Jump to content

Huge amount of fake accounts


Message added by WHMCS ChrisD

In an effort to try to combat and prevent these orders from being successful, our team has worked to implement Google's invisible reCAPTCHA to the shopping cart checkout workflow through the use of the hooks system, please click here for more information.

Looking to Mass Delete clients? There is a guide to doing this here

Recommended Posts

2 minutes ago, WHMCS John said:

Make sure you block 5666q.com via the Setup > Other > Banned Emails page.

You might have instead blocked them from email piping into the ticket system, which would not have had the desired effect.

Thanks John, that email is not block, I will block 5666q.com and see what happens. They be using  difference email accounts I have around (10) that's block, this is a new one...whewkj.com

Link to comment
Share on other sites

Took my whole WHMCS offline for 12 hours
Have about 5 domains banned within my CPanel
Changed CPanel password
Changed database password
Updated my WHMCS to latest version
Set my WHMCS back online, and guess what, 5 minutes later, they're baaack.....! :) Oops, should be :(
Have also now added about 10 domains to my Banned email list - as per the list below

So having done all the above, it 'possibly' appears to me there may be a dodgy file within the file system that isn't part of the update system (i.e. somewhere in my template?? that has been infected??)

Email Domain Usage Count  
.tom.com 0 Delete
126.com 0 Delete
163.com 0 Delete
jifewrji.com 0 Delete
ohh.cn 0 Delete
ohu.com 0 Delete
qq.com 0 Delete
sina.com 0 Delete
yahoo.com.cn

Any further thoughts WHMCS John??

 

Link to comment
Share on other sites

I'VE HAD A WIN! - turned OFF General Settings / Domains / Domain Registration Options / "Allow Clients to register domains with you". Haven't had a dodgy client for 20 minutes now!
Most of my clients I either acquire their domain names or they are transferred in so that option for me is never used.
It has however stopped my spammers as each was seemingly ordering a Domain Name.

Will of course continue to 'watch and act'.

Link to comment
Share on other sites

Kaybee, I doubt that it's a dodgy file within your file system, as I did a completely new setup with the full version, and I've still been experiencing the issue.

Clearly, there's a loophole within the WHMCS software somewhere that's been found within the past few days, as there are so many of us experiencing it. I've got Google Recaptcha set up, banned IPs etc, and nothing's stopping them.

The team at WHMCS need to take a deeper look at what the issue could be, as a priority.

Link to comment
Share on other sites

4 minutes ago, JacobBall said:

Kaybee, I doubt that it's a dodgy file within your file system, as I did a completely new setup with the full version, and I've still been experiencing the issue.

Clearly, there's a loophole within the WHMCS software somewhere that's been found within the past few days, as there are so many of us experiencing it. I've got Google Recaptcha set up, banned IPs etc, and nothing's stopping them.

The team at WHMCS need to take a deeper look at what the issue could be, as a priority.

And my last assumption of allowing clients to register domains, hasn't actually worked either :(
I've certainly slowed things down but whew... yes, would love WHMCS to have a deep look at something??

Link to comment
Share on other sites

Has anyone noticed if its helped to upgrade?  Are you using the version that just came out?

I'm upgrading as I always do, but curious if it doesn't seem to matter on the version.

It looks like we're all getting a variety of different email addresses to ban.  qq.com definitely the most popular.

Link to comment
Share on other sites

I wonder if any of us having this issue have Enabled Email Verification: Setup > General Settings > Security tab and tick Request users to confirm their email address on signup or change of email address ? I did this and not a single fake account or order has come in almost 48 hours.

Link to comment
Share on other sites

10 hours ago, JBlossoms said:

I wonder if any of us having this issue have Enabled Email Verification: Setup > General Settings > Security tab and tick Request users to confirm their email address on signup or change of email address ? I did this and not a single fake account or order has come in almost 48 hours.

Cool, another option to try - thank you - just had Maintenance Mode on overnight so back at it again.
I'll report back as well.

Link to comment
Share on other sites

17 hours ago, SherriAnn said:

Has anyone noticed if its helped to upgrade?  Are you using the version that just came out?

I'm upgrading as I always do, but curious if it doesn't seem to matter on the version.

It looks like we're all getting a variety of different email addresses to ban.  qq.com definitely the most popular.

Upgrade hasn't helped, I'm on the absolute latest version.

Link to comment
Share on other sites

On 20/04/2018 at 12:30 PM, DamienWebb said:

Wow so, I'm not the only one... about 900 of these in the past 24 hours...

WHMCS doesn't use google recaptcha v2, so I'm having to manually edit the theme I use, to use v2. It would be great if the viewcart.tplhad recaptcha enabled, before they could proceed to checkout / "Complete Order".

tGAXVS9.png

qq.com has IP  23.59.190.11, but what you need to block is NetRange:  23.32.0.0 - 23.67.255.255 and CIDR: 23.64.0.0/14, 23.32.0.0/11

Link to comment
Share on other sites

I upgraded to the very latest version 7.5.1 and it made no difference. As I mentioned earlier, I also used a clean full install, so it's not legacy files causing the problem.

I also enabled email verification, along with Google Recaptcha v2, and that made no difference either. All the email verification does is trigger a bunch of non-deliverable emails.

It would be nice to be able to delete more than one client at a time.

Hopefully we get a response from someone at WHMCS that can help resolve the issue.

Link to comment
Share on other sites

52 minutes ago, WebsiteIntegrations said:

Maybe check out

Sorry, that's a band-aid solution (at a cost), I'm not prepared to put something on top of a problem to cover up an underlying issue - has anyone had a WHMCS response yet as to any proposed fix or whether the issue is being addressed.
We all seem to be doing multiple local things to find the problem but to date no actual fix.

 

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use & Guidelines and understand your posts will initially be pre-moderated