Huge amount of fake accounts

[JEBranch]

2 minutes ago, WHMCS John said:

Make sure you block 5666q.com via the Setup > Other > Banned Emails page.

You might have instead blocked them from email piping into the ticket system, which would not have had the desired effect.

Thanks John, that email is not block, I will block 5666q.com and see what happens. They be using  difference email accounts I have around (10) that's block, this is a new one...whewkj.com

[JEBranch]

I just had one come in using @gmail.com I can't block gmail.com I have clients using it.

[kaybee57]

Took my whole WHMCS offline for 12 hours
Have about 5 domains banned within my CPanel
Changed CPanel password
Changed database password
Updated my WHMCS to latest version
Set my WHMCS back online, and guess what, 5 minutes later, they're baaack.....!  Oops, should be
Have also now added about 10 domains to my Banned email list - as per the list below

So having done all the above, it 'possibly' appears to me there may be a dodgy file within the file system that isn't part of the update system (i.e. somewhere in my template?? that has been infected??)

Email Domain	Usage Count
.tom.com	0
126.com	0
163.com	0
jifewrji.com	0
ohh.cn	0
ohu.com	0
qq.com	0
sina.com	0
yahoo.com.cn

Any further thoughts WHMCS John??

 

[kaybee57]

Same here - just had gmail come in...grrrr...

2 hours ago, JEBranch said:

I just had one come in using @gmail.com I can't block gmail.com I have clients using it.

 

[kaybee57]

I'VE HAD A WIN! - turned OFF General Settings / Domains / Domain Registration Options / "Allow Clients to register domains with you". Haven't had a dodgy client for 20 minutes now!
Most of my clients I either acquire their domain names or they are transferred in so that option for me is never used.
It has however stopped my spammers as each was seemingly ordering a Domain Name.

Will of course continue to 'watch and act'.

[JacobBall]

Kaybee, I doubt that it's a dodgy file within your file system, as I did a completely new setup with the full version, and I've still been experiencing the issue.

Clearly, there's a loophole within the WHMCS software somewhere that's been found within the past few days, as there are so many of us experiencing it. I've got Google Recaptcha set up, banned IPs etc, and nothing's stopping them.

The team at WHMCS need to take a deeper look at what the issue could be, as a priority.

[kaybee57]

4 minutes ago, JacobBall said:

Kaybee, I doubt that it's a dodgy file within your file system, as I did a completely new setup with the full version, and I've still been experiencing the issue.

Clearly, there's a loophole within the WHMCS software somewhere that's been found within the past few days, as there are so many of us experiencing it. I've got Google Recaptcha set up, banned IPs etc, and nothing's stopping them.

The team at WHMCS need to take a deeper look at what the issue could be, as a priority.

And my last assumption of allowing clients to register domains, hasn't actually worked either
I've certainly slowed things down but whew... yes, would love WHMCS to have a deep look at something??

[JacobBall]

Turning off domain registration options is hardly a solution for most people, even if it does work for you.

Nor does it explain why it's only within the last few days that this issue has occurred.

[SherriAnn]

Has anyone noticed if its helped to upgrade?  Are you using the version that just came out?

I'm upgrading as I always do, but curious if it doesn't seem to matter on the version.

It looks like we're all getting a variety of different email addresses to ban.  qq.com definitely the most popular.

[JBlossoms]

I wonder if any of us having this issue have Enabled Email Verification: Setup > General Settings > Security tab and tick Request users to confirm their email address on signup or change of email address ? I did this and not a single fake account or order has come in almost 48 hours.

[flywheel]

Is it working?  I'm having the same issue that just started about a week ago.

[kaybee57]

10 hours ago, JBlossoms said:

I wonder if any of us having this issue have Enabled Email Verification: Setup > General Settings > Security tab and tick Request users to confirm their email address on signup or change of email address ? I did this and not a single fake account or order has come in almost 48 hours.

Cool, another option to try - thank you - just had Maintenance Mode on overnight so back at it again.
I'll report back as well.

[kaybee57]

17 hours ago, SherriAnn said:

Has anyone noticed if its helped to upgrade?  Are you using the version that just came out?

I'm upgrading as I always do, but curious if it doesn't seem to matter on the version.

It looks like we're all getting a variety of different email addresses to ban.  qq.com definitely the most popular.

Upgrade hasn't helped, I'm on the absolute latest version.

[wsa]

What WHMCS version on you use

[kaybee57]

Just now, wsa said:

What WHMCS version on you use

7.5.1 - latest upgrade

[easyhosting]

On 20/04/2018 at 12:30 PM, DamienWebb said:

Wow so, I'm not the only one... about 900 of these in the past 24 hours...

WHMCS doesn't use google recaptcha v2, so I'm having to manually edit the theme I use, to use v2. It would be great if the viewcart.tplhad recaptcha enabled, before they could proceed to checkout / "Complete Order".

qq.com has IP  23.59.190.11, but what you need to block is NetRange:  23.32.0.0 - 23.67.255.255 and CIDR: 23.64.0.0/14, 23.32.0.0/11

[easyhosting]

anyone having issues can use this module  http://www.whmcs.com/members/dl.php?type=d&id=20 which will allow you to add a full list of spam emails 

BannedFreeEmailsAddon (1).zip

Edited April 23, 2018 by easyhosting

[wsa]

that not going to work because  I see this hacker have a lot of proxies and used for a register.

[kaybee57]

With all these fake clients coming in, would be nice to have a 'Delete Selected Clients' option on the Clients list page. I'll add it to the wish list.

[JacobBall]

I upgraded to the very latest version 7.5.1 and it made no difference. As I mentioned earlier, I also used a clean full install, so it's not legacy files causing the problem.

I also enabled email verification, along with Google Recaptcha v2, and that made no difference either. All the email verification does is trigger a bunch of non-deliverable emails.

It would be nice to be able to delete more than one client at a time.

Hopefully we get a response from someone at WHMCS that can help resolve the issue.

[WebsiteIntegrations]

Maybe check out

 

[WebsiteIntegrations]

oh i see he posted here too already. I guess i should read it all.

[kaybee57]

52 minutes ago, WebsiteIntegrations said:

Maybe check out

Sorry, that's a band-aid solution (at a cost), I'm not prepared to put something on top of a problem to cover up an underlying issue - has anyone had a WHMCS response yet as to any proposed fix or whether the issue is being addressed.
We all seem to be doing multiple local things to find the problem but to date no actual fix.

 

[SherriAnn]

Once I blocked qq.com and checked settings again, I haven't had any issue.  Next to clean up the mess it left behind. 

[wsa]

Same topic 

https://whmcs.community/topic/286945-fake-orders-and-accounts/?page=2&tab=comments#comment-1293429