Showing results for 
Search instead for 
Did you mean: 

Fake customer registration - Magento version

Fake customer registration - Magento version


We have default captcha enabled on our website on all the forms.

Email confirmation is required for creating a new account.

Even though there are a lot of fake customer accounts created in admin somehow. We have to delete them manually all the time.

Captcha is bypassed.

How can we stop fake customer accounts being created in the admin ?


Thanks in advance.



Re: Fake customer registration - Magento version

Try our free Google ReCaptcha extension, You will be able to add recaptcha on sign up form, contact form and reviews form.

Found something useful, please give "Kudos" or "Accept as Solution" for Token of Appreciation.
Free Magento Extensions :

Re: Fake customer registration - Magento version

Hi - I'm getting this problem too.

Does anyone know why so many fake customer registrations are occurring?

What are these scripts doing exactly?




Re: Fake customer registration - Magento version

I think one of the security patches was related to customer account insecurity, which may be why bots are used to target these things.


Either way, we have a free extension which should stop this in its tracks: noMoreSpam! It doesn't use Captchas so you're not going to annoy your non-bot users.


If you're getting hit in the signup page then you might want to check you're not getting hit in the admin login and downloader login pages. We have another free extension which can help with that, it connects to Slack and sends a notification for any failed admin login attempt: slackCommerce

Re: Fake customer registration - Magento version


I was in exactly same situation.

Fake accounts and somone tried creating orders with fake credit cards.

The best solution that helped me is bot blocker extension. This automatically stops spam bots.

You can find more information about it here




Re: Fake customer registration - Magento version


There are a few things to do:

- block access to your site for certain IP addresses or subnets (if applicable. For example, you can first analyze from which countries and IPs fake registrations appear and block them)

- try another Captcha solution, for example, this free mod (also available for M2 for free)

- enable order approval in case fake customers will try to order something. This extension will do the trick

Was my answer helpful? You can accept it as a solution.
200+ professional extensions for M1 & M2 with free lifetime updates!

Re: Fake customer registration - Magento version


        // Extra Magento POST variables
        if ( false !== strpos( $request_path, '/customer/account/createpost' )
            && ( isset( $_POST['birthyear'] ) ||  isset( $_POST['sYear'] ) || isset( $_POST['year'] ) )
        ) {
            return 'bad_request_post_magento_vars';

I run my WordPress WAF somewhat patched for Magento 1:

The check above is inserted just above `if ( ! $this->is_wplogin )`


The common in fake registration are the vast number of extra POST vars sent to the registration form.