1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Mediapartners-Google keeps creating new accounts on my web, bypass RECPATCHA?

Discussion in 'BlackHat Lounge' started by juuiocri, Oct 18, 2014.

  1. juuiocri

    juuiocri Newbie

    Joined:
    Oct 18, 2014
    Messages:
    0
    Likes Received:
    1
    Hi,

    i started to deep analyze my access log to ban automated hits to my site.
    I discovered that IP's with user agent Mediapartners-Google keep registering new accounts on my site from time to time.
    Registration form is properly secured with RECAPTCHA and requires e-mail confirm.

    IP address belongs to Google because reverse DNS points to rate-limited-proxy*googleDOTcom


    I dont understand why Google creates so many new accounts on my site.
    And I also dont understand how they can fill right RECAPTCHA.
     
  2. bartosimpsonio

    bartosimpsonio Jr. VIP Jr. VIP Premium Member

    Joined:
    Mar 21, 2013
    Messages:
    8,875
    Likes Received:
    7,475
    Occupation:
    ZLinky2Buy SEO Services
    Location:
    ⇩⇩⇩⇩⇩⇩⇩⇩⇩⇩⇩⇩
    Home Page:
    Your account creation handler is probably using a GET request and the URL is being requested by your adsense code, which in turn generates a new account. Make it so your handler only accepts POST requests.
     
  3. juuiocri

    juuiocri Newbie

    Joined:
    Oct 18, 2014
    Messages:
    0
    Likes Received:
    1
    Registration form only accepts POST.
    Acc confirmation which is sent to mail is naturally GET request.

    Those accounts are new with generated nickname even confirmed gmail adddress..
    It's not like google is hitting same URL someone else accessed before.


    Can be easily blocked with robots.txt
    But its weird!
    Still does not make sense to me
     
  4. lord1027

    lord1027 Elite Member

    Joined:
    Sep 20, 2013
    Messages:
    3,174
    Likes Received:
    2,222
    Recaptcha belongs to google... any hint now?
     
  5. juuiocri

    juuiocri Newbie

    Joined:
    Oct 18, 2014
    Messages:
    0
    Likes Received:
    1
    Nope you were right. I didnt check it properly.
    Google is only accessing those confirmation URLs is not creating accounts itself.

    Problem solved. Thanks
     
    • Thanks Thanks x 1