ROBOTS/SPAM creating fake accounts

[LauraPresta]

Hello guys,

Im just checking this new thing on 2 websites : a robot is spamming account creation with names similar than "Grace And Anna Waiting" (of course each names are differents)

Interesting thing is opt-in option is disable but when spammer robot create an account it succeed to activate the optin option

Have you ever faced this ?

 

 

 

Edited April 24, 2019 by LauraPresta (see edit history)

[MichaelEZ]

do u use reCAPTCHA ?

[LauraPresta]

Thank you for your answer Michael.

I could set up reCaptcha quickly but those 2 websites are eshop, and problem with reCaptcha : it'll make lose a part of registering customers who will have problem with it ;/ (we have it on customer contact pages and damn... thats amazing how some people are retarded to not even understand they have to click it and eventually to do the image checking)

[MichaelEZ]

Well then we face same problem :D..we dont use reCAPTCHA  either because of that - but simple fix might be something like this : 

https://addons.prestashop.com/en/mobile/20580-login-by-mobile-phone-number-register-by-otp-sms.html

[LauraPresta]

 yeah this is amazing how some people are still so bad with the use of internet ^^

or maybe this ? https://mypresta.eu/modules/administration-tools/customer-register-spam-protection.html

But i dont like this some much if i dont know exactly how it work (but it is done by Vekia on this forum who is good)

[MichaelEZ]

Well as I search almost whole forum many times, a did see his name often.

It might be easier to use for customers (nothing change for them) as sms validation. And setting in backend doesnt look to complicated, so it might be right choice. 

[badger1010]

Have a look here: 

 

[Presta Bucket]

Hello,

We are developers of this module from the Official Addons Marketplace CAPTCHA Google reCAPTCHA PRO + anti Fake Accounts and it blocks 100% this new Register Spam Invasion.

We also tried this free solution and it worked as well, it blocked the spam.

 

[Xonax]

I have the exact same SPAM problem. A brief check shows, that the spam seems to come from the same IP-adress in Iceland "37.235.49.244"

Is there by any chance a way to block specific Ip-adresses, block customers with IP-adresses from specific countries, or block customers with Last name starting with www. as all the SPAM registrations have a last name starting with www. ??

Edited April 25, 2019 by Xonax (see edit history)

[LauraPresta]

try check others ip, most of them will be from different countries, and i checked some in countries where we have customers

except for russia or Asia, blocking IP may not be the best solution

 

Does this robot create account on your shop with option Opt-In activated ?

[Xonax]

34 minutes ago, LauraPresta said:

try check others ip, most of them will be from different countries, and i checked some in countries where we have customers

except for russia or Asia, blocking IP may not be the best solution

 

Does this robot create account on your shop with option Opt-In activated ?

I can confirm, that all ip´s are from the same ip adress in Iceland and that opt-in is activated.  I just try to delete the fake customers as fast as I can.

[Bezouw]

Same problem here.

I installed the module "Block IP Free"

https://mypresta.eu/modules/administration-tools/block-ip-free.html

inserted 37.235.49.244

Problem solved.

[LauraPresta]

i would be very surprised that the bot use only one IP, but of course i trust you

In the future it will use many IPs im pretty sure

Btw, im happy i found with you many other people with same problem  good to not feel alone

[templatetrend]

Hey 

Prestashop just release the patch for these issue.  It is the common issue. I

This patch was avilable in prestashop 1.7.5.2

[Xonax]

19 hours ago, Bezouw said:

Same problem here.

I installed the module "Block IP Free"

https://mypresta.eu/modules/administration-tools/block-ip-free.html

inserted 37.235.49.244

Problem solved.

Thanks. I have followed your advice and installed this module for my Prestashop 1.6. 1.0 and for now the problem with spam registrations has been solved.

I have also reported the ip-adress abuse to this site:  https://www.abuseipdb.com

Edited April 26, 2019 by Xonax (see edit history)

[LauraPresta]

As i said, blocking IP is not a good solution because the bot will later either change IP or use many IPs.

Now it has changed already : https://www.ip-tracker.org/locator/ip-lookup.php?ip=151.236.24.142

Solution given by badger1010 may be a good way but still not prefect (i didnt checked it precisely yet, ill do later)

Actually i think the only correct option against this bot will be reCaptcha, but for sure you'll lose part of customers that wont registrer because they will have problems with it

On 4/24/2019 at 1:28 PM, badger1010 said:

Have a look here: 

 

 

[TillyOak]

implemented doekia's solution a week or so ago, worked perfectly, but I've had a very similar registration again today, only one so far but the original top by doekia is now closed to further comments!.   If there is a patch available from Prestashop for 1.7 is there any similar for 1.6

Cheers

Marko

[TillyOak]

.. and counting, another spam registration which says to me they have found a workaround !!!

[dtwfung]

On 4/25/2019 at 3:47 AM, Presta Bucket said:

Hello,

We are developers of this module from the Official Addons Marketplace CAPTCHA Google reCAPTCHA PRO + anti Fake Accounts and it blocks 100% this new Register Spam Invasion.

We also tried this free solution and it worked as well, it blocked the spam.

I have implemented reCAPTCHA solution but can't stop the spam (I don't know how they get around the reCaptcha...) , I also denied those suspicion IPs but no good. Finally, I added above solution (avoid url type of name as customer name )!

 

[dtwfung]

On 4/26/2019 at 1:58 AM, templatetrend said:

Hey 

Prestashop just release the patch for these issue.  It is the common issue. I

This patch was avilable in prestashop 1.7.5.2

Thx. where is the link of the patch mentioned above ?

[TillyOak]

The spammers are finding their way around all of the above fixes, I had another 8 registrations during the night so unless Prestashops upcoming patch is different somehow this is going to become a major headache for most of us!.

The patch is to be available on the next minor upgrade.

Edited April 28, 2019 by ThankBooks (see edit history)

[MacMaster]

Yes, same issue here.

[MacMaster]

When we had spamming on contact form we renamed "contact us" under preferences SEO & URLs. Additionally we removed this section in the site map.

I just did the same procedure for the account creation page "authentication" and deleted all the fake accounts. I will see if that has any effect.

[TillyOak]

1 hour ago, MacMaster said:

When we had spamming on contact form we renamed "contact us" under preferences SEO & URLs. Additionally we removed this section in the site map.

I just did the same procedure for the account creation page "authentication" and deleted all the fake accounts. I will see if that has any effect.

I've resorted to this now too, I did install PrestaPros registration reCaptcha which seemed to work perfectly and stopped the spam registrations but there is currently an issue with captcha not allowing genuine registrations when a customer adds something to their basket first, then tries the instant registration, the captcha just refuses to validate them so for now I've done like you and renamed both the contact and authentication page.   Why Prestashop doesn't have better protection for these forms is totally beyond me, it seems pretty standard everywhere else!

[badger1010]

On 4/26/2019 at 2:09 PM, LauraPresta said:

As i said, blocking IP is not a good solution because the bot will later either change IP or use many IPs.

Now it has changed already : https://www.ip-tracker.org/locator/ip-lookup.php?ip=151.236.24.142

Solution given by badger1010 may be a good way but still not prefect (i didnt checked it precisely yet, ill do later)

Actually i think the only correct option against this bot will be reCaptcha, but for sure you'll lose part of customers that wont registrer because they will have problems with it

 

Since implementing this fix by doekia last week, we have not had one fake registration.

[MacMaster]

13 hours ago, MacMaster said:

When we had spamming on contact form we renamed "contact us" under preferences SEO & URLs. Additionally we removed this section in the site map.

I just did the same procedure for the account creation page "authentication" and deleted all the fake accounts. I will see if that has any effect.

This might have fixed the problem. At least no new fake accounts were created in the last 13 hours.

[TillyOak]

31 minutes ago, MacMaster said:

This might have fixed the problem. At least no new fake accounts were created in the last 13 hours.

I think it certainly moves the goal posts, like other methods, but I wouldn't be celebrating too soon, its likely not too difficult for them to look for other page names, unlikely I think, but not difficult, it just depends on how determined they are but virtually all the methods I've tried so far have either not worked or worked but caused other issues which are potentially more problematic than the spam, but I've renamed our pages too and so far no spam, but not counting my chickens just yet

[MacMaster]

4 minutes ago, ThankBooks said:

I think it certainly moves the goal posts, like other methods, but I wouldn't be celebrating too soon, its likely not too difficult for them to look for other page names, unlikely I think, but not difficult, it just depends on how determined they are but virtually all the methods I've tried so far have either not worked or worked but caused other issues which are potentially more problematic than the spam, but I've renamed our pages too and so far no spam, but not counting my chickens just yet

If someone is determined to access your contact us or account registration page they can always do. However, changing the generic name and preventing indexing will likely move you out of the easy targets.

[TillyOak]

1 minute ago, MacMaster said:

If someone is determined to access your contact us or account registration page they can always do. However, changing the generic name and preventing indexing will likely move you out of the easy targets.

Absolutely, and initially someone else suggested this method on another thread and I doubted it's effectiveness, but rather than continuously jumping around trying to re-code this, that and the other thing, it occured to me that this is a very simple procedure and can be done quicker than deleting a spam registration, from a user point of view it makes virtually no difference to them because they will either click the links or already be logged in anyway, SEO is also negligible as I can't see anyone caring about ranking for a login page, and even if the bots/spammers figure it out, we just rename it again in a few seconds flat.   Moving the goal posts in this way might be a pain for some, but to me it's probably the best solution we all have at the minute, unless we want to pay for a solution, but I'm not 100% convinced even the paid solutions are any more future foolproof than anything we have at the minute.

[EsteEstabaLibre]

Why you delete my post? censorship?, its not possible to talk here openly with respect?. Very bad, moderator. Incredible.

I try again.

Do you think is for this spam attack we can end in a spam black list from google or others as we are involuntary spammers now? This is my bigger concern about this attack as we can´t find a solution working for me. I have not problem deleting fake accounts waiting for a solution.

Moderator Notice no critics about prestashop here.

[TillyOak]

2 minutes ago, esteestalibre said:

Why you delete my post? censorship?, its not possible to talk here openly with respect?. Very bad, moderator. Incredible.

I try again.

Do you think is for this spam attack we can end in a spam black list from google or others as we are involuntary spammers now? This is my bigger concern about this attack as we can´t find a solution working for me. I have not problem deleting fake accounts waiting for a solution.

Moderator Notice no critics about prestashop here.

Disable customer registration confirmation in back office, this way no emails are sent to those registering on your site.

[EsteEstabaLibre]

The hack script send the welcome email even you disabled it, as the opt-in option for example, they mark even when not exist in the registration form.

That was my brilliant solution one week ago but they think on that also.

[TillyOak]

Just now, esteestalibre said:

The hack script send the welcome email even you disabled it, as the opt-in option for example, they mark even when not exist in the registration form.

That was my brilliant solution one week ago but they think on that also.

I didn't receive any bounced mail when I was getting spam registrations, so I'm a tad confused as to how they are managing to do that.   I have disabled most of the other "opt-in" selections also like newsletter, etc, as I don't find the use for them but after renaming the registration page and contact form I've not received any spam registrations at all so for me, so far so good

[EsteEstabaLibre]

I do this DOEKIA solution but not work for me https://area51.enter-solutions.com/snippets/122

I have success message back when apply: "class Validate is now overrided class Customer is now overrided END"

Force compilation + clear caché for nothing. Not work. 25 porn new fake costumers during today and more to comming. Is holliday today in Spain "the workers day" and i´m here like a stupid erasing "Linda and Laura waiting for you". Today they change again to cutt*.us yesterday was from ".de"

I can´t touch too much the code cause we are in high season till july and can´t take the risk to destroy my shop, i try this one because my code are clean as is a native installation but after try this Doekia solution i´m shure if i touch again i start with ugly errors due to mix differents things.

Congratulations to can solved in yours.

[cristianparvu]

Hello,

A little late, but I am currently facing the same SPAM on one of my PrestaShop (version 1.6.1.16) websites.

I tracked down some IP addresses from where the fake accounts are created: 151.236.24.142, 37.235.49.244, 37.235.49.42, 46.22.220.49, 46.22.220.10.

I believe that you can safely block the whole range of IPs for all of the above: 37.235.49.0/24, 151.236.24.0/24, 46.22.220.0/24.

You can check in the X_connections table what IPs are generating multiple connections on the registration page:

SELECT *, INET_NTOA(ip_address) AS IP_Address2, COUNT(INET_NTOA(ip_address))
FROM ps_connections 
WHERE 
    id_page = 2
GROUP BY INET_NTOA(ip_address)
HAVING COUNT(INET_NTOA(ip_address)) > 1
ORDER BY COUNT(INET_NTOA(ip_address)) DESC, DATE_ADD DESC

Good luck!

 

[TillyOak]

Now we've had a spam registration and the referrer was prestashop.com?? Clearly the spammers are active on these forums too as they would have had to follow the link to find the new URL to our registration page.   Worrying to say the least.

[Siku73]

Is it a 1.6 problem? If so, I will migrate to 1.7

I tried Catcha, Ban Ip, rename registration site URL, and the patch from DOEKIA.
None was effective for a long time.

I read in a French topic that it is a flaw in 1.6 to do the DOEKIA-patch because of problems in some Modules.

[TillyOak]

From my understanding it's a Prestashops wide issue affecting how the fields are handled in registration page, it currently allows most characters in these fields which, for reasons best known to themselves, has attracted the spammers.   What I don't understand is the registrations are only shown on the back office and nobody else sees these, it's that I can't understand cause there is no benefit in these registrations to the spammers, it's pretty much a lot of effort for no return, usually the spammers gain something from it by having their URLs in threads or on publicly available member details pages etc but these are only seen by admins! 

[Siku73]

Indeed, for a few years it was also SPAMs like these which only appeared in google analytics results.
In my opinion, that is also a VERY low return of investment, because I guess only a few web owners bothered to look at those results (it is now different)

Strange indeed. 

[TillyOak]

The worrying thing is it seems to be motivated by something, disruption, plain stupidly or just downright experimentation, as we have already had a referral link from Prestashop.com which means they are following these threads and someone had to click the link I placed to my site in one of these threads to generate the referral, presumably, and they either manually entered the spam registration or/and are aware of the changes I made in renaming the registration page, again had to be a human do that presumably as to go to the lengths to automate crawling like this is beyond an idiot, surely!.

My money is on someone dabbling, probably in the hope they can figure bigger things, as without an immediate return on their efforts it looks like they may be planning a more adventurous and worthwhile venture.

[templatetrend]

Hey 

 

You can replace attach file to a root of prestashop. it will solve your issue related customer  fake accounts.

Here is attach file: update.zip

As per new verison in prestahsop 1.7.5.2

 

 

[Lowlow_Be]

On 4/26/2019 at 3:09 PM, LauraPresta said:

As i said, blocking IP is not a good solution because the bot will later either change IP or use many IPs.

Now it has changed already : https://www.ip-tracker.org/locator/ip-lookup.php?ip=151.236.24.142

Solution given by badger1010 may be a good way but still not prefect (i didnt checked it precisely yet, ill do later)

Actually i think the only correct option against this bot will be reCaptcha, but for sure you'll lose part of customers that wont registrer because they will have problems with it

 

Hi!

Have you found a solution ?
I have the exact same bot..at first i bough a module to block by IP and/or country, but after a few days it started again...without registered IP (those damn little f*ckers).

Besides i have a lot of "bad internet users" (shop with mostly 50+ yr customers, which doesn't help hahah) so Captchas are quite the bad move for me.

Edited May 6, 2019 by Lowlow_Be
orthograph (see edit history)

[MacMaster]

31 minutes ago, Lowlow_Be said:

Hi!

Have you found a solution ?
I have the exact same bot..at first i bough a module to block by IP and/or country, but after a few days it started again...without registered IP (those damn little f*ckers).

Besides i have a lot of "bad internet users" (shop with mostly 50+ yr customers, which doesn't help hahah) so Captchas are quite the bad move for me.

We haven't had any problems since we implemented the solution I proposed earlier:

1. Rename "authentication" pages (in all used languages)
2. Remove "authentication"  pages from site-map (perhaps also add to robot.txt, we did not)
3. Delete all fake accounts.

That's it.

[Lowlow_Be]

Ok thanks, I'll do right away.

Cheers !

[STT]

I have Prestashop 1.6.1.19, will the update to 1.6.1.24 help? Or is there a patch for this Prestashop version?

Thanks

[selectshop.at]

OK. I lock this topic. Please see here answer to this problem: