# Fake customer accounts keep poping up!



## InuitArt (Sep 16, 2012)

*Hello*

I assist an Internet based business in a technical capacity. I am not sure how to deal with this problem..
*
Issue:* An agent or bot from another website or group of websites are more and more frequently creating bogus accounts which we have to weed out every day. It is time consuming and annoying. We are able "if we catch them in the process" to obtain such information as IP address, Location, and website. Seems to be the same entity each time placing a variety of bogus account info..

*Question:* Is there a way to report or block such websites effectively so as to shut them down or at least black list them? What else can I do?

All thoughts are appreciated..

*Thank You very much*


----------



## dukevyner (Nov 4, 2011)

Welcome to T.S.G. My first thought is to to have what ever processes the account activation, to check the users ip against a list of blocked ones...you could do this you're self using a server side script such as php. one problem with this is that this would be useless if they are smart enough to use a proxy... although there are ways to detect and block proxies(but alot of people use them now) 2. second this would be to put a captcha on the form to signup for an account... this would stop bots and at least discourage humans who are creating the fake accounts

Hope this helps,


----------



## InuitArt (Sep 16, 2012)

I think I have figured out how to block specific IP addresses by adding each new offending IP to a .htaccess.txt file and uploading that to my sites root directory. Most of these IP's originate from the Ukraine so I have subscribed to a service which supposedly provides an up to date listing (ACL) of all IP's from the country in question. However all IP's are NOT listed and some are getting through. I then just add the new ones to the list on file. I am not sure if I have done this correctly to effectively block these IP's. hmmm.

Is there a listing of bad bots I should be blocking as well? A lot of suspicious activity still. 

Appreciate the advise! Thanks


----------



## InuitArt (Sep 16, 2012)

Well thats not working.. even the IP's I block via .htaccess.txt are still getting through. The last IP I blocked was one again creating another account today.

I have attached the file so you tech guys can have a look and tell me what I am doing wrong.

he he
Thanks


----------



## ehymel (Aug 12, 2007)

As Luke suggested, adding captcha to your signup form should help a lot.

In your .htaccess file (I'm certainly no expert) it seems that your 'order' line should be changed to 

order deny, allow

The way you have it, apache will process the allow lines first, and since you specify 'allow from all' then that's what will happen. The rest (deny from ...) will be ignored.


----------



## allnodcoms (Jun 30, 2007)

Hi Andrew,

Automated sign ups are a pain that we have to deal with a lot, it's not good, but it's not too hard to avoid. Here's a few tips that should help you out:

CAPTCHA works. Most of these attacks use scripts, so no person is actually present to read the codes, and using a visual cue (that a script can't _see_) will drastically reduce the number of bogus sign ups. Trust me on this one...
Try blacklisting on the server side. Add your dodgy IPs to a database table and check them on form submission. Unlike htaccess you wont stop them viewing the page and interacting with your content, you'll just stop them from actually signing up. There is also the advantage of being able to reverse DNS the IP and get a readable string that you can pattern match with RegEx (or similar) to filter out similar IP strings with different numeric addresses.
Sending page validation helps. Because these sign ups use scripts that bypass your page (or at least side-step it) you can add physical interaction checks through DOM events. With a 'real' sign up, somebody has to actually type something and / or click with the mouse. When you get a key down or mouse down event, set a hidden variable in the form to some sort of obscure value that can be reverse engineered by the receiving code. If these fields are not present, or make no sense, then it was probably initiated by a bot. In this case, add the URL to your blacklist table and bomb them out.

These are the corner stones of a secure signup, and implementing these will deter 99.9% of hack attempts. There are a few other sneaky little tricks you could employ - but if I told you those I'd have to kill you... 

Danny


----------



## iwin_it (Nov 28, 2012)

Try providing an email Activation. This helps in decreasing spams. Then you can track IP in your server itself and can bann it form there itself.


----------

