New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Some kind of attack? WHMCS Fake Orders
randvegeta
Member, Host Rep
in General
One of our our brands is getting a new order every 1-3 minutes. New accounts generated, new orders, new invoice. Looks automated (despite having a captcha).
Inbox is getting flooded with all these 'new order' emails, and now we need to do some house keeping to get rid of the junk registrations.
Interestingly, every E-mail and IP is different.
Is this some sort of an attack? Anyone else see this?
Comments
same thing happening to us for past 2 days even we have captcha
Screenshot http://prntscr.com/j7dou1
Added some emails host( http://prntscr.com/j7dpj4 ) to banlist. Now seems registration reduced
This screenshot explains it all.
Interesting. This is exactly what we see! WTF is going on?
You got posted on some Chinese board. Watch out for all the chargebacks incoming.
/jk
@AlexBarakov Just registration they doing.
Even they place order for few account.. none paid
Total we having 85 record with such registration.. only 4 placed order(not paid) and gone away
I believe they are looking for hosts that activate services before payment, as to be able to abuse them.
Why? No one gives me candy without I am paying for it.
If you have a good standing, some companies do that, but if you create a new account, no.
This has always been there. It's just like a wave; comes and goes.
Unless misconfigurstion.
What host even does that?
One is misconfig on host's part.
Another is that this used to be a trend about a decade ago. Those who were advertising "Instant setup" seldom did this. There used to be numerous threads about host complaining about abuses on WHT a long time ago.
we had the same issue the another day - just used the rule at Fraudlab to ban whole country (as in our example it was China) and at seems to me it worked as some people can’t be bothered to use VPN to by pass rules.
How are they bypassing the Captcha?
@Neon
@Clouvider
Just a speculation, anyway. Misconfiguration seems to be a likely option, since the signups don't involve client detail changes to attempt SQL injection.
Manual signups.
You do not need to bypass it, a simple bot can do it, there are services, that resolve captchas for you.
The WHMCS standard one? That is pretty poor, deathbycaptcha and a bunch of other automated attempts would circumvent it. The only half decent implementation is google recaptcha.
deathbycaptcha and other such services are stating support for recaptcha too:
EDIS used too, not sure if they still do, I assume not.
Google for "earn bitcoin for solving captcha" and you know it.
Wasn't there an hack a few years ago where WHMCS could be faked into giving free services?
One is netcup; they generate an invoice upon ordering but actually gives up to 14 days for you to settle your bill.
Cool. Thanks!
i face every day 2-5 orders and finnaly nobody pay.
As long as they don't do chargebacks.
the infamour qq.com strikes again.
This is very common, same issue for us.
I ever did this, I would apologize if you were upset. I hope rational consumption and there is a certain probability that I am successful.
They're idiots.
Btw, atm the captcha bot industry is beating the captcha industry.
http://www.deathbycaptcha.com/
The goal of this is like said above, to test for WHMCS businesses to have auto provision on invoice creation for abuse purposes. It's probably all bots, but even a recaptcha can be solved by a bot. Default WHMCS captcha certainly.