Jump to content

Creating Spamming Accounts

Craft
 Share

Recommended Posts

bear Senior Member

bear

Posted
Posted

If it *was* bypassing the registration page and submitting to the script directly, that would leave CAPTCHA out of the process. That's on the registration page.
The rapid fire nature of this issue, with no discernable exploit so far, definitely feels automated and directly submitted. 

Why remains a mystery.

0
Link to comment
Share on other sites
Craft Senior Member

Craft

Posted
  • Author
Posted
9 hours ago, slim said:

You obviously didnt hit search before posting this.

What makes you assume they are bypassing captcha, rather than solving it?

Thanks for your comment, but it seems you haven't heard about this new hacking script before.

The captcha prevents the robots from creating fake accounts/orders, but this new hacking script is passing the captcha and completing its order!
By the way, Captcha is already enabled on my registration page and every day I receive fake orders/accounts.

 

Captcha.png

0
Link to comment
Share on other sites
Craft Senior Member

Craft

Posted
  • Author
Posted
3 hours ago, bear said:

If it *was* bypassing the registration page and submitting to the script directly, that would leave CAPTCHA out of the process. That's on the registration page.
The rapid fire nature of this issue, with no discernable exploit so far, definitely feels automated and directly submitted. 

Why remains a mystery.

That's correct, but how can we solve this issue?!!

0
Link to comment
Share on other sites
Craft Senior Member

Craft

Posted
  • Author
Posted
42 minutes ago, bear said:

Check out this thread. A few pages in there's something in Cloudflare that's been effective, according to users in that. 

 

Thank you.

I tried this code in the .htaccess file and it works fine 

<IfModule mod_rewrite.c>
    RewriteEngine On

    # Check if the User-Agent matches
    RewriteCond %{HTTP_USER_AGENT} "Mozilla/5.0 \(Windows NT 10.0; Win64; x64; rv:127.0\) Gecko/20100101 Firefox/127.0"

    # Check if the request method is POST
    RewriteCond %{REQUEST_METHOD} POST

    # Check if the URL is register.php
    RewriteCond %{REQUEST_URI} register.php$

    # Deny access by returning a 403 Forbidden status
    RewriteRule .* - [F]
</IfModule>
0
Link to comment
Share on other sites
slim Senior Member

slim

Posted
Posted
Just now, bear said:

Unless it's bypassing the register page as suspected...meaning no CAPTCHA would fix it, new or old.

I have two WHMCS installs, both were getting hammered, the second I installed the beta with v3 captcha, it stopped.

If they were bypassing the register page, then there is a bug in WHMCS, which they may have also fixed in the beta. Either way, not a single fake rego since installing and configuring v3 captcha.

1
Link to comment
Share on other sites
Craft Senior Member

Craft

Posted
  • Author
Posted
15 hours ago, bear said:

That user agent matches anyone using the version of Firefox one or two below current (129). If legitimate users try to order with that, they can't. 
Not a very good fix, I'd suggest.

Yes you are correct, after testing the htaccess code for 24 hours, it prevented 60% of the fake accounts, but not 100%

0
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use & Guidelines and understand your posts will initially be pre-moderated

  I accept