Post by jorem » Thu Jul 22, 2021 3:42 am

Getting tons of fake /spam customers. None makes any purchase. They just show up in admin as customers. How can I stop this?
Last edited by jorem on Fri Jul 23, 2021 2:55 pm, edited 1 time in total.

Danne
----------------------------
https://proformica.com


Active Member

Posts

Joined
Thu Oct 07, 2010 9:42 pm

Post by jorem » Thu Jul 22, 2021 4:53 am

After I posted this thread, about 100 new "customers" have registered. Like in about an hour. I have the "Basic captcha" enabled.

Danne
----------------------------
https://proformica.com


Active Member

Posts

Joined
Thu Oct 07, 2010 9:42 pm

Post by fegdeed » Thu Jul 22, 2021 7:27 am

I would recommend you to use google recaptcha instead of the default basic captcha or try one of the advanced captchas or spam preventing extensions from the marketplace.

Image
Get a secure, fast, and reliable web hosting service from https://turnuphosting.com.


Active Member

Posts

Joined
Fri Sep 21, 2018 12:01 am

Post by paulfeakins » Thu Jul 22, 2021 5:46 pm

fegdeed wrote:
Thu Jul 22, 2021 7:27 am
I would recommend you to use google recaptcha instead of the default basic captcha or try one of the advanced captchas or spam preventing extensions from the marketplace.
Try this: https://www.opencart.com/index.php?rout ... n_id=36312

UK OpenCart Hosting | OpenCart Audits | OpenCart Support - please email info@antropy.co.uk


User avatar
Guru Member
Online

Posts

Joined
Mon Aug 22, 2011 11:01 pm
Location - London Gatwick, United Kingdom

Post by JNeuhoff » Thu Jul 22, 2021 6:55 pm

Our SpamBot Buster will reliably prevent fake customer registrations originating from spambots. It uses an invisible honeypot trap field on the registration and contact forms, and also distinguishes between a genuine human user and a spambot by checking for required keyboard/mouse/touch events.

Export/Import Tool * SpamBot Buster * Unused Images Manager * Instant Option Price Calculator * Number Option * Google Tag Manager * Survey Plus * OpenTwig


User avatar
Guru Member

Posts

Joined
Wed Dec 05, 2007 3:38 am


Post by EvolveWebHosting » Thu Jul 22, 2021 10:08 pm

I would start with Google reCaptch as others have mentioned. Often overlooked is an effective firewall to stop this and more.

2 Week FREE Trial of our Shared Hosting plans (DIrectAdmin or cPanel) for new customers
2 Week FREE Trial of Astra Firewall and Malware Scanner
Visit our website for full details and to start your trial today - www.evolvewebhost.com


User avatar
Active Member

Posts

Joined
Fri Mar 27, 2015 11:13 pm
Location - Denver, Colorado, USA

Post by jorem » Fri Jul 23, 2021 2:54 pm

Thanks for suggestions!

Well, thing is that I have arranged so that normal, physical customers/guests can't access/open/view any account registration forms at all. It's only people who actually make purchases that should en up as customers in admin. So, these guys or bots or whatever they are have obviously found a way to circumvent that and can open registration pages despite that they're hidden.

But I solved it, and if anyone else will face same issue, here's what I did:

1. Open customer list in admin.
2. Find a spam customer and click "Edit"
3. Click tab "IP Adresses"
4. Copy the IP address that shows up and save it somewhere for later use. Click the number under "Total accounts" and all fake customers with this IP will show up.
5. Delete them.
6. Repeat until all fake customers are erased.
7. Then use FTP or any other way to access the .htaccess file in the site root. Open it in a text editor and add "Deny from" anywhere as a new line. Then paste one of the IP addresses you have saved after, like e.g. "Deny from XX.XXX.XX.XX". The repeat with all IP addresses you've saved. One line for each IP and each line begninning "Deny from".

Thus, the spammers/bots are blocked from entering your site.

As an extra precaution, I added a list of all IP addresses from Russia. You can deny or allow IP addresses from any country using this: https://www.countryipblocks.net/acl.php

Danne
----------------------------
https://proformica.com


Active Member

Posts

Joined
Thu Oct 07, 2010 9:42 pm

Post by EvolveWebHosting » Fri Jul 23, 2021 8:56 pm

jorem wrote:
Fri Jul 23, 2021 2:54 pm
Thanks for suggestions!

Well, thing is that I have arranged so that normal, physical customers/guests can't access/open/view any account registration forms at all. It's only people who actually make purchases that should en up as customers in admin. So, these guys or bots or whatever they are have obviously found a way to circumvent that and can open registration pages despite that they're hidden.

But I solved it, and if anyone else will face same issue, here's what I did:

1. Open customer list in admin.
2. Find a spam customer and click "Edit"
3. Click tab "IP Adresses"
4. Copy the IP address that shows up and save it somewhere for later use. Click the number under "Total accounts" and all fake customers with this IP will show up.
5. Delete them.
6. Repeat until all fake customers are erased.
7. Then use FTP or any other way to access the .htaccess file in the site root. Open it in a text editor and add "Deny from" anywhere as a new line. Then paste one of the IP addresses you have saved after, like e.g. "Deny from XX.XXX.XX.XX". The repeat with all IP addresses you've saved. One line for each IP and each line begninning "Deny from".

Thus, the spammers/bots are blocked from entering your site.

As an extra precaution, I added a list of all IP addresses from Russia. You can deny or allow IP addresses from any country using this: https://www.countryipblocks.net/acl.php
This will work. I do think you'll be doing this often as IP addresses change. Attackers are very sophisticated.

2 Week FREE Trial of our Shared Hosting plans (DIrectAdmin or cPanel) for new customers
2 Week FREE Trial of Astra Firewall and Malware Scanner
Visit our website for full details and to start your trial today - www.evolvewebhost.com


User avatar
Active Member

Posts

Joined
Fri Mar 27, 2015 11:13 pm
Location - Denver, Colorado, USA

Post by Loady » Tue Aug 03, 2021 4:04 pm

I just followed these instructions, when i click on a suspected fake account and then click the 'total accounts' number, the ip address does show up several times but it is alongside with genuine customers that i have sold and spoken with personally....i dont want to be deleting them

Active Member

Posts

Joined
Sun Oct 07, 2018 10:47 pm

Post by jorem » Tue Aug 03, 2021 4:14 pm

Loady wrote:
Tue Aug 03, 2021 4:04 pm
I just followed these instructions, when i click on a suspected fake account and then click the 'total accounts' number, the ip address does show up several times but it is alongside with genuine customers that i have sold and spoken with personally....i dont want to be deleting them
So, several individual customers have identical IP address? Sounds weird. For fun, copy that address, Google for "whois" and check where it's coming from. Perhaps it's that OC has some setting where to enable or disable customers IP and just adding some default IP from e.g. your server. Just guessing....

Danne
----------------------------
https://proformica.com


Active Member

Posts

Joined
Thu Oct 07, 2010 9:42 pm

Post by JNeuhoff » Tue Aug 03, 2021 4:50 pm

Loady wrote:
Tue Aug 03, 2021 4:04 pm
I just followed these instructions, when i click on a suspected fake account and then click the 'total accounts' number, the ip address does show up several times but it is alongside with genuine customers that i have sold and spoken with personally....i dont want to be deleting them
This is typically caused by spambots fake account registrations. That's why we block spambots with our SpamBot Buster tool. Some spambots don't take no for an answer, they may occasionally try hundreds of times, in vain of course, to do fake account registrations, coming from the same IP-address. In these cases we also block access to certain IP-addresses, even for other pages.

Export/Import Tool * SpamBot Buster * Unused Images Manager * Instant Option Price Calculator * Number Option * Google Tag Manager * Survey Plus * OpenTwig


User avatar
Guru Member

Posts

Joined
Wed Dec 05, 2007 3:38 am


Post by Loady » Wed Aug 04, 2021 4:36 pm

JNeuhoff wrote:
Tue Aug 03, 2021 4:50 pm
Loady wrote:
Tue Aug 03, 2021 4:04 pm
I just followed these instructions, when i click on a suspected fake account and then click the 'total accounts' number, the ip address does show up several times but it is alongside with genuine customers that i have sold and spoken with personally....i dont want to be deleting them
This is typically caused by spambots fake account registrations. That's why we block spambots with our SpamBot Buster tool. Some spambots don't take no for an answer, they may occasionally try hundreds of times, in vain of course, to do fake account registrations, coming from the same IP-address. In these cases we also block access to certain IP-addresses, even for other pages.
Just looked at one of the IP's that had 32 accounts associated to it, just realised its MY ip address and the accounts are genuine customers, how would that work if your spambuster is going to block that IP address... i also wonder if this is contributary to another problem i have where there is no transaction/order history available for customers or me to see

Active Member

Posts

Joined
Sun Oct 07, 2018 10:47 pm

Post by jorem » Wed Aug 04, 2021 5:16 pm

Loady wrote:
Wed Aug 04, 2021 4:36 pm
Just looked at one of the IP's that had 32 accounts associated to it, just realised its MY ip address and the accounts are genuine customers, how would that work if your spambuster is going to block that IP address... i also wonder if this is contributary to another problem i have where there is no transaction/order history available for customers or me to see
Ouch. My previous guess was pretty accurate then. Have no idea why this would happen though. But check all settings to make sure it's nothing there that makes this happen. Perhaps if you've edited these customer settings yourself and then saved, maybe OC is replacing the original IP with yours?

And do create your own thread with a subject saying something like "OC changes customer IP to my own" to get better attention....

Good luck.

Danne
----------------------------
https://proformica.com


Active Member

Posts

Joined
Thu Oct 07, 2010 9:42 pm

Post by JNeuhoff » Wed Aug 04, 2021 7:39 pm

Just looked at one of the IP's that had 32 accounts associated to it, just realised its MY ip address and the accounts are genuine customers, how would that work if your spambuster is going to block that IP address...
Perhaps you edited these customer details, or logged into their accounts from the admin backend, in which case your IP-address would become associated with theses customers. You can also check your server's access log, to see the original IP-address used by the spambots.

With regards to blocking IP-addresses: I usually block the IP-address of a spambot for the online session only. The important point is to block fake account registrations, or spam messages, which our tool does quite effectively.

Export/Import Tool * SpamBot Buster * Unused Images Manager * Instant Option Price Calculator * Number Option * Google Tag Manager * Survey Plus * OpenTwig


User avatar
Guru Member

Posts

Joined
Wed Dec 05, 2007 3:38 am

Who is online

Users browsing this forum: alanjones and 80 guests