Announcement

Collapse
No announcement yet.

10-20 fake customers registering per day

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • 10-20 fake customers registering per day

    Has anyone else seen this? Our site isn't live yet, but for MONTHS now we have been getting thousands of fake customers registering. About 10-20 per day, on average. They all look like this:


    Email: [email protected]
    Password:

    Contact Information
    assorrunc assorrunc
    Freising Freising
    Freising, foo. 123456 foo

    Company: google
    Tax id: PAIN OF CA

    The name and address are always gibberish. The one constant is that the company is always "google".

    Is anyone else seeing this, and has anyone found a way to stop it? So far they haven't placed any orders, which seems odd.

  • #2
    One thing you might want to take a look at is CloudFlare;

    http://forums.3dcart.com/general-con...loudflare.html

    I've just started using it, but it's ability to recognize threats / junk and deal with them on an ongoing basis is very impressive.

    Easy to set up & saves quite a bit of bandwith.

    Comment


    • #3
      Yeah, cloudflare is something I am interested in. This leads me to another question..


      Should it be possible to start using cloudflare now, before I am ready to go live? Right now the URL of the site is beta.aebike.com, then when I go live I am going to switch it over to www.aebike.com and redirecting traffic from my existing site.

      I'd like to get as many things set up as possible before the transition, but CloudFlare seems like it'd be tricky to do, especially with SSL stuff.

      Comment


      • #4
        I'd drop them an email. [email protected]
        I found them quite helpful...and quick. Very easy to set up.

        Damon was the individual I was dealing with.

        Comment


        • #5
          Am I the only one with this problem? It seems like they would be attacking all 3DCart sites, not just mine.
          Adding cloudflare helped a little. Reduced the volume by maybe 25%, but I am still getting 10-20 bogus costumer registrations per day and my site isn't even live yet. None of them have attempted to place an order.

          Can anyone think of any additional level of security I could add to my account registration page?

          Comment


          • #6
            Originally posted by cbsteven View Post
            Am I the only one with this problem? It seems like they would be attacking all 3DCart sites, not just mine.
            Adding cloudflare helped a little. Reduced the volume by maybe 25%, but I am still getting 10-20 bogus costumer registrations per day and my site isn't even live yet. None of them have attempted to place an order.

            Can anyone think of any additional level of security I could add to my account registration page?
            You might need to start using the dreadful captcha to create new accounts in this case... It sounds like a bad idea but at least you should be able to tell if the account is created by a bot or an actual human
            Andres

            Comment


            • #7
              I havent seen this issue but have a different "problem". I found a golf site yesterday that is registered to Gil at3D Cart that is an exact duplicate of my site. When I bring that site up, it shows my 3d site that isnt even luive yet and is closed and set to redirect to my current site. Its even in google and is pointing to and bringing up my site under the golf sites url. Anyone know why? This is going to hurt me due to duplicate content.

              Comment


              • #8
                Originally posted by andres.choi View Post
                You might need to start using the dreadful captcha to create new accounts in this case... It sounds like a bad idea but at least you should be able to tell if the account is created by a bot or an actual human
                The sad thing is that I DO use the captcha. I expect that maybe 3DC's default captcha is too easy to get around. I really wish I could implement reCaptcha.

                Here is my registration page: http://beta.aebike.com/register.asp

                Comment


                • #9
                  Do you have your registration set to be auto-approved? If not, maybe try changing your settings to have customer registration require approval just ot see if that would stop it?

                  We don't have this problem, but we have other similar issues. Our biggest problem is with text boxes on our product pages. We have text areas for customers to enter gift messages with their gift wrap, and some products also have engraving text areas. We get not completed orders that have filled in those text areas with weird spam messages or gibberish. Some days we get one or two, and other days we get over a hundred (along with a giant bandwidth spike for added fun.) or more. The only way we have been able to stop that is to remove all text areas and make those part of the checkout process, but that disturbs our checkout flow so we keep changing it back. Very frustrating.
                  Laura Z
                  Brass & Silver Traditions
                  www.brassandsilvertraditions.com

                  Comment


                  • #10
                    Originally posted by brassandsilver View Post
                    Do you have your registration set to be auto-approved? If not, maybe try changing your settings to have customer registration require approval just ot see if that would stop it?
                    As far as I know, customer registration is always auto-approved, as per this thread:
                    http://forums.3dcart.com/general-con...strations.html

                    Comment


                    • #11
                      That is true if you don't assign your customers to groups. If you have the registration set up as groups, you can make those registrations require approval. We use that for our different price levels, while regular retail customers are all automatic. Just to see if this would stop your problem, though, if I were you I would try making a price level group that encompasses everyone, and then uncheck the auto-approve box for the group. That way everyone attempting to register is part of that group, which you then have to approve before it is finalized. I don't know if it would help, but it might be worth a shot.
                      Laura Z
                      Brass & Silver Traditions
                      www.brassandsilvertraditions.com

                      Comment


                      • #12
                        So this is weird.. since no one else reported having a similar problem, I wondered if it was related to my actual registration page.

                        on 3/10 i changed the registration page back to the 3DCart default.

                        Fake registrations dropped to 0 immediately and have remained that way since I did it, 6 days ago.


                        I changed the page back to my customer page today, you can view it at
                        http://beta.aebike.com/register.asp

                        Anyone have any ideas why this page would be more prone to spam signups than the default? As far as I can tell the CAPTCHA is implemented as it should be.

                        Comment


                        • #13
                          Hmmm. That is truly odd. It all looks as it should to me. Have you figured out anything more about this? Have the fake registrations resumed now that you switched back?
                          Laura Z
                          Brass & Silver Traditions
                          www.brassandsilvertraditions.com

                          Comment


                          • #14
                            I haven't been able to do much digging as I was out of town over the weekend, but the fake registrations returned immediately after switching back to my custom page.

                            I will run some tests this week and see if I can narrow down the issue.

                            Comment

                            Working...
                            X