Jump to content

Huge amount of fake accounts

JEBranch

By JEBranch
in Troubleshooting Issues

 Share
WHMCS ChrisD
Message added by WHMCS ChrisD

In an effort to try to combat and prevent these orders from being successful, our team has worked to implement Google's invisible reCAPTCHA to the shopping cart checkout workflow through the use of the hooks system, please click here for more information.

Looking to Mass Delete clients? There is a guide to doing this here

Recommended Posts

wsa Senior Member

wsa

Posted
Posted
17 hours ago, ch-center said:

Hello everyone

Regarding this issue about fake users and orders in WHMCS.

From 4 days i have a lot of problems generated by that spammer that i see now affect a lot of colleagues.

I ask for help at WHMCSservices and finally find a way to create a module that WORKS.

I have more than 12H with no spam.  All issues solved.

I recommend to all that have this issue to install it

https://www.whmcsservices.com/stopfakeclients.php

Thanks again to WHMCS services

Thank you and anytime you need help let me know :) 

0
Link to comment
Share on other sites
  • Replies 107
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Popular Posts

tap0le
tap0le

Impressive, @Matt. It's not every day the CEO of a software company personally attends to and responds to customer issues like this. I'm truly impressed in the dedication to our community.

Matt
Matt

Hi there We first became aware of instances of the spam signups being discussed here towards the latter end of last week and since then our team has been monitoring the issue and investigating in

Snigle
Snigle

I just wanted to say "Thank you" to Matt, John, and everyone else at WHMCS that has jumped in to provide solutions to counter the sudden uptick in spam. I really appreciate the swift and direct suppor

Posted Images

  • WHMCS CEO
Matt Senior Member

Matt

Posted
  • WHMCS CEO
Posted

Hi there

We first became aware of instances of the spam signups being discussed here towards the latter end of last week and since then our team has been monitoring the issue and investigating instances of it reported to us via support tickets.

We understand how receiving a large number of spam orders can be inconvenient and frustrating and so in an effort to try to combat and prevent these orders from being successful, our team has worked to implement Google's invisible reCAPTCHA to the shopping cart checkout workflow through the use of the hooks system.  This is being provided as a short term immediate solution for users affected by the recent spam order submissions until such time as we can release a product update with this functionality natively included.

What is Google Invisible reCAPTCHA?

Invisible reCAPTCHA is designed to be as inobtrusive to the regular user as possible. In most cases, users will not be prompted to solve a captcha. Only when Google detects suspicious behaviour or traffic will a captcha challenge be presented. The result is that while it may not prevent all spam signups, as soon as Google detects suspicious activity or patterns, further automated orders should be blocked. To learn more about how Invisible reCAPTCHA works, please visit https://developers.google.com/recaptcha/docs/invisible

Installation Instructions

To install the hook, follow the steps below.

1. Download the hook (attached at the bottom of this post)
2. Upload to the /includes/hooks/ directory of your WHMCS installation
3. The hook leverages the same Google reCAPTCHA configuration as defined in Setup > General Settings > Security. Therefore, please ensure the Captcha settings are configured there as follows:

Captcha Form Protection: "Always On" or "Off when logged in"
Captcha Type: reCAPTCHA (Google's reCAPTCHA system)
reCAPTCHA Site Key & Secret Key: Provided

Remember, Invisible reCAPTCHA may not block all spam submissions, but it should be effective in preventing repeated and high volume submission attempts. We're keen to hear how effective this change is at preventing the spam order submissions you’ve been experiencing recently so please let us know your experiences with the hook.

Regards,

Matt

cart_recaptcha.php

3
Link to comment
Share on other sites
mbit Member

mbit

Posted
Posted
On 24. 04. 2018. at 3:47 PM, Tobias said:

Corrected Version: 


<?php
if (!defined("WHMCS"))
    die("This file cannot be accessed directly");

function userdata_field_matches($fieldname,$value,$all_vars) {
        return (array_key_exists($fieldname,$all_vars) && preg_match("/$value/",$all_vars[$fieldname]));
}

function block_fuli8_tk($vars) {

        if (userdata_field_matches("email",     "@qq\.com",     $vars)) return "Error: Userdata validation error";
        if (userdata_field_matches("lastname",  "fuli8\.tk",    $vars)) return "Error: Userdata validation error";
        if (userdata_field_matches("firstname", "5666Q\.COM",   $vars)) return "Error: Userdata validation error";
}

add_hook("ClientDetailsValidation",1,"block_fuli8_tk");
?>

Tobias is right. Block them BEFORE they create an order.
 

 

0
Link to comment
Share on other sites
  • WHMCS Support Manager
WHMCS John Senior Member

WHMCS John

Posted
  • WHMCS Support Manager
Posted

Hi all,

If you're looking for a way to remove clients en-mass with a common first name. We've put together a script which can be used to do this:

I hope you find it useful!

This script is provided as-is, without warranty, and in the understanding for the potential to permanently and irreversibly delete data. Before running this script, please make a database backup.

0
Link to comment
Share on other sites
spartanza Member

spartanza

Posted
Posted

My experience with this is as follows: When I launched my WHMCS powered website, I had a free package where users could essentially take out for free for 3 months. While that product was front-facing, I started getting a couple per day registrations and setups from users across the world who I do not market to. They both took out the free package, but something felt off about their registrations too. So I turned the free product off on the front-end, making inaccessible to anyone, humans, and bots. Then I thought of emailing the registered users to see if they are real? Just to be sure. I asked for email verification to be complete, and they never replied after a couple of days so I deleted them. I suppose there were only a couple, so I could manage the issue correctly.

I would start there. Turn off any free service or product a user can apply for, and see what happens. Not the ultimate solution, but worked for me.

0
Link to comment
Share on other sites
Snigle Junior Member

Snigle

Posted
Posted

I just wanted to say "Thank you" to Matt, John, and everyone else at WHMCS that has jumped in to provide solutions to counter the sudden uptick in spam. I really appreciate the swift and direct support you are providing to me and the other members of your online community. Keep up the good work! :) 

2
Link to comment
Share on other sites
Subwayhost Member

Subwayhost

Posted
Posted
On 4/25/2018 at 7:16 PM, Matt said:

Hi there

We first became aware of instances of the spam signups being discussed here towards the latter end of last week and since then our team has been monitoring the issue and investigating instances of it reported to us via support tickets.

We understand how receiving a large number of spam orders can be inconvenient and frustrating and so in an effort to try to combat and prevent these orders from being successful, our team has worked to implement Google's invisible reCAPTCHA to the shopping cart checkout workflow through the use of the hooks system.  This is being provided as a short term immediate solution for users affected by the recent spam order submissions until such time as we can release a product update with this functionality natively included.

What is Google Invisible reCAPTCHA?

Invisible reCAPTCHA is designed to be as inobtrusive to the regular user as possible. In most cases, users will not be prompted to solve a captcha. Only when Google detects suspicious behaviour or traffic will a captcha challenge be presented. The result is that while it may not prevent all spam signups, as soon as Google detects suspicious activity or patterns, further automated orders should be blocked. To learn more about how Invisible reCAPTCHA works, please visit https://developers.google.com/recaptcha/docs/invisible

Installation Instructions

To install the hook, follow the steps below.

1. Download the hook (attached at the bottom of this post)
2. Upload to the /includes/hooks/ directory of your WHMCS installation
3. The hook leverages the same Google reCAPTCHA configuration as defined in Setup > General Settings > Security. Therefore, please ensure the Captcha settings are configured there as follows:

Captcha Form Protection: "Always On" or "Off when logged in"
Captcha Type: reCAPTCHA (Google's reCAPTCHA system)
reCAPTCHA Site Key & Secret Key: Provided

Remember, Invisible reCAPTCHA may not block all spam submissions, but it should be effective in preventing repeated and high volume submission attempts. We're keen to hear how effective this change is at preventing the spam order submissions you’ve been experiencing recently so please let us know your experiences with the hook.

Regards,

Matt

cart_recaptcha.php

Still not working and many orders placed from the spammer!

0
Link to comment
Share on other sites
JEBranch Junior Member

JEBranch

Posted
  • Author
Posted
12 hours ago, Subwayhost said:

How did you installed it

 

Do you mean you have moved the cart recaptcha.php to includes/hooks only uploading it !

 

Or what you did !

 

Thanks.

Matt and his team from WHMCS explained it best, I upload cart recaptcha.php  to includes/hooks, I went to my General Setting click  Always On (code shown to ensure human submission) reCAPTCHA (Google's reCAPTCHA system) go here  open an account and uses Invisible reCAPTCHA , you will get a reCAPTCHA Site Key  and a reCAPTCHA Secret Key  put info in box and save, it should work

0
Link to comment
Share on other sites
JEBranch Junior Member

JEBranch

Posted
  • Author
Posted
14 minutes ago, JEBranch said:

Matt and his team from WHMCS explained it best, I upload cart recaptcha.php  to includes/hooks, I went to my General Setting click  Always On (code shown to ensure human submission) reCAPTCHA (Google's reCAPTCHA system) go here  open an account and uses Invisible reCAPTCHA , you will get a reCAPTCHA Site Key  and a reCAPTCHA Secret Key  put info in box and save, it should work

General Setting (Security)

0
Link to comment
Share on other sites
JEBranch Junior Member

JEBranch

Posted
  • Author
Posted
1 hour ago, Subwayhost said:

I've whmcs 6.5.2 and Google recaptcha is V1 how can i upgrade it to V2

 

Which files should i modify there ! Any help

 

This stupid spammer can't stop his fake orders!

Not sure, you might have to upgrade your WHMCS to the latest version which is 7.5.1 or go to your google account https://www.google.com/recaptcha/admin/create and see if you can create a reCAPTCHA V2..

0
Link to comment
Share on other sites
WHMCS ChrisD Senior Member

WHMCS ChrisD

Posted
Posted
1 hour ago, Subwayhost said:

I've whmcs 6.5.2 and Google recaptcha is V1 how can i upgrade it to V2

Which files should i modify there ! Any help

This stupid spammer can't stop his fake orders!

5

Hey @Subwayhost

You'll firstly, need to get a new ReCaptcha v2 key from https://www.google.com/recaptcha/admin/create then add this key to Setup > Security.  Please note, if you are using a custom theme you may need to have your developer update the code in the custom theme.

Lastly, I'll also note that ReCaptcha V2 was only added to ticket submission and contact form in V7.0 and later

0
Link to comment
Share on other sites
Subwayhost Member

Subwayhost

Posted
Posted
8 hours ago, WHMCS ChrisD said:

Hey @Subwayhost

You'll firstly, need to get a new ReCaptcha v2 key from https://www.google.com/recaptcha/admin/create then add this key to Setup > Security.  Please note, if you are using a custom theme you may need to have your developer update the code in the custom theme.

Lastly, I'll also note that ReCaptcha V2 was only added to ticket submission and contact form in V7.0 and later

Thanks Chris for your help ,

 

Can you please advise me which files should be modified to make recaptcha V2 working.

0
Link to comment
Share on other sites
hazzlewis Junior Member

hazzlewis

Posted
Posted

Our solution, without leveraging reCaptcha:

Upon noticing the spam, we implemented a ClientDetailsValidation hook to block fields using chinese characters or the 5666Q.COM and fuli8.tk domains. This worked on our brand running a more recent version of WHMCS (v7.3) but not on our brand running v6.3. 

Turns out on v6.3 there's a bug where the $vars array passed to the hook doesn't get populated when register.php is called via GET with querystring params

e.g., in our server logs we saw stuff like: 

"GET /register.php?register=true&firstname=%E2%AD%9F%E5%BC%80%E2%AD%9F%E6%88%B7%E2%AD%9F%E5%8D%B3%E2%AD%9F%E9%80%8188%E5%85%83%E2%AD%9F%E7%8E%B0%E2%AD%9F%E9%87%91+%EF%BC%B4%E6%B4%BB%EF%BC%B4%E5%8A%A8%EF%BC%B4%E9%80%9A%EF%BC%B4%E9%81%93+5666Q.COM&lastname=%EF%BC%B4%E6%98%93%EF%BC%B4%E8%AE%B0%EF%BC%B4%E5%9F%9F%EF%BC%B4%E5%90%8D+fuli8.tk&email=73212569%40qq.com&country-calling-code-phonenumber=61&phonenumber=2788930349&companyname=%CE%97%E9%87%91%CE%97%E6%B2%99%CE%97%E5%A8%B1%CE%97%E4%B9%90%CE%97%E5%9F%8E%CE%97&address1=BBX8V+L2RDT&address2=JV6LR&city=HGHGB&state=Victoria&postcode=166226&country=AU&password=KTWx6QSDFf&password2=KTWx6QSDFf&accepttos=on&code=sr7n9&securityqid=1&securityqans=uNLQZt96 HTTP/1.1

So in that same hook, I just dropped in a check to see if $vars is empty, and to populate it with $_REQUEST if that is the case. Then the validation works fine and blocks the registrations.

To save people time, here's the hook that solved the issue for us (place it in /includes/hooks): 

<?php

add_hook('ClientDetailsValidation', 1, function ($vars) {
    $illegalPatterns = [
        '#[\x{4e00}-\x{9fa5}]+#u', //checks for chinese characters
        '#5666Q\.COM#i',
        '#fuli8\.tk#i'
    ];

    if (empty($vars)) {
        $vars = $_REQUEST;
    }

    foreach ($vars as $key=>$val) {
        if (empty($val)) {
            continue; //dont need to do regex match on empty string
        }

        foreach ($illegalPatterns as $i=>$illegalPattern) {
            if (preg_match($illegalPattern, $val)) {
                return  "[{$i}] Illegal value for " . $key;
            }
        }
    }

});

 

Best of luck!

0
Link to comment
Share on other sites
aawebtools Junior Member

aawebtools

Posted
Posted
On 4/24/2018 at 9:47 AM, Tobias said:

Corrected Version: 


<?php
if (!defined("WHMCS"))
    die("This file cannot be accessed directly");

function userdata_field_matches($fieldname,$value,$all_vars) {
        return (array_key_exists($fieldname,$all_vars) && preg_match("/$value/",$all_vars[$fieldname]));
}

function block_fuli8_tk($vars) {

        if (userdata_field_matches("email",     "@qq\.com",     $vars)) return "Error: Userdata validation error";
        if (userdata_field_matches("lastname",  "fuli8\.tk",    $vars)) return "Error: Userdata validation error";
        if (userdata_field_matches("firstname", "5666Q\.COM",   $vars)) return "Error: Userdata validation error";
}

add_hook("ClientDetailsValidation",1,"block_fuli8_tk");
?>

 

I tried the invisible captcha and was getting errors when I tried to signup, so I turned it off and used Tobuas's code.  No more spam signups.  Good job Tobias!

0
Link to comment
Share on other sites
Subwayhost Member

Subwayhost

Posted
Posted
On 4/30/2018 at 7:44 PM, aawebtools said:

I tried the invisible captcha and was getting errors when I tried to signup, so I turned it off and used Tobuas's code.  No more spam signups.  Good job Tobias!

 

Do you mean

 

(5 Character Verification Code)  !

0
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use & Guidelines and understand your posts will initially be pre-moderated

  I accept