Jump to content

Anti registration SPAM and Verification email SPAM


ufovps

Recommended Posts

Hi,

There was someone using my WHMCS system to send SPAM email. Here are the steps:

1. register  many account and login

2. modify the first name and last name with the spam contents, such as First name -" $50 Gift Card for Amazon"   Last name -" Contact **@**.** to get it for free"

3. change the email address

4. resend email verification email

Then the target email address will receive the spam email contain the frist name and last name. And then repeat with step 3 and 4.

 

How to  limit the number of registed account per hour from the same IP and set restrition of verification email numbers?

Link to comment
Share on other sites

5 hours ago, bear said:

Maybe disallow changing user details in WHMCS for clients? Even if just temporary, it will stop that cold. 

That would cause other clients inconvenient.  I could ban the IP when I am facing that issue, but I had to check and monitor manually.

I am trying to write a hook to ban IP automaticlly that changed email and  registered accoutns more than 5 times in one hour. But there seems no such hook point.

'ClientAdd' doesn't provide client IP and no hook point to ban IP.

Edited by ufovps
Link to comment
Share on other sites

18 hours ago, ufovps said:

That would cause other clients inconvenient. 

why would a genuine client need to change their name frequently??

19 hours ago, ufovps said:

I am trying to write a hook to ban IP automatically that changed email and  registered accounts more than 5 times in one hour. But there seems no such hook point.

ClientDetailsValidation would run when a client updates their details - in additional to returning an error message, you could set it to update the tblbannedips database table if your conditions are met... though that might need an additional table to store the frequency of updates.

19 hours ago, ufovps said:

'ClientAdd' doesn't provide client IP and no hook point to ban IP.

as I mentioned above, banning an IP is just updating the above database table, e.g using capsule... or if you prefer to use the API, there's AddBannedIP that can be used too.

though before you go down that road, I would have thought that anyone doing this will be using fake IP addresses and so it might be fruitless just banning IPs.

you have to remember that hook points are just doors into specific WHMCS processes - once you're in the door, then you can do other things... e.g with you could query the tblclients database table, see if there are any clients whose IP matches the current registrant and if so, decline the change...

or you could force clients to verify their email address before they can access the client area, or block specific characters from the name fields during validation..... i'd probably be looking at doing that rather than banning IPs.

18 hours ago, bear said:

How about only allowing registration if they buy something? Generally it's pointless to allow that without an order of some kind.

that's always the simplest (and best!)solution if your business model allows for it. 🙂

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use & Guidelines and understand your posts will initially be pre-moderated