Hi there guys,
I've noticed on my Magento CE 2.17 based store, that I get almost everyday new customers registered plus newsletter subscriptions. While this would sound cool, if they were real potential customers.But when I check their data, the input they entered on registration process, it is obvious that that they have no intention in buying something from my store. They enter some crap data written in chinese just enough to pass the registration.
So my main concerns are:
1)What is or could be their intention? How do they think, they could abuse my store, my web server, my mail address?
2)Do they try to get access to my MTA for mass mailing, so that they could send spam around the world from my server?
3)Do they think they would break, stole something?
Please share your experience with these bad guys and your best practice to handle them. By the way, my installation is already secured as adviced from mangento manuals.
Thanks in advance for your input.
This behavior is really strange. Do these registrations come from particular locations? You can check your server logs to learn more about these 'customers'.
If these registrations come from some automatic software, you can try to add captcha to your store, here is a free tool that will help to do that - https://amasty.com/google-invisible-recaptcha-for-magento-2.html
Hi, thanks for your reply. Most fake customers creations come from China, but I still can not distinguish if these are automated requests or are they typing everyrhing by hand because browser info may be inserted in the headers intentionaly. In my apache access.log I get entries like
root@srv:/var/log/apache2# cat access.log |grep Sep/2017:03:19 112.96.x.x - - [11/Sep/2017:03:19:02 +0200] "GET /customer/account/create/ HTTP/1.1" 302 659 "http://mywebsite.com/customer/account/create/" "Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)" 112.96.x.x - - [11/Sep/2017:03:19:13 +0200] "POST /customer/account/createpost/ HTTP/1.1" 302 1223 "http://mywebsite.com/customer/account/createpost/" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:29.0) Gecko/20100101 Firefox/29.0" root@srv:/var/log/apache2#
However it feels like automated, so I've already tried to enable default captcha in magento 2.1, but for some weird reason it doesn't show up on frontend. In the meantime I've installed your extension and so far it looks great I can use this also on "news subscribe" form right, it's just about putting the right url in the settings, am I right?
Anyway, much thanks for your input, best regards