cancel
Showing results for 
Search instead for 
Did you mean: 

Crap customers strike my store

Crap customers strike my store

Hi there guys,

I've noticed on my Magento CE 2.17 based store, that I get almost everyday new customers registered plus newsletter subscriptions. While this would sound cool, if they were real potential customers.But when I check their data, the input they entered on registration process, it is obvious that that they have no intention in buying something from my store. They enter some crap data written in chinese just enough to pass the registration.

So my main concerns are:
1)What is or could be their intention? How do they think, they could abuse my store, my web server, my mail address?
2)Do they try to get access to my MTA for mass mailing, so that they could send spam around the world from my server?
3)Do they think they would break, stole something?

Please share your experience with these bad guys and your best practice to handle them. By the way, my installation is already secured as adviced from mangento manuals.
Thanks in advance for your input.

3 REPLIES

Re: Crap customers strike my store

Hi @tofi

 

This behavior is really strange. Do these registrations come from particular locations? You can check your server logs to learn more about these 'customers'.

 

If these registrations come from some automatic software, you can try to add captcha to your store, here is a free tool that will help to do that - https://amasty.com/google-invisible-recaptcha-for-magento-2.html

Was my answer helpful? You can accept it as a solution.
200+ professional extensions for M1 & M2 with free lifetime updates!

Re: Crap customers strike my store

Hi, thanks for your reply. Most fake customers creations come from China, but I still can not distinguish if these are automated requests or are they typing everyrhing by hand because browser info may be inserted in the headers intentionaly. In my apache access.log I get entries like

root@srv:/var/log/apache2# cat access.log |grep Sep/2017:03:19
112.96.x.x - - [11/Sep/2017:03:19:02 +0200] "GET /customer/account/create/ HTTP/1.1" 302 659 "http://mywebsite.com/customer/account/create/" "Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)"
112.96.x.x - - [11/Sep/2017:03:19:13 +0200] "POST /customer/account/createpost/ HTTP/1.1" 302 1223 "http://mywebsite.com/customer/account/createpost/" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:29.0) Gecko/20100101 Firefox/29.0"
root@srv:/var/log/apache2#

However it feels like automated, so I've already tried to enable default captcha in magento 2.1, but for some weird reason it doesn't show up on frontend. In the meantime I've installed your extension and so far it looks great Smiley Wink I can use this also on "news subscribe" form right, it's just about putting the right url in the settings, am I right?

Anyway, much thanks for your input, best regards

Re: Crap customers strike my store

I've also checked google analytics for my store and I can't see not even one visit from China, so I assume, these registrations were all done in automated mode, otherwise the javascript on the webpage would have recorded the visit and updated the analytics accordingly. I'll adjust my apache settings with "deny from" directives to reject these bad IP ranges from China and block these idiots out. I've checked a few IPs and saw they mostly belong to some free public WiFi networks. But despite all this, I would still like to know how do they think they could abuse my store, my server. What is their point of registering 100 new customers and subscribing 500 emails to newsletter? Did anyone have similar situation and could share the experience. Thanks in advance.