Fake customers registering to the website.....!!!

This topic was automatically closed 365 days after the last reply. New replies are no longer allowed.
10 years ago
kakoli wrote:
Yes followed your steps to create honeypot method, but there seems to have no effect, on that post I have asked you you is there a way to find out honeypot is implemented successfully? And waiting for your reply...

Do we have any solution :(

email validation, admin approval, recaptcha, honypot all have failed, i am receiving some 200 fake registration everyday again and numbers growing ,.. somebody please help..


You can IP Block the offenders :)
http://tech.sunnyw.net/search/label/NopCommerce
0
10 years ago
Ip blocking doesnt work well since they use different IPs for every account typically.
0
9 years ago
grippy wrote:
ahh there we go it was in a table called GenericAttribute under Value = 'google'

Thanks for the help now I can link these and delete them.


I am currently running version 3.40 of nopcommerce, and have recently started getting very many bogus customer accounts created, along with bogus forum posts and/or product reviews. I only work with the no-source-version, so the honeypot solution is not available to me. I have re-captcha enabled on the forms, but the bot is able to get past it.

I would also like to be able to schedule and execute a delete script which finds all customers with telephone (123456) and company (google). To be thorough, the script would also need to delete any associated address records, product reviews, blog comments, and forum posts.

The table joins are proving to be fairly complicated. Can you share your working script with us?


Thanks,
Steve
An upvote on a helpful post means "thank you" in every language. I believe in this community. For every question I ask, I try to answer at least five others.
0
9 years ago
mbramon wrote:
Hi all,

This is a nightmare! I am experiencing the same problem with fake Google accounts for a while and I cannot find a solution to prevent the registration.

Everyday I receive more than 50 new fake customers with a telephone number: 123456 and company = google. I have enabled reCaptcha for customer registration form but I am still receiving new fake inserts. Captcha just reduced the amount of requests but did not solve the problem. I checked online my site and the registration do not proceed with an incorrect captcha so, the spam bot must bypass this security...

How can I stop this?

Thanks for the help!

Did you ever find a solution?
An upvote on a helpful post means "thank you" in every language. I believe in this community. For every question I ask, I try to answer at least five others.
0
9 years ago
This is an update:

The fake registered customer accounts(google/123456) continued to occur with re-captcha enabled, so I implemented a plugin (http://www.foxnetsoft.com/nopbannedipaddress) and manually added all of the IP addresses that the bot has used over the past few weeks to my banlist (about 50).

I am happy to say that they have finally ceased!

I'd be happy to share my bot IP banlist with anyone else looking to implement this solution.

Steve
An upvote on a helpful post means "thank you" in every language. I believe in this community. For every question I ask, I try to answer at least five others.
1
9 years ago
embryo wrote:
ahh there we go it was in a table called GenericAttribute under Value = 'google'

Thanks for the help now I can link these and delete them.

I am currently running version 3.40 of nopcommerce, and have recently started getting very many bogus customer accounts created, along with bogus forum posts and/or product reviews. I only work with the no-source-version, so the honeypot solution is not available to me. I have re-captcha enabled on the forms, but the bot is able to get past it.

I would also like to be able to schedule and execute a delete script which finds all customers with telephone (123456) and company (google). To be thorough, the script would also need to delete any associated address records, product reviews, blog comments, and forum posts.

The table joins are proving to be fairly complicated. Can you share your working script with us?


Thanks,
Steve


My server crashed but once I get access to the hard drive I will post the SQL script I used and then you can just set it up on a daily DTS package in SQL Server and never have to worry about it again.
0
9 years ago
grippy wrote:


My server crashed but once I get access to the hard drive I will post the SQL script I used and then you can just set it up on a daily DTS package in SQL Server and never have to worry about it again.


I learned that version 3.50 has improved upon the delete guests function by making it into a stored procedure. I now have that SProc, and plan to do just that. Thanks.

Steve
An upvote on a helpful post means "thank you" in every language. I believe in this community. For every question I ask, I try to answer at least five others.
0
6 years ago
I found blocking Russian Federation via the web config helped. Please see following link: https://www.ip2location.com/blockvisitorsbycountry.aspx
0
This topic was automatically closed 365 days after the last reply. New replies are no longer allowed.