Jump to content
JEBranch

Huge amount of fake accounts

WHMCS ChrisD

In an effort to try to combat and prevent these orders from being successful, our team has worked to implement Google's invisible reCAPTCHA to the shopping cart checkout workflow through the use of the hooks system, please click here for more information.

Looking to Mass Delete clients? There is a guide to doing this here

Message added by WHMCS ChrisD

Recommended Posts

2 minutes ago, WHMCS John said:

Make sure you block 5666q.com via the Setup > Other > Banned Emails page.

You might have instead blocked them from email piping into the ticket system, which would not have had the desired effect.

Thanks John, that email is not block, I will block 5666q.com and see what happens. They be using  difference email accounts I have around (10) that's block, this is a new one...whewkj.com

Share this post


Link to post
Share on other sites

Took my whole WHMCS offline for 12 hours
Have about 5 domains banned within my CPanel
Changed CPanel password
Changed database password
Updated my WHMCS to latest version
Set my WHMCS back online, and guess what, 5 minutes later, they're baaack.....! :) Oops, should be :(
Have also now added about 10 domains to my Banned email list - as per the list below

So having done all the above, it 'possibly' appears to me there may be a dodgy file within the file system that isn't part of the update system (i.e. somewhere in my template?? that has been infected??)

Email Domain Usage Count  
.tom.com 0 Delete
126.com 0 Delete
163.com 0 Delete
jifewrji.com 0 Delete
ohh.cn 0 Delete
ohu.com 0 Delete
qq.com 0 Delete
sina.com 0 Delete
yahoo.com.cn

Any further thoughts WHMCS John??

 

Share this post


Link to post
Share on other sites

Same here - just had gmail come in...grrrr...

2 hours ago, JEBranch said:

I just had one come in using @gmail.com I can't block gmail.com I have clients using it.

 

Share this post


Link to post
Share on other sites

I'VE HAD A WIN! - turned OFF General Settings / Domains / Domain Registration Options / "Allow Clients to register domains with you". Haven't had a dodgy client for 20 minutes now!
Most of my clients I either acquire their domain names or they are transferred in so that option for me is never used.
It has however stopped my spammers as each was seemingly ordering a Domain Name.

Will of course continue to 'watch and act'.

Share this post


Link to post
Share on other sites

Kaybee, I doubt that it's a dodgy file within your file system, as I did a completely new setup with the full version, and I've still been experiencing the issue.

Clearly, there's a loophole within the WHMCS software somewhere that's been found within the past few days, as there are so many of us experiencing it. I've got Google Recaptcha set up, banned IPs etc, and nothing's stopping them.

The team at WHMCS need to take a deeper look at what the issue could be, as a priority.

Share this post


Link to post
Share on other sites
4 minutes ago, JacobBall said:

Kaybee, I doubt that it's a dodgy file within your file system, as I did a completely new setup with the full version, and I've still been experiencing the issue.

Clearly, there's a loophole within the WHMCS software somewhere that's been found within the past few days, as there are so many of us experiencing it. I've got Google Recaptcha set up, banned IPs etc, and nothing's stopping them.

The team at WHMCS need to take a deeper look at what the issue could be, as a priority.

And my last assumption of allowing clients to register domains, hasn't actually worked either :(
I've certainly slowed things down but whew... yes, would love WHMCS to have a deep look at something??

Share this post


Link to post
Share on other sites

Turning off domain registration options is hardly a solution for most people, even if it does work for you.

Nor does it explain why it's only within the last few days that this issue has occurred.

  • Like 1

Share this post


Link to post
Share on other sites

Has anyone noticed if its helped to upgrade?  Are you using the version that just came out?

I'm upgrading as I always do, but curious if it doesn't seem to matter on the version.

It looks like we're all getting a variety of different email addresses to ban.  qq.com definitely the most popular.

Share this post


Link to post
Share on other sites

I wonder if any of us having this issue have Enabled Email Verification: Setup > General Settings > Security tab and tick Request users to confirm their email address on signup or change of email address ? I did this and not a single fake account or order has come in almost 48 hours.

Share this post


Link to post
Share on other sites
10 hours ago, JBlossoms said:

I wonder if any of us having this issue have Enabled Email Verification: Setup > General Settings > Security tab and tick Request users to confirm their email address on signup or change of email address ? I did this and not a single fake account or order has come in almost 48 hours.

Cool, another option to try - thank you - just had Maintenance Mode on overnight so back at it again.
I'll report back as well.

Share this post


Link to post
Share on other sites
17 hours ago, SherriAnn said:

Has anyone noticed if its helped to upgrade?  Are you using the version that just came out?

I'm upgrading as I always do, but curious if it doesn't seem to matter on the version.

It looks like we're all getting a variety of different email addresses to ban.  qq.com definitely the most popular.

Upgrade hasn't helped, I'm on the absolute latest version.

Share this post


Link to post
Share on other sites
On 20/04/2018 at 12:30 PM, DamienWebb said:

Wow so, I'm not the only one... about 900 of these in the past 24 hours...

WHMCS doesn't use google recaptcha v2, so I'm having to manually edit the theme I use, to use v2. It would be great if the viewcart.tplhad recaptcha enabled, before they could proceed to checkout / "Complete Order".

tGAXVS9.png

qq.com has IP  23.59.190.11, but what you need to block is NetRange:  23.32.0.0 - 23.67.255.255 and CIDR: 23.64.0.0/14, 23.32.0.0/11

Share this post


Link to post
Share on other sites

that not going to work because  I see this hacker have a lot of proxies and used for a register.

Share this post


Link to post
Share on other sites

With all these fake clients coming in, would be nice to have a 'Delete Selected Clients' option on the Clients list page. I'll add it to the wish list.

  • Like 1

Share this post


Link to post
Share on other sites

I upgraded to the very latest version 7.5.1 and it made no difference. As I mentioned earlier, I also used a clean full install, so it's not legacy files causing the problem.

I also enabled email verification, along with Google Recaptcha v2, and that made no difference either. All the email verification does is trigger a bunch of non-deliverable emails.

It would be nice to be able to delete more than one client at a time.

Hopefully we get a response from someone at WHMCS that can help resolve the issue.

Share this post


Link to post
Share on other sites
52 minutes ago, WebsiteIntegrations said:

Maybe check out

Sorry, that's a band-aid solution (at a cost), I'm not prepared to put something on top of a problem to cover up an underlying issue - has anyone had a WHMCS response yet as to any proposed fix or whether the issue is being addressed.
We all seem to be doing multiple local things to find the problem but to date no actual fix.

 

Share this post


Link to post
Share on other sites

Once I blocked qq.com and checked settings again, I haven't had any issue.  Next to clean up the mess it left behind. 

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×

Important Information

By using this site, you agree to our Terms of Use & Guidelines