Amember - Always A Hacker Coming In!!!

Discussion in 'Pre-Sales Questions' started by MikeRob, Aug 5, 2009.

  1. MikeRob

    MikeRob New Member

    Joined:
    Dec 31, 2005
    Messages:
    15
    For the price you pay, why do these types of hacks make it through.

    When you look at the payment history, they usually look like this:

    Email: 123@ggg

    Name: tt

    Username: ttt

    Password: tttttd

    And yet they still get my product....

    I think I should switch from Amember to something else...
  2. davidm1

    davidm1 aMember User & Partner

    Joined:
    May 16, 2006
    Messages:
    4,435
    Can you explain how the hacker got in? howd they spoof a payment?

    David
  3. MikeRob

    MikeRob New Member

    Joined:
    Dec 31, 2005
    Messages:
    15
    Yeah, that's what the heck I'm trying to figure out.

    It's simple:

    1) I log into my admin panel, and notice a "payment" that did not make it through, but the person signed up.

    2) I then click on payments and see the user, and every time it is the same sign-up info, which looks something like this:

    Username: tttt
    Password: t
    Email: ggg@fffff.com
    Name: hhh ggg
  4. davidm1

    davidm1 aMember User & Partner

    Joined:
    May 16, 2006
    Messages:
    4,435
    Whats in your error log?
    What about your hosts logs for that time period?

    David
  5. skippybosco

    skippybosco CGI-Central Partner Staff Member

    Joined:
    Aug 22, 2006
    Messages:
    2,526
    So the payment is pending (ie. not active).. users can create accounts in the system without completing a payment, but they must have an active subscription to be able to access protected content.

    If the payment is not marked as "active" then they will not have access to anything other than their member / profile page.

    This sounds like someone is creating fake accounts.. if it is consistently coming from the same IP you can ban that IP..
  6. xbok

    xbok New Member

    Joined:
    Aug 5, 2009
    Messages:
    6
    skippybosco => you shed light I thought they hack easy amember.

    Now I feel proud to have a amember script.
  7. MikeRob

    MikeRob New Member

    Joined:
    Dec 31, 2005
    Messages:
    15
    Ah, ok, thank you for the explanation.

    I always thought they were getting through for some reason, but it's just fake accounts I guess.
  8. pamphile

    pamphile New Member

    Joined:
    Aug 29, 2006
    Messages:
    18

    LOL @ everythhing

    It's not a fake account, they created an account. Now you can stay in contact and send them coupons, offers and encourage them to pay.
  9. skippybosco

    skippybosco CGI-Central Partner Staff Member

    Joined:
    Aug 22, 2006
    Messages:
    2,526
    Not sure if you saw the example he posted above. I suspect he won't have much luck encouraging "hhh ggg" at his ggg@fffff.com email address ;)

Share This Page