VP-ASP :: Shopping Cart Software

Shopping Cart Software Solutions for anywhere in the World

US/Canada(Toll Free): +1 888 587 2278
Europe/UK: +44 (020) 7193 9408
Australia/New Zealand: +61 3 9016 4497

VP-ASP Shopping Cart Customer Forum

Home | Profile | Register | Active Topics | Members | Search | FAQ
Username:
Password:
Save Password
Forgot your Password?

 All Forums
 VPCart Forum
 Credit card fraud and hackers
 MS Access Database - Bogus Customers Hack?
 New Topic  Reply to Topic
 Printer Friendly
Author Previous Topic Topic Next Topic  

wooddsw
Starting Member

USA
4 Posts

Posted - November 16 2008 :  21:07:55  Show Profile  Visit wooddsw's Homepage  Reply with Quote
I've have for awhile been getting bogus customers being created in my MS Access Database. It doesn't appear that any other tables have been affected. Does anyone know if this is a hack and whether there is a fix to block these bogus customers?

Lori Titus
VP-ASP New User

126 Posts

Posted - November 20 2008 :  13:36:35  Show Profile  Visit Lori Titus's Homepage  Reply with Quote
I get bogus customers when someone starts going through the checkout process just to see what shipping is, then abandons the process. I'm not certain I would worry about this, unless it looks like there are some attempts at SQL injections.

In my 'copious spare time', I periodically delete bogus accounts as I come across them. Things like street: asdf is kinda a clue.

The Internet's #1 supplier of honey and beeswax.
Go to Top of Page

wooddsw
Starting Member

USA
4 Posts

Posted - January 13 2009 :  19:51:42  Show Profile  Visit wooddsw's Homepage  Reply with Quote
These are not abandon checkout processes. Below is an example of the garbage. You'll see that most of the corruption is in the address information and certainly doesn't look like an abandon process. I've also experience identical name information with the same kind of addres giberish.

If anyone has experienced this and has a suggested fix I'd appreciate it. So far this doesn't appear to be impacting any other tables in my MDB but I'd like to secure this more tightly if I can.


contactid firstname lastname address city state postcode country company phone workphone mobilephone fax email contacttypeid comments contactreason logincount lastlogindate website password discount custother1 accountno cardno cardexpires cardname cardaddress cardcvn maillist productgroup cookiequestion pointstotal pointsremaining vatnumber userid hearaboutus address2 taxexempt authorized
701 OldSt1l3 OldSt1l3 gqPHcZxmEhMbFNh CWEbtRFaYJRknZOh OR eCCTSutqfCkd TK alKDUPkVRAcIkB qeoZlTOwlSZ [email protected] Registration 1 1/13/2009 0 No Yes 0 0 Search Engine
Go to Top of Page

lynch
VP-ASP New User

USA
74 Posts

Posted - January 14 2009 :  13:09:20  Show Profile  Reply with Quote
What kinds of web analytics software do you have? Someone may have a script running somewhere that posts a form to your site.

If you can check visitor's "entry pages" (the first thing they see on your site) and see a lot of entries on a POST request, that's what you've got.

I get the same kind of junk in some non-VPASP forms on my web site. I think it's probably people trying to generate spam for e-mails or linking purposes.
Go to Top of Page
  Previous Topic Topic Next Topic  
 New Topic  Reply to Topic
 Printer Friendly
Jump To:
Snitz Forums 2000