Urgent !!! Regarding fake customers registration

New York wrote:

i was actually able to follow this, and get captcha set up on our site. http://mikesoffroad.com

i just set it up so we'll see if the number of bogus registrations is reduced. man, i can only hope! it's out of control!

Thank you guys for all the info.

(fyi - i'm using (for now) nopCommerce 2.2)

I have an active blacklist at my edge device. It just tarpits the traffic (Mikrotik).

It is mind boggling that this many bots are out there running this crap.

Here are the offending networks all with same request characteristics (note in many cases I just block the whole subnet):

ACTIVE ATTEMPTS
180.76.5.0/24
184.154.100.0/24
205.234.175.175
208.115.113.91
216.152.252.0/24
218.93.127.0/24
222.187.222.0/24

PAST ATTEMPTS
83.21.210.0/24
91.201.64.0/24
91.207.4.0/24
91.207.8.0/24
91.236.74.0/24
93.182.185.0/24
94.142.128.140
103.21.208.0/24
113.87.50.103
113.212.68.0/24
113.212.69.0/24
113.212.70.75
116.25.64.0/24
117.26.79.0/24
117.120.2.100
119.147.146.118
125.78.241.21
142.0.44.147
142.4.117.0/24
173.44.37.0/24
175.42.82.225
180.76.5.195
180.76.6.223
180.153.214.0/24
184.22.66.0/24
192.74.228.10
218.6.8.7
218.6.15.0/24

Consider using rewrite rules

Good to know thank you.

Looks like more effort though and touching web.config would restart the app causing delays. It amazes me that there is actual profit to be made by the activities of these spammers.

Mikrotik takes moments to update albeit I'd prefer to spend no time on this.  Email verification is now in place and none of these robots have completed a registration. Still I continue to block the malicious hosts. Who knows what attacks will come next...

so, based on this blacklist post and what not is that to imply that captcha on the registration page does not work to curb the bogus registrations?

and how does one set up a black list?? (not a heavy programmer)

The blacklist is not so much a solution but informational.

It also helps to show the scope of what many of us seem to be dealing with. It is crazy. Seems there's a new host every few days.

That said I am in the same boat but have at least slowed the process.  What I can say again is that since email verification has been enabled there have been no successful verifications from these spammers or posts.

mspinale wrote:

would you mind clarifying this? you're saying turning on the verification didn't let people register? or that spammers can't?

I went to Configuration > Settings > Customer Settings and changed Registration Method (drop down list) to Email Validation.  I also check the box "Notify about new customer registration".  

The registrations still occur but since enabling this no accounts have been successfully verified by these people.

As a matter of process I review the attempted registrations and look for the usual patterns (e.g. Google, pwd 123456, etc) and then check for registration status and any activity. The IP address is then compared against my list before deleting the incomplete registration.

I hope this helps!

Did you tried honeypot technique suggested by joebloe.? We've implemented same and it fixes fake customers registration. Let me know if you want more information on how to implement the same.

mspinale wrote:

so, in this post is there a valid representation of the code that needs to go into the web.config to block ip's? bc i saw one that said, "it won't allow anyone to view or register that isn't from the following ip addresses"

we're getting like 50 a day. and it's just drivin' us crazy. i'm willing to try any and everything.