Unusual order activity

[NetWise UK]

On 12/08/2024 at 8:59 AM, Remitur said:

My (temporary) fix: I just prevented any new user from registering from the USA.

Since then, no new fake registrations at all (it seems that for whatever reason, all of the fake users have USA addresses).

Luckily, that obscure and derelict nation represents an insignificant fraction of our business, so we can give it up without too much trouble... 🤣

Can I ask how you’ve achieved this? Sounds like a good solution. 

[Remitur]

3 hours ago, NetWise UK said:

Can I ask how you’ve achieved this? Sounds like a good solution. 

We have a hook to check various data from user upon registering (do not use disposable email address, do not use special characters in address, and so on...)
We modified it in order to prevent registering from the USA.
Full code is available here:
https://github.com/DomainRegister/WHMCS/blob/master/checkuser.php

[NetWise UK]

4 hours ago, Remitur said:

We have a hook to check various data from user upon registering (do not use disposable email address, do not use special characters in address, and so on...)
We modified it in order to prevent registering from the USA.
Full code is available here:
https://github.com/DomainRegister/WHMCS/blob/master/checkuser.php

Thank you, that's really useful 

[websavers]

On 10/1/2024 at 12:47 PM, websavers said:

Has anyone upgraded to 8.11 and used hCAPTCHA? I've used it for forms with WordPress and found it very effective. I'm curious if it's as effective as Turnstile and/or reCAPTCHA v3 (when it's working).

I can now confirm that after upgrade and implementing hCAPTCHA, there have been no additional spam registrations. I set it to 'automatic' mode on hCATPCHA's side.

[Linuxweb]

On 10/4/2024 at 1:07 PM, Remitur said:

We have a hook to check various data from user upon registering (do not use disposable email address, do not use special characters in address, and so on...)
We modified it in order to prevent registering from the USA.
Full code is available here:
https://github.com/DomainRegister/WHMCS/blob/master/checkuser.php

So this only started for us last week. until then its never been an issue at all. I implemented the reCaptcha v3 solution, new codes. Fake orders still streamed in. Also cleared cache and templates as well.

So reCaptcha is not working at all. I have always has invisible reCaptcha and it worked well till last week. V2 still allows fake domain registration as well as v3

So far the only solution for me has been this Github script. I have tweaked it slightly to include UK.

I just need some help please with the elements listed in the script. I have custom fields that I request for our registration, How do I include these on line 25?

Thanks

[DataPacket]

Another quick fix for the time being is to add the rule below to the top of your htaccess file.

<FilesMatch "^(register|pwreset)\.php$">
    SetEnvIfNoCase User-Agent "Firefox/128\.0" block_useragent
    SetEnvIfNoCase User-Agent "Firefox/129\.0" block_useragent
    SetEnvIfNoCase User-Agent "Firefox/130\.0" block_useragent
    Deny from env=block_useragent
</FilesMatch>

[Remitur]

On 10/7/2024 at 3:47 PM, Linuxweb said:

I just need some help please with the elements listed in the script. I have custom fields that I request for our registration, How do I include these on line 25?

If you don't need to check your custom fields to forbid the use of special characters inside them, you don't need to do anything.

Adding custom fields to the control is possible, but it is a little messy because of the crazy way that WHMCS passes them (only the value and a numerical index, so every time you add a new custom field, you need to check its number and revise all of your scripts).

For custom fields, I guess it's better to use the WHMCS's own validation mechanism, based on  regular expressions.

[Linuxweb]

46 minutes ago, Remitur said:

If you don't need to check your custom fields to forbid the use of special characters inside them, you don't need to do anything.

Adding custom fields to the control is possible, but it is a little messy because of the crazy way that WHMCS passes them (only the value and a numerical index, so every time you add a new custom field, you need to check its number and revise all of your scripts).

For custom fields, I guess it's better to use the WHMCS's own validation mechanism, based on  regular expressions.

Awesome thanks so much. I have added Regex to the Custom Client Data. The last entry on Line 25 would that perhaps be custom field? or is this a recorded field in WHMCS. I cant seem to find it, but my Google-Fu is weak today

[bear]

14 hours ago, DataPacket said:

Another quick fix for the time being is to add the rule below to the top of your htaccess file.

<FilesMatch "^(register|pwreset)\.php$">
    SetEnvIfNoCase User-Agent "Firefox/128\.0" block_useragent
    SetEnvIfNoCase User-Agent "Firefox/129\.0" block_useragent
    SetEnvIfNoCase User-Agent "Firefox/130\.0" block_useragent
    Deny from env=block_useragent
</FilesMatch>

Which will block non-script kiddies also. 

[WP-Arena.com]

Just went through the entire thread, nothing helped (we did not try updating WHMCS yet though, will get on trying that). I am very confused as to why WHMCS has taken no real steps in months now? Their product is paid, I have seen free WordPress plugins get faster security patches/fixes than this! Why are we customers forced to make DIY solutions on our own?

[Vander Host]

> Just went through the entire thread, nothing helped

Did you install the hotfix?

> (we did not try updating WHMCS yet though, will get on trying that)

If you didn't install the hotfix, don't bother, just upgrade WHMCS and enable Recaptcha v3 and let us know how it goes.