhosphorMedia
    replied
    Not sure I follow what you are saying Colin. Bots are exploiting HTML/HTTP/CGI variables and processes. Most of those processes (at least the ones that matter) are controllable at the SMT level...so, a 'module' wouldn't be required. It might make it simpler, but I don't see how it would be required.

    Leave a comment:

  • dreamingdigital
    replied
    If you know anything about how Miva works the only way to stop a bot would be a module. Front side code on some random page won't work.

    Leave a comment:

  • InvincibleRecordings
    replied
    Anyone able to add reCapture to my site? They started doing it again.

    Leave a comment:

  • Bruce - PhosphorMedia
    replied
    Originally posted by Beefy Nugget View Post
    you could stop that ip address from creating any more accounts. Have a custom customer field that assignes the ip address on the account created page. Then on the creat account page do some code saying if s.remote_addr EQ that IP, dont display any fields for account creation. Even if they have a proxy, it will add another step in the system for them to need to automate or do by hand. Not a final solution but it might help slow the flood
    That's a very interesting technique, but may not work based on how the bot is created, many rotate through IP addresses on each attempt. But this would probably stop 'script kiddy' type efforts as those bots are rarely effective at doing anything other than being annoying.

    Leave a comment:

  • Beefy Nugget
    replied
    you could stop that ip address from creating any more accounts. Have a custom customer field that assignes the ip address on the account created page. Then on the creat account page do some code saying if s.remote_addr EQ that IP, dont display any fields for account creation. Even if they have a proxy, it will add another step in the system for them to need to automate or do by hand. Not a final solution but it might help slow the flood

    Leave a comment:

  • Bruce - PhosphorMedia
    replied
    Its a bot. Add reCapture or some other code to block it from filling out form.

    Leave a comment:

  • InvincibleRecordings
    replied
    Leslie, it could be a bot but seems to program one for Miva Shadows would be hard. Not sure. They are using first names like MsxgKebyfzhV and everything else entered is just as ridiculous.

    Leave a comment:

Previous 1 5 6 7 8 9 template Next
Working...
X