November 16th, 2012, 04:27 AM
Tired of fake accounts with hotmail, match name with address help
I made a start of this code but i need some help.
We're getting tired of frauds trying to make a buck with fake accounts.
What we want to do is block people using the following sort of method:
Their names are normal, like "John James", with an email like "bigman23454@hotmail..."
These accounts are flagged immediately, but i want to prevent them for becoming as member at all. Nothing good comes of these people.
I have this:
Tried this line too:
$fname = "pp";
$lname = "gtr";
$email = "email@example.com";
echo (preg_match("/^([$fname\._-|$lname\._-])*@([hotmail])+([a-zA-Z0-9\._-]+)+$/", $email)==TRUE)?"Good":"Bad";
echo (preg_match("/^([$fname\._-])+([$lname\._-])*@([hotmail])+([a-zA-Z0-9\._-]+)+$/", $email)==TRUE)?"Good":"Bad";
It does not work 100%. It does some, but not right;-)
November 16th, 2012, 04:54 AM
filtering a specific email pattern makes no sense to me, since this will also block legitimate users.
Are those "people" you want to get rid of actual people or bots? Because most bots are pretty stupid and can be detected easily by using hidden fields. I also had a problem with massive fake registrations in my forum and could fight them off completely just by making the standard phpbb registration fields hidden. If a user still fills out the fields, it's obviously a bot. The great thing about this is that legitimate users aren't bothered at all (in contrast to captchas).
November 16th, 2012, 06:25 AM
Its actually a precaution for 'real' cheaters i guess. No bots.
We own a cashback program, these people register and find the stores where they can get most money back, then go to that store and try to fake orders. We have already been canned by 4 stores due to these people that tried to cheat their way into getting cashback.
What works for now, is the following:
However i do of course agree with you on all counts, we just have to make it work, somehow.
I do know however that real, honest people use real, normal emailadresses. If the small % of people that use these weird hotmail addresses get halted by this method, i do present them with a nice note explaining why. I am sure they will not be offended.
Any other method is welcome.
November 16th, 2012, 06:57 AM
What i am wondering though is, where do all these people come from. They outnumber the amount of real members at this time (this week only). Our stats show no referrers so it is hard to pinpoint where they come from. A dead giveaway is the different IP's they use, which we DO keep track of.
November 16th, 2012, 06:39 PM
I'd still try hidden fields, because I can hardly believe that those frauds actually fill out the registration fields by hand. The registration is probably done by bots and only the orders by actual people (if at all).
Apart from that, there's no technical solution for this problem. If those people aren't completely braindead, they'll soon figure out that you have blacklisted hotmail addresses, and they'll simply switch to gmail or whatever.
November 17th, 2012, 06:29 AM
They already tried with gmail, mail15, rocketmail. All added to my routine and registrations stopped immediately after that. For now;-)
Originally Posted by Jacques1
August 29th, 2013, 06:58 AM
Did you ever find a more elegant solution or have results on this one? We're having the same issue with our android app.
August 29th, 2013, 07:40 AM
Please read the whole dicussion.
Originally Posted by chouchoo
You cannot stop humans from registering at a public website. If you block a certain freemailer, the bad guys will simply switch to another one. At the same time, you'll lose many legitimate users, because those usually don't have hundreds of email accounts to choose from.
What you need to do is fix your application and make it fit for real life. A registration can be done by anyone at any time as often as they want, so if you put any weight on this, you're doing it wrong.
August 29th, 2013, 08:04 AM
why dont you have a "link" sent to the email account so that person cannot use the site until he/she actually clicks on that link. if it is a fake email address, that email wont go anywhere
August 29th, 2013, 06:03 PM
Jacques, one major difference for ours is that we automate the creation of an account on our Android app using a device UID so we can keep track of their stuff server side. They have to register later when they want to do more actions. The problem is that the spoofed devices are creating fraud for our advertisers since they aren't real devices and can still use the app prior to registration
Originally Posted by Jacques1
We need a better way to detect spoofed device and then allow/disable use of the app from the start, not really a registration issue for us.