NetWise UK Posted October 4 Share Posted October 4 On 12/08/2024 at 8:59 AM, Remitur said: My (temporary) fix: I just prevented any new user from registering from the USA. Since then, no new fake registrations at all (it seems that for whatever reason, all of the fake users have USA addresses). Luckily, that obscure and derelict nation represents an insignificant fraction of our business, so we can give it up without too much trouble... 🤣 Can I ask how you’ve achieved this? Sounds like a good solution. 0 Quote Link to comment Share on other sites More sharing options...
Remitur Posted October 4 Author Share Posted October 4 3 hours ago, NetWise UK said: Can I ask how you’ve achieved this? Sounds like a good solution. We have a hook to check various data from user upon registering (do not use disposable email address, do not use special characters in address, and so on...) We modified it in order to prevent registering from the USA. Full code is available here: https://github.com/DomainRegister/WHMCS/blob/master/checkuser.php 3 Quote Link to comment Share on other sites More sharing options...
NetWise UK Posted October 4 Share Posted October 4 4 hours ago, Remitur said: We have a hook to check various data from user upon registering (do not use disposable email address, do not use special characters in address, and so on...) We modified it in order to prevent registering from the USA. Full code is available here: https://github.com/DomainRegister/WHMCS/blob/master/checkuser.php Thank you, that's really useful 1 Quote Link to comment Share on other sites More sharing options...
websavers Posted October 7 Share Posted October 7 On 10/1/2024 at 12:47 PM, websavers said: Has anyone upgraded to 8.11 and used hCAPTCHA? I've used it for forms with WordPress and found it very effective. I'm curious if it's as effective as Turnstile and/or reCAPTCHA v3 (when it's working). I can now confirm that after upgrade and implementing hCAPTCHA, there have been no additional spam registrations. I set it to 'automatic' mode on hCATPCHA's side. 0 Quote Link to comment Share on other sites More sharing options...
Linuxweb Posted October 7 Share Posted October 7 On 10/4/2024 at 1:07 PM, Remitur said: We have a hook to check various data from user upon registering (do not use disposable email address, do not use special characters in address, and so on...) We modified it in order to prevent registering from the USA. Full code is available here: https://github.com/DomainRegister/WHMCS/blob/master/checkuser.php So this only started for us last week. until then its never been an issue at all. I implemented the reCaptcha v3 solution, new codes. Fake orders still streamed in. Also cleared cache and templates as well. So reCaptcha is not working at all. I have always has invisible reCaptcha and it worked well till last week. V2 still allows fake domain registration as well as v3 So far the only solution for me has been this Github script. I have tweaked it slightly to include UK. I just need some help please with the elements listed in the script. I have custom fields that I request for our registration, How do I include these on line 25? Thanks 0 Quote Link to comment Share on other sites More sharing options...
DataPacket Posted October 9 Share Posted October 9 Another quick fix for the time being is to add the rule below to the top of your htaccess file. <FilesMatch "^(register|pwreset)\.php$">   SetEnvIfNoCase User-Agent "Firefox/128\.0" block_useragent   SetEnvIfNoCase User-Agent "Firefox/129\.0" block_useragent   SetEnvIfNoCase User-Agent "Firefox/130\.0" block_useragent   Deny from env=block_useragent </FilesMatch> 0 Quote Link to comment Share on other sites More sharing options...
Remitur Posted October 10 Author Share Posted October 10 On 10/7/2024 at 3:47 PM, Linuxweb said: I just need some help please with the elements listed in the script. I have custom fields that I request for our registration, How do I include these on line 25? If you don't need to check your custom fields to forbid the use of special characters inside them, you don't need to do anything. Adding custom fields to the control is possible, but it is a little messy because of the crazy way that WHMCS passes them (only the value and a numerical index, so every time you add a new custom field, you need to check its number and revise all of your scripts). For custom fields, I guess it's better to use the WHMCS's own validation mechanism, based on regular expressions. 0 Quote Link to comment Share on other sites More sharing options...
Linuxweb Posted October 10 Share Posted October 10 46 minutes ago, Remitur said: If you don't need to check your custom fields to forbid the use of special characters inside them, you don't need to do anything. Adding custom fields to the control is possible, but it is a little messy because of the crazy way that WHMCS passes them (only the value and a numerical index, so every time you add a new custom field, you need to check its number and revise all of your scripts). For custom fields, I guess it's better to use the WHMCS's own validation mechanism, based on regular expressions. Awesome thanks so much. I have added Regex to the Custom Client Data. The last entry on Line 25 would that perhaps be custom field? or is this a recorded field in WHMCS. I cant seem to find it, but my Google-Fu is weak today 0 Quote Link to comment Share on other sites More sharing options...
bear Posted October 10 Share Posted October 10 14 hours ago, DataPacket said: Another quick fix for the time being is to add the rule below to the top of your htaccess file. <FilesMatch "^(register|pwreset)\.php$">   SetEnvIfNoCase User-Agent "Firefox/128\.0" block_useragent   SetEnvIfNoCase User-Agent "Firefox/129\.0" block_useragent   SetEnvIfNoCase User-Agent "Firefox/130\.0" block_useragent   Deny from env=block_useragent </FilesMatch> Which will block non-script kiddies also. 0 Quote Link to comment Share on other sites More sharing options...
WP-Arena.com Posted October 10 Share Posted October 10 Just went through the entire thread, nothing helped (we did not try updating WHMCS yet though, will get on trying that). I am very confused as to why WHMCS has taken no real steps in months now? Their product is paid, I have seen free WordPress plugins get faster security patches/fixes than this! Why are we customers forced to make DIY solutions on our own? 0 Quote Link to comment Share on other sites More sharing options...
Vander Host Posted October 11 Share Posted October 11 >Â Just went through the entire thread, nothing helped Did you install the hotfix? >Â (we did not try updating WHMCS yet though, will get on trying that) If you didn't install the hotfix, don't bother, just upgrade WHMCS and enable Recaptcha v3 and let us know how it goes. Â 0 Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.