As per the subject, I have bots creating new customer accounts on my site. Mostly sending messages to "mail.ru" addresses.
Anyway to stop these?
Thanks!
Hello @mdrucker
Yes - this is known issue ! have seen few posted threads previously.
Here i am sharing one link - https://magento.stackexchange.com/questions/233368/prevent-spam-account-registration
Go with the posted solutions and implement it for the same - specifically you can go with Solution no 4 - Enable Magento Captcha or Google Captcha and block their ip on server level.
It will resolved your issue !
Hope it helps !
Unfortunately the Captcha (at least the one built into Magento) and IP blocking has not worked.
They come every few hours and create 30-40 accounts. New IP is used every time.
Use Google Recaptcha
https://github.com/magento/magespecialist_ReCaptcha/
Hi @mdrucker
Here are some solution you can implement for prevent spam account registration
1. Enable Magento Captcha:
Enable Magento captcha from store configuration.
2. Pass encrypted string in phtml file:
<input name="form_key_hidden" type="hidden" value="<?php echo $FormKey->getFormKey().'259a8240fba23e82626efdc9eaa0c483';?>" /> and check in controller $customformKey = $require->getParam('form_key_hidden'); if ($customformKey == $objectManager->create('\Magento\Framework\Data\Form\FormKey')->getFormKey() . '259a8240fba23e82626efdc9eaa0c483') { // // default code // }
3. Update fields limitation rules from database:
Update directly in the customer_eav_attribute table, update rows with attribute_id=5 [firstname] and attribute_id=7 [lastname] and replace 255 by 25 :
a:2:{s:15:"max_text_length";i:255;s:15:"min_text_length";i:1;} (before update/ bydefault) a:2:{s:15:"max_text_length";i:25;s:15:"min_text_length";i:1;} (modified)
4. Add Google Captcha:
Magento provides limited form's captcha , for custom form either we need to custom code for magento captcha or add google captcha.
5. Block IP address:
Check that every time bot is running from same ip then block that ip from your .htaccess file
Example: Deny from 000.000.00.111
I hope all above solutions will help you.
Thanks
If issue solved, Click Kudos & Accept as Solution
There are some solutions I have applied and its working for me.
Tried turning on Google invisible Capcha, then no customer could login. Can you please advise? I appreciate your help.
This can happen if you have regular captcha enabled in Stores > Configuration > Customers
If the sign in form is from a custom theme, the custom theme may not support recatpcha login. Easiest thing to do would be to delete the file from your theme and use the default login file.
the step 3 ofPankajS_Magento helped me. thanks a lot