No announcement yet.

Someone is creating new fake affiliate accounts 1700+

  • Filter
  • Time
  • Show
Clear All
new posts

  • Someone is creating new fake affiliate accounts 1700+

    We just discovered someone is creating fake Affiliate accounts on our website, over 1,700!

    It seems to have started on 11/04/2019, averaging 3 accounts a day for months. Then is slowly increase to an average of 6 accounts a day for a couple more months and then 9, etc... Its now averaging 40 accounts a day -consuming bandwidth $.

    No unusual Authorization Failures found during this period.

    Why are they doing this, what do they gain?
    Is there a way to determine IP address for those accounts?

    We are already already taken the following measures for now:
    1. Disable affiliate program option in Admin.
    2. Disabled affiliate log-in page from ReadyTheme navigation set.
    3. Disabled affiliate AFCL page. However, page is still being displayed. How would I stop from that page being displayed?
    Any other suggestions?
    Thank you, Bill Davis

  • Now we are experiencing a spike in "Password Reset Request".
    Last edited by William Davis; 07-31-20, 07:29 AM.
    Thank you, Bill Davis


    • It's typically a 'dumb' person / bot that has misinterpreted your affiliate sign up form for a sign-in form, and they're attempting a credential stuffing attack. This is where an entity is trying a database of stolen user/pass combos against your site to see if it can find any that work, with the hope it then leads them to some way to benefit financially, or so they can use the validated credentials as part of a later phishing attack. The latter is where you first obtain some stolen credentials, find sites where they work, and then you send the intended victim an email that looks like "Your password XYZ on Bill Davis' website has been locked out as part of a security upgrade. Please click 'here' to set a new password" People see a password they recognize and are tricked into thinking the email is legit, they click, provide a new password, and then the attacker tries it at every other place of interest that person may have re-used the password at.

      I'd recommend a web app firewall in front of your store, with particular attention to pages that accept credentials. Cloudflare's $20/mo plan is the most feature-rich for the price point, and you can set up a transparent javascript challenge that tends to get rid of most bots. From a legit shopper's perspective, it would mean when transitioning to a login screen, they'd see a "Testing your browser" screen for a few seconds, no need to click or anything else. The same plan can also be used to throw up a recaptcha challenge to countries or internet providers you're unlikely to see legit traffic from, but still provide a way for legit users to get in. China's national ISP, for example, is a massive source of malicious traffic and little to no legit; similar with certain web service providers. Our staff can help set everything up.
      David Hubbard
      [email protected]



      This website uses cookies to identify visitors, track visitors to our website, store login session information and to remember your user preferences. By continuing to use this site you agree to our use of cookies. Learn More.

      This website uses cookies. By continuing to use this site you agree to our use of cookies. Learn More.