Post by CJC » Thu Mar 11, 2021 9:47 pm

We've been getting a bunch of these New Customers lately. It's obviously some kind of spam, but I can't figure out what they're trying to accomplish. They'll register with these fake names/emails but then never try to sign in again. The registrations always follow the same format with the last name being similar to the first with a few extra characters and its always a yandex email address. They'll also register from the same IP two days in a row with different names. Any ideas why they're doing this? Right now its not too annoying as its only a handful a week.

Code: Select all

A new customer has signed up:

First Name: sumochkimlCuh
Last Name: sumochkimlCuhYW
Customer Group: Default
E-Mail: sumochkiml@yandex.com
Telephone: 85512436296

CJC
Active Member

Posts

Joined
Wed Jun 03, 2020 5:51 am

Post by Johnathan » Thu Mar 11, 2021 10:35 pm

This is becoming a common problem in OpenCart installations, but no one knows the purpose of it. To prevent it, most people put a captcha on their registration, so that it blocks bots.

OpenCart 3.0 allows you to do this without any extensions, you would just need to set up a captcha extension (in Extensions > Captchas) and then assign that captcha to the registration page, in System > Settings (it's at the bottom of the Option tab). You choose the captcha there, and which pages it will show up on.

OpenCart has a basic captcha and Google reCAPTCHA v2 built-in, but if you want something that may block bots without customers having to fill something in, I have a Google reCAPTCHA v3 extension. That determines a score for the customer between 0.0 (human) and 1.0 (bot), and you can set thresholds on which score values to block (e.g. everything above 0.7). It also has a fallback to reCAPTCHA v2 if you still want to let someone that fails the v3 captcha try to pass the v2 captcha.

Feel free to take a look at the screenshots and demo site, and if you're interested let me know at www.getclearthinking.com/contact if you have any further questions.

Image Image Image Image Image


User avatar
Administrator

Posts

Joined
Fri Dec 18, 2009 3:08 am


Post by by mona » Thu Mar 11, 2021 10:37 pm

There is captcha - recaptcha and I believe Paul has a hidden one that is good, but I can not find it - maybe someone else can find it.
and Jonathan’s will be good - sorry I forgot about yours :drunk: .
Marketplace - https://www.opencart.com/index.php?rout ... nti%20spam

If it is a specific annoying ip you can block it with htaccess - but that becomes a relentless mission - it also encourages these types of annoying people

Any ideas why they're doing this?
Unfortunately too many people have time on their hands to do and create things to annoy others.
What ever is created, someone will always be a smart arse and get around it - it is what these people live for - It would kill them to use their skills to do good in the world - they are anti-establishment out of some feeling of it being cool - I would blame it on immaturity but some of these people are too old to have that excuse.

DISCLAIMER:
You should not modify core files .. if you would like to donate a cup of coffee I will write it in a modification for you.


https://www.youtube.com/watch?v=zXIxDoCRc84


User avatar
Expert Member

Posts

Joined
Mon Jun 10, 2019 9:31 am

Post by CJC » Thu Mar 11, 2021 11:09 pm

Thanks for the followup. We actually already have the reCAPTCHA turned on for the registration and we also have the Terms and Conditions required for that page as well. So it would seem like a human is actually spending the time to create these fake registrations. Not sure if the silent method would change anything.

Johnathan wrote:
Thu Mar 11, 2021 10:35 pm
This is becoming a common problem in OpenCart installations, but no one knows the purpose of it. To prevent it, most people put a captcha on their registration, so that it blocks bots.

OpenCart 3.0 allows you to do this without any extensions, you would just need to set up a captcha extension (in Extensions > Captchas) and then assign that captcha to the registration page, in System > Settings (it's at the bottom of the Option tab). You choose the captcha there, and which pages it will show up on.

OpenCart has a basic captcha and Google reCAPTCHA v2 built-in, but if you want something that may block bots without customers having to fill something in, I have a Google reCAPTCHA v3 extension. That determines a score for the customer between 0.0 (human) and 1.0 (bot), and you can set thresholds on which score values to block (e.g. everything above 0.7). It also has a fallback to reCAPTCHA v2 if you still want to let someone that fails the v3 captcha try to pass the v2 captcha.

Feel free to take a look at the screenshots and demo site, and if you're interested let me know at www.getclearthinking.com/contact if you have any further questions.

CJC
Active Member

Posts

Joined
Wed Jun 03, 2020 5:51 am

Post by mikeinterserv » Thu Mar 11, 2021 11:10 pm

95% of this particular effort come from IPs starting with 45
Check your logs and the customer ID in database and you will se 45.*.* etc
Seriously I block all those IP addresses for a long time now with no problems for normal users.

This is not for everyone by any means but the reduction in bots and spam form fillers etc drops massively.
This will block the ENTIRE 45 range - for most UK, US or EU business that DOES NOT want business etc from russia or some eastern european countries.

I have in htaccess

Code: Select all

<RequireAll>
Require all granted
Require not ip 45.1.1.1/8
Require not ip 37.57.1.1/16
</RequireAll>
Some might not agree with this method but it works for me.
No good doing this if you do business with russia or east europe :-)

In the UK I scanned 7 customer databases with a combined total of over 50,000 customers - there was not 1 IP address that started with 45
So it is pretty safe to use in the UK

Active Member

Posts

Joined
Thu May 28, 2020 6:55 am
Location - Wales

Post by CJC » Fri Mar 12, 2021 2:05 am

I had already deleted those users, so I don't recall their IPs. But next time I'll take a look and certainly have no problem banning anything from Russia.
mikeinterserv wrote:
Thu Mar 11, 2021 11:10 pm
95% of this particular effort come from IPs starting with 45
Check your logs and the customer ID in database and you will se 45.*.* etc
Seriously I block all those IP addresses for a long time now with no problems for normal users.

This is not for everyone by any means but the reduction in bots and spam form fillers etc drops massively.
This will block the ENTIRE 45 range - for most UK, US or EU business that DOES NOT want business etc from russia or some eastern european countries.

I have in htaccess

Code: Select all

<RequireAll>
Require all granted
Require not ip 45.1.1.1/8
Require not ip 37.57.1.1/16
</RequireAll>
Some might not agree with this method but it works for me.
No good doing this if you do business with russia or east europe :-)

In the UK I scanned 7 customer databases with a combined total of over 50,000 customers - there was not 1 IP address that started with 45
So it is pretty safe to use in the UK

CJC
Active Member

Posts

Joined
Wed Jun 03, 2020 5:51 am

Post by by mona » Fri Mar 12, 2021 2:08 am

yandex is russian ..

DISCLAIMER:
You should not modify core files .. if you would like to donate a cup of coffee I will write it in a modification for you.


https://www.youtube.com/watch?v=zXIxDoCRc84


User avatar
Expert Member

Posts

Joined
Mon Jun 10, 2019 9:31 am

Post by mikeinterserv » Fri Mar 12, 2021 2:10 am

there was not 1 IP address that started with 45
By that I mean no legitimate customers are likely to be affected.
The check was made before blocking the ips.

Active Member

Posts

Joined
Thu May 28, 2020 6:55 am
Location - Wales

Post by kirkhall » Fri Mar 12, 2021 8:29 am

We were using just captcha on our registration and contact page for about 7 years and had no issues. Suddenly this year we started getting contact emails from our contact page with crazy PRON phrases sent to us. Like you we did not understand what they were trying to accomplish so we just deleted them and moved on.

Then one day we discovered that we could not send emails using the email address that receives the messages from our contact and registration page. Whoever was doing this was registering accounts using legit email addresses which would cause the recipient to flag the registration email that they received as spam. Eventually enough people flagged it as spam and that email address was added to a few naughty lists and became unusable for a day or so. It only took about 24 hours for me to get it unlisted after sending only 1 email. It was weird as we could still send from other @ourdomain email addresses so it was still just an annoyance but it wasn't a huge deal.

I can't imagine what they hope to accomplish and I hope I never find out.

Active Member

Posts

Joined
Thu May 22, 2014 11:31 am

Post by JNeuhoff » Fri Mar 12, 2021 6:27 pm

You may want to use our SpamBot Buster extension to prevent those fake customer registrations originating from Russian spambots. Our tool detects and then rejects theme, using an invisible honeypot trap field, and by checking for required mouse/touch/keyboard events.

Export/Import Tool * SpamBot Buster * Unused Images Manager * Instant Option Price Calculator * Number Option * Google Tag Manager * Survey Plus * OpenTwig


User avatar
Guru Member

Posts

Joined
Wed Dec 05, 2007 3:38 am


Post by paulfeakins » Fri Mar 12, 2021 7:46 pm

by mona wrote:
Thu Mar 11, 2021 10:37 pm
There is captcha - recaptcha and I believe Paul has a hidden one that is good, but I can not find it - maybe someone else can find it.
Thanks very much mona, here it is!
https://www.opencart.com/index.php?rout ... n_id=36312

UK OpenCart Hosting | OpenCart Audits | OpenCart Support - please email info@antropy.co.uk


User avatar
Guru Member
Online

Posts

Joined
Mon Aug 22, 2011 11:01 pm
Location - London Gatwick, United Kingdom

Post by ADD Creative » Fri Mar 12, 2021 8:02 pm

CJC wrote:
Thu Mar 11, 2021 9:47 pm
We've been getting a bunch of these New Customers lately. It's obviously some kind of spam, but I can't figure out what they're trying to accomplish. They'll register with these fake names/emails but then never try to sign in again. The registrations always follow the same format with the last name being similar to the first with a few extra characters and its always a yandex email address. They'll also register from the same IP two days in a row with different names. Any ideas why they're doing this? Right now its not too annoying as its only a handful a week.
There is a good explanation on why the do this here. https://webmasters.stackexchange.com/qu ... 694#115694

Another tool that can be useful, is to block bots by User-Agent. Many bots use invalid or mimic old web browser's User-Agent strings. If you spot this and are sure no valid customer would be using the same you can block in htaccess.

www.add-creative.co.uk


Expert Member

Posts

Joined
Sat Jan 14, 2012 1:02 am
Location - United Kingdom

Post by CJC » Thu Mar 18, 2021 9:54 pm

Just adding some additional info to the thread. So the last spam contact came from 83.149.37.32, which is in western Russia. However, its a different IP range than what was mentioned earlier in this thread.

CJC
Active Member

Posts

Joined
Wed Jun 03, 2020 5:51 am

Post by reda » Wed Jul 21, 2021 5:33 pm

After trying multiple solutions, all not working like : google captcha, opencart captcha, some other opencart extensions (CSRF), neither could help, I was still receiving spams contact form and registration. So I developed a combination of extensions and now I completely satisfied: No more spams!

https://www.opencart.com/index.php?rout ... n_id=42395
https://www.opencart.com/index.php?rout ... n_id=34713

Cheers

Newbie

Posts

Joined
Tue Sep 13, 2011 1:14 pm
Who is online

Users browsing this forum: No registered users and 261 guests