Spam - fake customers

[sjdeines]

The basic 155f-156a filters for preventing some fields from interning bad data or setting some limits to amount or lack of data is really good. Adding a eye testing CAPTCHA or Honey pot CAPTCHA works on bots.. Lest Google version 3 is working I think.. 2 has known walk around. Blocking IP's work, blocking bad bots helps, I placed some code above that helps with human bots.

In testing, I'm not getting accounts created with what is reported! I can create standard accounts without what's reported, but that's is not what the spammers are after. After adding non-CAPTCHA, the bots have yet to pick the right number! Which is why I ask for links, mods installed, basically, answers to the posting tips so folks here can better help figure out what to help you with...

@ianhg For logs created from admin, if you was not looking at or managing customers... you may have a problem, see this FAQ. If there created as you delete or edit accounts, then its due to the data in those fields, not the code.

I am running v1.5.5e with the Template 'Westminster New, Version 1.3' and have blacklisted all IP ranges, removed Ukraine from countries under Localization as that's what the bots were using as the country, remarked out the autoresponder 'welcome' email in the code, added a non-working (but visually there CAPTCHA as I'm still trying to figure out how to add a CAPTCHA to Westminster New. BTW - The IP stored in the created account is actually different than the IP being used as the account is being created. I know this for a fact, as I have logged and even blacklisted the IP being that's viewable in the 'Who's Online' admin tool. In other words, these things are not only spamming from false servers, but are also ghosting IP addresses. SO! If you know how to install a CAPTCHA in Westminster New, that's about all that I've left to try that might work.

[davewest]

I am running v1.5.5e with the Template 'Westminster New, Version 1.3' and have blacklisted all IP ranges, removed Ukraine from countries under Localization as that's what the bots were using as the country, remarked out the autoresponder 'welcome' email in the code, added a non-working (but visually there CAPTCHA as I'm still trying to figure out how to add a CAPTCHA to Westminster New. BTW - The IP stored in the created account is actually different than the IP being used as the account is being created. I know this for a fact, as I have logged and even blacklisted the IP being that's viewable in the 'Who's Online' admin tool. In other words, these things are not only spamming from false servers, but are also ghosting IP addresses. SO! If you know how to install a CAPTCHA in Westminster New, that's about all that I've left to try that might work.

I disable countries I don't sell to. Yes, spoofing IP is normal, they some times forget the host line
1) Westminster new does not modify the customer account page so dropping the tpl_modules_create_account.php file from Google reCAPTCHA should do the job unless its modified by something else. Check there support page if not working.
2) Trace IP's host by the raw server access logs not zen whos online page..
3) check template folder //includes/modules/YOUR_TEMPLATE/create_account.php and delete it if no other mods modified it.. then check the same file in //includes/modules/create_account.php and replace with a new one from a clean zc155e..

If after doing the above, and you still getting hit, follow this FAQ.

[ianhg]

adding reCAPTCHA or non-CAPTCHA can help fix issues with bots... with non-bots or human spammers, a simple regex line can help. Regex can also limit or hinder good account creation too..

The standard create account line for first name on a ZC156a page is

Code:

<?php  echo zen_draw_input_field('firstname', '',  zen_set_field_length(TABLE_CUSTOMERS, 'customers_firstname', '40') . '  id="firstname" placeholder="' . ENTRY_FIRST_NAME_TEXT . '"' .  ((int)ENTRY_FIRST_NAME_MIN_LENGTH > 0 ? ' required' : '')); ?>

adding this in red blocks some characters not normal to names and limit the length to 20 characters.

Code:

<?php  echo zen_draw_input_field('firstname', '',  zen_set_field_length(TABLE_CUSTOMERS, 'customers_firstname', '40') . '  id="firstname" pattern="^[^±!@£$%^&*_+§¡€#¢§¶•ªº«\\/<>?:;|=.,]{' . ENTRY_FIRST_NAME_MIN_LENGTH . ',20}$" placeholder="' . ENTRY_FIRST_NAME_TEXT . '"' . ((int)ENTRY_FIRST_NAME_MIN_LENGTH > 0 ? ' required' : '')); ?>

This only works on humans, bots well walk right by it...

I would also check the template or mods you may be using that they meet current ZC filters.

@davewest Thanks for this.
I applied your excellent non-captcha and it has stopped spam coming from contact page on one particular site. It has also appeared to have stopped the spam bot setting up fake accounts on another site with links as described in this thread. I did get four fake accounts which I think may have been done by an actual spammer, as they came through with long first names and surnames so I have added the above tested and it appears to work. So I wait to see if anything happens later today, many thanks excellent help from you. Just one thing is it possible to only except UK postal codes in the correct format in postal code field.
Thanks again.

[davewest]

Just one thing is it possible to only except UK postal codes in the correct format in postal code field.
Thanks again.

I'm not sure what the UK pattern is, but on many of my pages I use jquery maskedinput script to format things like dates, phone numbers.. This could work if you only have one pattern only.. The script is tied to input class or id and script is placed at the bottom of the tpl_PAGE You can see how it works by looking at my map request page.. Google jquery maskedinput to get the latest version and instructions.. The UI script and css is used for the popup calendar.

Code:

<script src="<?php echo $template->get_template_dir('jquery-ui.min.js',DIR_WS_TEMPLATE, $current_page_base,'jscript') . '/jquery-ui.min.js' ?>" type="text/javascript"></script>
<script src="<?php echo $template->get_template_dir('jquery.maskedinput.js',DIR_WS_TEMPLATE, $current_page_base,'jscript') . '/jquery.maskedinput.js' ?>" type="text/javascript"></script>
<script type="text/javascript">
    $(function() {
        $("#date")
                .datepicker({ nextText: "", prevText: "", changeMonth: true, changeYear: true })
                .mask("99/99/9999");
    $(".phone")             .mask("999-999-9999");
    });
</script>

[ianhg]

@davewest Thank you for your speedy response. Just one other point do you need to be using PHP7 or greater for your honey pot CAPTCHA to work?

[davewest]

@davewest Thank you for your speedy response. Just one other point do you need to be using PHP7 or greater for your honey pot CAPTCHA to work?

No.. not php version specific at all.. the only requirement is the slider! Its a HTML5 issue.. any current browser higher then IE9 is supportive, lesser browsers would only get an input field to figure out what to do. I think IE has a different idea how HTML5 should be so there may be some issues there conflicting with the scripting. Something I've been trying to fix without IE to go by, hoping IE get there act together with everyone else someday...

[ianhg]

@davewest sorry to be a pain.. I noticed when testing this on one site if I answered the contact page correctly then went to the create account page incorrectly it went through, so would this be a caching issue with the browsers? Also once logged in then went to the contact us page the email went through even though the slider was incorrect. Is there a way of stopping caching on the contact us page?

[sjdeines]

I disable countries I don't sell to. Yes, spoofing IP is normal, they some times forget the host line
1) Westminster new does not modify the customer account page so dropping the tpl_modules_create_account.php file from Google reCAPTCHA should do the job unless its modified by something else. Check there support page if not working.
2) Trace IP's host by the raw server access logs not zen whos online page..
3) check template folder //includes/modules/YOUR_TEMPLATE/create_account.php and delete it if no other mods modified it.. then check the same file in //includes/modules/create_account.php and replace with a new one from a clean zc155e..

If after doing the above, and you still getting hit, follow this FAQ.

OPTION # resolved the issue of the CAPTCHA not working, which was:
3) check template folder //includes/modules/YOUR_TEMPLATE/create_account.php and delete it if no other mods modified it.. then check the same file in //includes/modules/create_account.php and replace with a new one from a clean zc155e..

Respect!

[ianhg]

@davewest sorry to be a pain.. I noticed when testing this on one site if I answered the contact page correctly then went to the create account page incorrectly it went through, so would this be a caching issue with the browsers? Also once logged in then went to the contact us page the email went through even though the slider was incorrect. Is there a way of stopping caching on the contact us page?

@davewest Both sites working well, thanks

[toyseller]

ZC154 - Responsive Sheffield Blue template

Having problems with fake customers with http in the name and Ukraine being set up in the Country
(although Ukraine isnt listed as an option in the pull-down list for customers to select) ... it is set to a red button in "Locations/Taxes"/Countries.

Please could you tell me what to change this line to ...


public_html/includes/templates/template_default/templates/tpl_modules_create_account.php

Line #57 : <?php echo zen_draw_input_field('firstname', '', zen_set_field_length(TABLE_CUSTOMERS, 'customers_firstname', '40') . ' id="firstname"') . (zen_not_null(ENTRY_FIRST_NAME_TEXT) ? '<span class="alert">' . ENTRY_FIRST_NAME_TEXT . '</span>': ''); ?>


public_html/includes/templates/responsive_sheffield_blue/templates/tpl_account_edit_default.php

Line #35 : <?php echo zen_draw_input_field('firstname', $account->fields['customers_firstname'], 'id="firstname"') . (zen_not_null(ENTRY_FIRST_NAME_TEXT) ? '<span class="alert">' . ENTRY_FIRST_NAME_TEXT . '</span>': ''); ?>

I have 5 similar lines in my website coding but Im assuming that only one or both of the above will need changing
The other 3 are in files ...

public_html/includes/templates/template_default/templates/tpl_account_edit_default.php
public_html/includes/templates/template_default/templates/tpl_modules_address_book_details.php
public_html/includes/templates/template_default/templates/tpl_modules_checkout_new_address.php

Apologies, Im not a coder but can change the code.

Have blocked a Ukraine, Finnish, German and Australian range of isps ... trying to shake off this person.