Jump to content

Amazon IP Accessing page mystery


jakebur01

Recommended Posts

I have a registration page that mails a link to the users email.

The link in the email takes the user to the activation page which sends out a welcome email and updates the database as activated if the user is not already activated.

For some reason, this page is being accessed by an Amazon ip address with multiple browsers in the user_agent.  Whatever this is is automatically activating my users and sending them a welcome email without them even accessing the page.

The only suspect I can think of is I have a javascript snippit for google ads and also facebook on some of my pages.  I don't know if they could somehow be accessing the page or not.

It must be following the activation link in the mail() script I have on the registration page.

I'm mailing myself the following when the activation page is accessed.  I get an amazon ip, multiple browsers, and no referer.

$browser = $_SERVER['HTTP_USER_AGENT'];
$ip = $_SERVER['REMOTE_ADDR'];
$referer = $_SERVER['HTTP_REFERER'];

 

Link to comment
Share on other sites

The link just contains their id url encoded and the activation page checks to see if it’s already activated.  This IP address is accessing the page the moment the user is registered and the email is sent out to them from the registration page.

Another user signed up and a different ip address accessed the activation page the moment their check your email for verification email with the link was sent to them.  I looked that address up and it was also from amazon data.

Edited by jakebur01
Link to comment
Share on other sites

3 hours ago, mac_gyver said:

does the activation link contain a run-once unique token? this would let you know if something is just submitting email addresses or actually has access to the content in the emails.

Yes. It is the full link with the variables in the url that is being run.

Link to comment
Share on other sites

3 minutes ago, jakebur01 said:

The bot would have to be accessing the page at the moment the user is clicking the submit button on the register page.  How does the bot know the page exists?

The bot is the user. Their creators realized you're constructing predictable confirmation URLs so their bots don't have to wait for anything: submit form data, hit confirmation page, have working account.

CAPTCHA, and don't use predictable confirmation URLs. You should be using some sort of random token instead.

Link to comment
Share on other sites

32 minutes ago, requinix said:

The bot is the user. Their creators realized you're constructing predictable confirmation URLs so their bots don't have to wait for anything: submit form data, hit confirmation page, have working account.

CAPTCHA, and don't use predictable confirmation URLs. You should be using some sort of random token instead.

There are two pages.  auth_registration and auth_activate.  I myself submit the form on auth_registration using one of my emails and immediately the auth_activate page is accessed.

I'm suspect of these facebook and google ad trackers that track registration and purchase:

<script async src="https://www.googletagmanager.com/gtag/js?id=AW-36573573"></script>
<script>
  window.dataLayer = window.dataLayer || [];
  function gtag(){dataLayer.push(arguments);}
  gtag('js', new Date());

  gtag('config', 'AW-3763567');
</script>


<!-- Facebook Pixel Code -->
<script>
  !function(f,b,e,v,n,t,s)
  {if(f.fbq)return;n=f.fbq=function(){n.callMethod?
  n.callMethod.apply(n,arguments):n.queue.push(arguments)};
  if(!f._fbq)f._fbq=n;n.push=n;n.loaded=!0;n.version='2.0';
  n.queue=[];t=b.createElement(e);t.async=!0;
  t.src=v;s=b.getElementsByTagName(e)[0];
  s.parentNode.insertBefore(t,s)}(window, document,'script',
  'https://connect.facebook.net/en_US/fbevents.js');
  fbq('init', '36573737376');
  fbq('track', 'PageView');
</script>
<noscript><img height="1" width="1" style="display:none"
  src="https://www.facebook.com/tr?id=65474567&ev=PageView&noscript=1"
/></noscript>
<!-- End Facebook Pixel Code -->

 

Link to comment
Share on other sites

20 minutes ago, jakebur01 said:

I'm suspect of these facebook and google ad trackers that track registration and purchase:

Then get rid of them and see if anything changes.

Have you seen this with any registration or just ones you're trying to do as a test?  Have you tried different email clients?  Maybe you have something running that's scanning your incoming email and following links.

 

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.