Announcement

**Kent Multer** · 10-02-19, 09:51 PM

I wonder why someone would do this? Are you seeing any attempts to check out with these bogus accounts? Maybe some crook is trying to check the validity of stolen credit-card numbers.

**oliverands** · 10-02-19, 11:51 PM

It's not a quick and simple fix, but you can remove the ability to create a new account from your site by pulling that code from any page template where it occurs and then installing the Phosphor Media Easy Account module, which allows automatic creation of account at the end of the purchase process. No new accounts created unless there is a purchase first. Added bonus is that it creates a more friendly checkout experience, IMHO.

**lesliekirk** · 10-03-19, 03:33 AM

Originally posted by InvincibleRecordings View Post

Someone is creating new fake customers accounts over and over again. I am using the Shadows Theme - Anyway to stop this? Thanks

Would adding reCaptcha help? If it's a bot, perhaps?

**InvincibleRecordings** · 10-03-19, 03:39 AM

Kent to answer your question they are not even entering many of the address lines, and what they do enter is all nonsense so it seems they are simply malicious. This could lead to a lot of data to remove at some point but maybe its no big deal and easy to do?. Oliverands - that Phosphor Media Easy Account seems like it could work. Wish is did not have the yearly fee (it is small - 20 bucks) though and having to change the basic Shadows workings is not a plus for me - makes the programming a lot more confusing going forward for hired programmers. I am not very good at programming and having things pretty stock does make things clearer.

**InvincibleRecordings** · 10-03-19, 03:44 AM

Leslie, it could be a bot but seems to program one for Miva Shadows would be hard. Not sure. They are using first names like MsxgKebyfzhV and everything else entered is just as ridiculous.

**Bruce - PhosphorMedia** · 10-03-19, 08:25 AM

Its a bot. Add reCapture or some other code to block it from filling out form.

**Beefy Nugget** · 10-03-19, 09:09 AM

you could stop that ip address from creating any more accounts. Have a custom customer field that assignes the ip address on the account created page. Then on the creat account page do some code saying if s.remote_addr EQ that IP, dont display any fields for account creation. Even if they have a proxy, it will add another step in the system for them to need to automate or do by hand. Not a final solution but it might help slow the flood

**Bruce - PhosphorMedia** · 10-03-19, 09:40 AM

Originally posted by Beefy Nugget View Post

you could stop that ip address from creating any more accounts. Have a custom customer field that assignes the ip address on the account created page. Then on the creat account page do some code saying if s.remote_addr EQ that IP, dont display any fields for account creation. Even if they have a proxy, it will add another step in the system for them to need to automate or do by hand. Not a final solution but it might help slow the flood

That's a very interesting technique, but may not work based on how the bot is created, many rotate through IP addresses on each attempt. But this would probably stop 'script kiddy' type efforts as those bots are rarely effective at doing anything other than being annoying.

**InvincibleRecordings** · 10-04-19, 07:18 AM

Anyone able to add reCapture to my site? They started doing it again.

**dreamingdigital** · 10-05-19, 09:17 AM

If you know anything about how Miva works the only way to stop a bot would be a module. Front side code on some random page won't work.

**Bruce - PhosphorMedia** · 10-05-19, 09:39 AM

Not sure I follow what you are saying Colin. Bots are exploiting HTML/HTTP/CGI variables and processes. Most of those processes (at least the ones that matter) are controllable at the SMT level...so, a 'module' wouldn't be required. It might make it simpler, but I don't see how it would be required.

**dreamingdigital** · 10-07-19, 11:16 AM

Any "Action" that gets sent to a page gets done before the page template runs anyways (most of the time) so, for example, you can add a product to your cart from the OCST page and end up on the OCST page. I don't want to post anymore. Obviously somebody already has something programmed in and is passing it around the 'Net for bots and the like. I'm going to put in programming into the HTML PROFILE SMT code but I think that's still not the best solution. An alternate or modified merchant.mvc would be my best idea - I don't do that kind of programing though.

**dreamingdigital** · 10-07-19, 02:15 PM

You can create a completly blank page in Miva and send the right form post to it and you can make an account, add to cart, etc etc.

The only way I was able to stop a bot today was though htaccess but that's not going to last forever.

I see that merchant.mv is in the LSK so in theory one could edit and compile that with some blocking stuff. I see this being a not good idea.... but I don't know what else to do. There are hundreds of thousands of spam customer accounts being created on multiple sites.

**William Davis** · 10-08-19, 06:04 AM

Have you been able to identify the culprit yet? If it's a bot, "disallow" from login page on your robots.txt file. This will at the very least accomplish one thing, is it intentional.

Announcement

Someone is creating new fake customers accounts

Someone is creating new fake customers accounts

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment