Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Some kind of attack? WHMCS Fake Orders
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Some kind of attack? WHMCS Fake Orders

randvegetarandvegeta Member, Host Rep

One of our our brands is getting a new order every 1-3 minutes. New accounts generated, new orders, new invoice. Looks automated (despite having a captcha).

Inbox is getting flooded with all these 'new order' emails, and now we need to do some house keeping to get rid of the junk registrations.

Interestingly, every E-mail and IP is different.

Is this some sort of an attack? Anyone else see this?

«134

Comments

  • vpsGODvpsGOD Member, Host Rep

    same thing happening to us for past 2 days even we have captcha

    Screenshot http://prntscr.com/j7dou1

    Added some emails host( http://prntscr.com/j7dpj4 ) to banlist. Now seems registration reduced

  • This screenshot explains it all.

  • randvegetarandvegeta Member, Host Rep

    Interesting. This is exactly what we see! WTF is going on?

  • AlexBarakovAlexBarakov Patron Provider, Veteran

    You got posted on some Chinese board. Watch out for all the chargebacks incoming.

    /jk

    Thanked by 1doughmanes
  • vpsGODvpsGOD Member, Host Rep

    @AlexBarakov Just registration they doing.

    Even they place order for few account.. none paid

    Total we having 85 record with such registration.. only 4 placed order(not paid) and gone away

  • I believe they are looking for hosts that activate services before payment, as to be able to abuse them.

  • NeoonNeoon Community Contributor, Veteran

    @FlamesRunner said:
    I believe they are looking for hosts that activate services before payment, as to be able to abuse them.

    Why? No one gives me candy without I am paying for it.

    If you have a good standing, some companies do that, but if you create a new account, no.

  • deankdeank Member, Troll

    This has always been there. It's just like a wave; comes and goes.

  • ClouviderClouvider Member, Patron Provider

    @Neoon said:

    @FlamesRunner said:
    I believe they are looking for hosts that activate services before payment, as to be able to abuse them.

    Why? No one gives me candy without I am paying for it.

    If you have a good standing, some companies do that, but if you create a new account, no.

    Unless misconfigurstion.

  • CConnerCConner Member, Host Rep

    @FlamesRunner said:
    I believe they are looking for hosts that activate services before payment, as to be able to abuse them.

    What host even does that?

  • deankdeank Member, Troll
    edited April 2018

    @CConner said:
    What host even does that?

    One is misconfig on host's part.

    Another is that this used to be a trend about a decade ago. Those who were advertising "Instant setup" seldom did this. There used to be numerous threads about host complaining about abuses on WHT a long time ago.

  • WebProjectWebProject Host Rep, Veteran

    we had the same issue the another day - just used the rule at Fraudlab to ban whole country (as in our example it was China) and at seems to me it worked as some people can’t be bothered to use VPN to by pass rules.

  • randvegetarandvegeta Member, Host Rep

    How are they bypassing the Captcha?

  • @Neon
    @Clouvider

    Just a speculation, anyway. Misconfiguration seems to be a likely option, since the signups don't involve client detail changes to attempt SQL injection.

  • deankdeank Member, Troll
    edited April 2018

    Manual signups.

  • NeoonNeoon Community Contributor, Veteran

    @randvegeta said:
    How are they bypassing the Captcha?

    You do not need to bypass it, a simple bot can do it, there are services, that resolve captchas for you.

  • randvegeta said: How are they bypassing the Captcha?

    The WHMCS standard one? That is pretty poor, deathbycaptcha and a bunch of other automated attempts would circumvent it. The only half decent implementation is google recaptcha.

    Thanked by 1CrossBox
  • akbakb Member

    @ricardo said: The only half decent implementation is google recaptcha.

    deathbycaptcha and other such services are stating support for recaptcha too:

    New reCAPTCHA / noCAPTCHA API support!

  • AnthonySmithAnthonySmith Member, Patron Provider

    CConner said: What host even does that?

    EDIS used too, not sure if they still do, I assume not.

  • pikepike Veteran

    @randvegeta said:
    How are they bypassing the Captcha?

    Google for "earn bitcoin for solving captcha" and you know it.

  • lazytlazyt Member

    Wasn't there an hack a few years ago where WHMCS could be faked into giving free services?

  • @CConner said:

    @FlamesRunner said:
    I believe they are looking for hosts that activate services before payment, as to be able to abuse them.

    What host even does that?

    One is netcup; they generate an invoice upon ordering but actually gives up to 14 days for you to settle your bill.

  • CConnerCConner Member, Host Rep

    @deank said:

    @CConner said:
    What host even does that?

    One is misconfig on host's part.

    Another is that this used to be a trend about a decade ago. Those who were advertising "Instant setup" seldom did this. There used to be numerous threads about host complaining about abuses on WHT a long time ago.

    Cool. Thanks!

  • cociucociu Member

    i face every day 2-5 orders and finnaly nobody pay.

  • donlidonli Member

    @cociu said:
    i face every day 2-5 orders and finnaly nobody pay.

    As long as they don't do chargebacks.

  • the infamour qq.com strikes again.

  • AlexanderMAlexanderM Member, Top Host, Host Rep

    @cociu said:
    i face every day 2-5 orders and finnaly nobody pay.

    This is very common, same issue for us.

  • @cociu said:
    i face every day 2-5 orders and finnaly nobody pay.

    I ever did this, I would apologize if you were upset. I hope rational consumption and there is a certain probability that I am successful.

  • @cociu said:
    i face every day 2-5 orders and finnaly nobody pay.

    They're idiots.

    Thanked by 1elliotc
  • Btw, atm the captcha bot industry is beating the captcha industry.

    http://www.deathbycaptcha.com/

    The goal of this is like said above, to test for WHMCS businesses to have auto provision on invoice creation for abuse purposes. It's probably all bots, but even a recaptcha can be solved by a bot. Default WHMCS captcha certainly.

Sign In or Register to comment.