No announcement yet.

Someone is creating new fake customers accounts

  • Filter
  • Time
  • Show
Clear All
new posts

    Mike521w So this is what I came up with: The JS contains everything you need to interact with the module. You no longer need to make any modification or entries to the pages themselves. There is a small section at the top of the JS that defines your settings. Settings are API endpoint, site key, and desired action watch list that can either be every default action OR just the same actions that you define in the module. The JS loads the API into memory on page load. Then it scans the page for those Miva hidden action value = "LOGN" (or which ever) inputs that are in the forms. It compares what it finds on the page to the list of monitored actions placed at the top of the JS file. It then creates the hidden input entry for the token that would normally be manually entered into the HTML. Then it attaches an event to the submit action of the form, interrupts the default submit, sends and waits for the token, and then programmatically "submits" the form.

    When you add the JS to the Miva resources, you have to enable it for every page you want the JS to run on. I guess you could leave it global, but I chose not to. You also need to select the Resource Group for the JS to be in the head_tag.

    Seems to work well so far!


      Ours is done FWIW and will be available on Monday.

      Rick Wilson
      Miva, Inc.
      [email protected]


        Rick Wilson Thanks!! I will definitely check it out.


          Originally posted by Rick Wilson View Post
          Ours is done FWIW and will be available on Monday.
          I wonder if we need to move or start this thread up in the Miva 10 forum - so as not to confuse those who might be looking for an MM10 solution. This thread has been going on since 2019.
          Leslie Kirk
          Miva Certified Developer
          Miva Merchant Specialist since 1997
          Previously of Webs Your Way
          (aka Leslie Nord leslienord)

          Email me: [email protected]

          Follow me: Twitter | Facebook | FourSquare | Pinterest | Flickr


            Just recently had this issue mostly solved with a client. Generally, fake accounts were being created and accounts were being password tested. The solution turned out to be Cloudflare DNS. The free version was all that was needed to have a secure DNS. CF seems to do a good job of keeping out the bad bots, etc.

            Need to offer Shipping Insurance?
            Interactive Design Solutions
            MivaMerchant Business Partner | Certified MivaMerchant Web Developer
            Competitive Rates, Custom Modules and Integrations, Store Integration
            AutoBaskets|Advanced Waitlist Integration|Ask about Shipping Insurance Integration
            My T-shirt Collection is mostly MivaCon T-shirts!!