Try our free Google ReCaptcha extension, You will be able to add recaptcha on sign up form, contact form and reviews form.

http://www.magentocommerce.com/magento-connect/google-recaptcha-by-magecomp.html

Hi - I'm getting this problem too.

Does anyone know why so many fake customer registrations are occurring?

What are these scripts doing exactly?

Thanks!

I think one of the security patches was related to customer account insecurity, which may be why bots are used to target these things.

Either way, we have a free extension which should stop this in its tracks: noMoreSpam! It doesn't use Captchas so you're not going to annoy your non-bot users.

If you're getting hit in the signup page then you might want to check you're not getting hit in the admin login and downloader login pages. We have another free extension which can help with that, it connects to Slack and sends a notification for any failed admin login attempt: slackCommerce

Hi,

I was in exactly same situation.

Fake accounts and somone tried creating orders with fake credit cards.

The best solution that helped me is bot blocker extension. This automatically stops spam bots.

You can find more information about it here

https://magewares.com/m1-bot-blocker.html

Thanks

Tej

Hi,

There are a few things to do:

- block access to your site for certain IP addresses or subnets (if applicable. For example, you can first analyze from which countries and IPs fake registrations appear and block them)

- try another Captcha solution, for example, this free mod (also available for M2 for free)

- enable order approval in case fake customers will try to order something. This extension will do the trick https://amasty.com/magento-order-approval.html

        // Extra Magento POST variables
        if ( false !== strpos( $request_path, '/customer/account/createpost' )
            && ( isset( $_POST['birthyear'] ) ||  isset( $_POST['sYear'] ) || isset( $_POST['year'] ) )
        ) {
            return 'bad_request_post_magento_vars';
        }

I run my WordPress WAF somewhat patched for Magento 1: https://github.com/szepeviktor/wordpress-fail2ban/blob/master/magento/magento1.patch

The check above is inserted just above `if ( ! $this->is_wplogin )`

The common in fake registration are the vast number of extra POST vars sent to the registration form.

I am using Google Recaptcha but still facing same issue.

These fake registrations are done with spam information in the customer name fields. What helped for me is changing the field length of the customer first- and last name in the database.

Update directly in the table customer_eav_attribute the rows with attribute_id=5 [firstname] and attribute_id=7 [lastname] and replace 255 by 30 (fieldlength)

After changing these field the fake registrations stopped. Before doing these changes any recaptcha didn't help.

we had over 300 .ru emails register and using the name fields to fill with content, this worked for me. no more user generation every 3 minutes...thanks for this.