jakebur01 Posted November 27, 2019 Share Posted November 27, 2019 I have a registration page that mails a link to the users email. The link in the email takes the user to the activation page which sends out a welcome email and updates the database as activated if the user is not already activated. For some reason, this page is being accessed by an Amazon ip address with multiple browsers in the user_agent. Whatever this is is automatically activating my users and sending them a welcome email without them even accessing the page. The only suspect I can think of is I have a javascript snippit for google ads and also facebook on some of my pages. I don't know if they could somehow be accessing the page or not. It must be following the activation link in the mail() script I have on the registration page. I'm mailing myself the following when the activation page is accessed. I get an amazon ip, multiple browsers, and no referer. $browser = $_SERVER['HTTP_USER_AGENT']; $ip = $_SERVER['REMOTE_ADDR']; $referer = $_SERVER['HTTP_REFERER']; Quote Link to comment https://forums.phpfreaks.com/topic/309588-amazon-ip-accessing-page-mystery/ Share on other sites More sharing options...
requinix Posted November 27, 2019 Share Posted November 27, 2019 2 hours ago, jakebur01 said: For some reason, this page is being accessed by an Amazon ip address with multiple browsers in the user_agent. Bots. Use a CAPTCHA. Quote Link to comment https://forums.phpfreaks.com/topic/309588-amazon-ip-accessing-page-mystery/#findComment-1571936 Share on other sites More sharing options...
mac_gyver Posted November 27, 2019 Share Posted November 27, 2019 does the activation link contain a run-once unique token? this would let you know if something is just submitting email addresses or actually has access to the content in the emails. Quote Link to comment https://forums.phpfreaks.com/topic/309588-amazon-ip-accessing-page-mystery/#findComment-1571937 Share on other sites More sharing options...
jakebur01 Posted November 27, 2019 Author Share Posted November 27, 2019 (edited) The link just contains their id url encoded and the activation page checks to see if it’s already activated. This IP address is accessing the page the moment the user is registered and the email is sent out to them from the registration page. Another user signed up and a different ip address accessed the activation page the moment their check your email for verification email with the link was sent to them. I looked that address up and it was also from amazon data. Edited November 27, 2019 by jakebur01 Quote Link to comment https://forums.phpfreaks.com/topic/309588-amazon-ip-accessing-page-mystery/#findComment-1571941 Share on other sites More sharing options...
jakebur01 Posted November 28, 2019 Author Share Posted November 28, 2019 3 hours ago, requinix said: Bots. Use a CAPTCHA. The bot would have to be accessing the page at the moment the user is clicking the submit button on the register page. How does the bot know the page exists? Quote Link to comment https://forums.phpfreaks.com/topic/309588-amazon-ip-accessing-page-mystery/#findComment-1571949 Share on other sites More sharing options...
jakebur01 Posted November 28, 2019 Author Share Posted November 28, 2019 3 hours ago, mac_gyver said: does the activation link contain a run-once unique token? this would let you know if something is just submitting email addresses or actually has access to the content in the emails. Yes. It is the full link with the variables in the url that is being run. Quote Link to comment https://forums.phpfreaks.com/topic/309588-amazon-ip-accessing-page-mystery/#findComment-1571950 Share on other sites More sharing options...
requinix Posted November 28, 2019 Share Posted November 28, 2019 3 minutes ago, jakebur01 said: The bot would have to be accessing the page at the moment the user is clicking the submit button on the register page. How does the bot know the page exists? The bot is the user. Their creators realized you're constructing predictable confirmation URLs so their bots don't have to wait for anything: submit form data, hit confirmation page, have working account. CAPTCHA, and don't use predictable confirmation URLs. You should be using some sort of random token instead. Quote Link to comment https://forums.phpfreaks.com/topic/309588-amazon-ip-accessing-page-mystery/#findComment-1571951 Share on other sites More sharing options...
jakebur01 Posted November 28, 2019 Author Share Posted November 28, 2019 32 minutes ago, requinix said: The bot is the user. Their creators realized you're constructing predictable confirmation URLs so their bots don't have to wait for anything: submit form data, hit confirmation page, have working account. CAPTCHA, and don't use predictable confirmation URLs. You should be using some sort of random token instead. There are two pages. auth_registration and auth_activate. I myself submit the form on auth_registration using one of my emails and immediately the auth_activate page is accessed. I'm suspect of these facebook and google ad trackers that track registration and purchase: <script async src="https://www.googletagmanager.com/gtag/js?id=AW-36573573"></script> <script> window.dataLayer = window.dataLayer || []; function gtag(){dataLayer.push(arguments);} gtag('js', new Date()); gtag('config', 'AW-3763567'); </script> <!-- Facebook Pixel Code --> <script> !function(f,b,e,v,n,t,s) {if(f.fbq)return;n=f.fbq=function(){n.callMethod? n.callMethod.apply(n,arguments):n.queue.push(arguments)}; if(!f._fbq)f._fbq=n;n.push=n;n.loaded=!0;n.version='2.0'; n.queue=[];t=b.createElement(e);t.async=!0; t.src=v;s=b.getElementsByTagName(e)[0]; s.parentNode.insertBefore(t,s)}(window, document,'script', 'https://connect.facebook.net/en_US/fbevents.js'); fbq('init', '36573737376'); fbq('track', 'PageView'); </script> <noscript><img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=65474567&ev=PageView&noscript=1" /></noscript> <!-- End Facebook Pixel Code --> Quote Link to comment https://forums.phpfreaks.com/topic/309588-amazon-ip-accessing-page-mystery/#findComment-1571953 Share on other sites More sharing options...
kicken Posted November 28, 2019 Share Posted November 28, 2019 20 minutes ago, jakebur01 said: I'm suspect of these facebook and google ad trackers that track registration and purchase: Then get rid of them and see if anything changes. Have you seen this with any registration or just ones you're trying to do as a test? Have you tried different email clients? Maybe you have something running that's scanning your incoming email and following links. Quote Link to comment https://forums.phpfreaks.com/topic/309588-amazon-ip-accessing-page-mystery/#findComment-1571954 Share on other sites More sharing options...
jakebur01 Posted November 28, 2019 Author Share Posted November 28, 2019 Yea. I guess I could add a button to the landing page. Click here to activate. Quote Link to comment https://forums.phpfreaks.com/topic/309588-amazon-ip-accessing-page-mystery/#findComment-1571955 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.