Solved: Security Issues (unwanted customer accounts)

maartenvr · ‎01-12-2016

For some reason I keep getting strange customer accounts into my Magento installation. I recently did a fresh install, so I am on version 1.9.2.2.

- I have changed the Admin URL

- I have blocked the downloader folder in .htaccess

Still I am getting these accounts. The email addresses all end with .ru.

What else can I do to stop this?

maartenvr · ‎01-14-2016

I believe I have it solved now. I did make a bunch more changes, so I am not 100% sure which one fixed it, but I think the customer CAPTCHA was not setup right, which it is now, and I get no more of these funny accounts.

(with .ru accounts I meant that the email address ended with .ru)

View solution in original post

Mukesh Tiwari · ‎01-12-2016

Hi @maartenvr

You can try following,

1) Inform your hosting provider to scan your application for any viruses or Trojans.

2) Check the Magento files and folders permissions once and set those to recommended one.

3) stop using FTP, use SFTP instead.

4) Do not use Magento default admin url.Use a custom url for the admin panel access.

5) Change all the user names and passwords for the cPanel,FTP (better do not use it).

6) If you worked with some third party for development work on your Magento installation then change all user name and passwords. Also change all the admin access granted to them.Any users created for SOAP and REST api access.

7) Add IP restriction to your Magento admin so that it can be accesses from a particular ip address only.

8) Restrict your files under following location from being visible publicly by accessing in browser url.

a) var/log

b) app/etc

9) Enable captcha on customer registration form.

10) Also visit https://magento.com/security

Try above mentioned point and see if it help you or not.

---
Problem Solved Click Accept as Solution!:Magento Community India Forum

maartenvr · ‎01-12-2016

Nope, I have already been through all this. Still getting about 10 new .ru accounts per day

JLHC · ‎01-12-2016

I'm not sure if you considered this but maybe the users (or bots) register for an account from your website's frontend?

There's a Registration or Create An Account page with the URL "/customer/account/create/" at your website's frontend which allows anyone to register for an account.

If this is the page they register for an account, you can try to prevent bots from auto registering for an account by enabling CAPTCHA in your Magento Admin --> System --> Configuration --> Customers --> Customer Configuration --> CAPTCHA.

Do make sure you select "Create user" under "Forms" for the CAPTCHA to be used in the customer registration page.

James Lee | Moderator • Magento Master
Magento Hosting Recommended by Magento Master

SMDesign · ‎01-13-2016

You should check MageFence extension http://www.extensionsmall.com/mage-fence-security.html

One of the features is " Send email alerts about suspicious activities - changed files, brute force attacks and unauthorized users."

Mukesh Tiwari · ‎01-14-2016

Hi @maartenvr

Are you still facing the issue? Are all the suspicious accounts being created from same ip address (check in customer details section in Magento admin)

What do you mean by .ru account?

---
Problem Solved Click Accept as Solution!:Magento Community India Forum

maartenvr · ‎01-14-2016

I believe I have it solved now. I did make a bunch more changes, so I am not 100% sure which one fixed it, but I think the customer CAPTCHA was not setup right, which it is now, and I get no more of these funny accounts.

(with .ru accounts I meant that the email address ended with .ru)

Security Issues (unwanted customer accounts)

Security Issues (unwanted customer accounts)

Re: Security Issues (unwanted customer accounts)

Re: Security Issues (unwanted customer accounts)

Re: Security Issues (unwanted customer accounts)

Re: Security Issues (unwanted customer accounts)

Re: Security Issues (unwanted customer accounts)

Re: Security Issues (unwanted customer accounts)

Re: Security Issues (unwanted customer accounts)