Bots registering accounts Bots registering accounts
Posts 1 to 7 of 7
  1. #1

    Contractor Among Contractors


    Join Date
    Oct 2007
    Posts
    1,026

    Default Bots registering accounts

    I have an e-commerce website and recently I’ve noticed a lot of new accounts being registered with long random strings as account names and bogus credentials. These accounts obviously don’t order anything.

    What’s their game? What are they attempting to achieve?

    Any ideas welcome

  2. #2

    More fingers than teeth

    xoggoth's Avatar
    Join Date
    Jul 2005
    Location
    xoggoth towers
    Posts
    13,763

    Default

    It may help to find where they came from. Is your site aimed at UK users? If so, real users are more likely to be from UK and use recognisable British internet suppliers, BT, Virgin etc. I found most of the garbage visits to my site have come from Russia etc.

    In PHP this is really simple, get the ip and internet supplier with:

    $ip=$_SERVER['REMOTE_ADDR'];
    $addr = gethostbyaddr($ip);

    Then use IP2C to get the country:

    ip2c.org | free IP to Country server | self-updating every day
    Last edited by xoggoth; 5th May 2020 at 19:30.
    bloggoth

    If everything isn't black and white, I say, 'Why the hell not?'
    John Wayne (My guru, not to be confused with my beloved prophet Jeremy Clarkson)

  3. #3

    More fingers than teeth

    xoggoth's Avatar
    Join Date
    Jul 2005
    Location
    xoggoth towers
    Posts
    13,763

    Default

    As to why, I suspect they often target small sites just for practice. I've had various pointless uncompleted purchases, emails, and even tinkerings with the database before I upped the security. No obvious gain for them.
    bloggoth

    If everything isn't black and white, I say, 'Why the hell not?'
    John Wayne (My guru, not to be confused with my beloved prophet Jeremy Clarkson)

  4. #4

    More time posting than coding


    Join Date
    May 2018
    Posts
    358

    Default

    I wonder if they aren't part of an entire profile that is then sold on the dark web. If you've got a big list of stolen credit card numbers and want to test them or use them to make purchases, you could buy a package of already established profiles that are already signed up for various e commerce sites.

    That's my guess anyway.

  5. #5

    Super poster

    Hobosapien's Avatar
    Join Date
    Feb 2016
    Location
    LA - la la fantasy land
    Posts
    2,954

    Default

    If various information is only provided to users rather than visitors then they may be registering dummy accounts to access that data for web scraping or other means.

    They may also be part of some penetration testing to find any weaknesses they can exploit for whatever reason, such as if they think you have a list of customers and their details and maybe payment details vulnerable to such exploits.

    Look at putting in additional verification steps for new accounts, such as an email link to complete registration so at least the email account must be valid, and ensure only one registration per email account, if only to slow them down and disuade any 'script kiddies' messing about either for entertainment or something more nefarious.

    Also worth checking with any others in the business (if applicable) that they're not doing this to massage the user numbers for some reason, such as to hit any targets for sales and marketing.
    Maybe tomorrow, I'll want to settle down. Until tomorrow, I'll just keep moving on.

  6. #6

    More time posting than coding

    darrylmg's Avatar
    Join Date
    Sep 2012
    Location
    UK - South West
    Posts
    277

    Default

    Quote Originally Posted by Archangel View Post
    I have an e-commerce website and recently I’ve noticed a lot of new accounts being registered with long random strings as account names and bogus credentials. These accounts obviously don’t order anything.

    What’s their game? What are they attempting to achieve?

    Any ideas welcome
    Any pattern to the creation date/time?
    E.g all created within 5 secs of each other.

    Are the account names with long strings in the format of GUIDs?


    If yes to all the above, then it's possible it's an automated hacking tool trying different ways of submitting the signup data to compromise the site.

    See if you can stick a CAPTCHA on the front of the signup process.
    Everyone loves a good CAPTCHA!

    Sent from my SM-T835 using Contractor UK Forum mobile app
    Don't believe it, until you see it!

  7. #7

    Contractor Among Contractors


    Join Date
    Oct 2007
    Posts
    1,026

    Default

    Thanks for the help, some food for thought.

    (The accounts are happening at a rate of about 1 per day, from all over the globe, the account names are like this
    First name: iNvHXJCQlmncEuFf
    Last name: kvpBILhXamZKrj)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •