BOTS Creating Customer Accounts

mdrucker · ‎03-12-2019

As per the subject, I have bots creating new customer accounts on my site. Mostly sending messages to "mail.ru" addresses.

Anyway to stop these?

Thanks!

Manthan Dave · ‎03-12-2019

Hello @mdrucker

Yes - this is known issue ! have seen few posted threads previously.

Here i am sharing one link - https://magento.stackexchange.com/questions/233368/prevent-spam-account-registration

Go with the posted solutions and implement it for the same - specifically you can go with Solution no 4 - Enable Magento Captcha or Google Captcha and block their ip on server level.

It will resolved your issue !

Hope it helps !

if issue solved,Click Kudos & Accept as Solution

mdrucker · ‎03-12-2019

Unfortunately the Captcha (at least the one built into Magento) and IP blocking has not worked.

They come every few hours and create 30-40 accounts. New IP is used every time.

Suman Kar · ‎03-12-2019

Use Google Recaptcha

https://github.com/magento/magespecialist_ReCaptcha/

Suman Kar(suman.jis@gmail.com) Magento Certified Developer Plus Skype: sumanphptech Problem solved? Please give 'Kudos' and accept 'Answer as Solution'.

PankajS_Magento · ‎03-13-2019

Hi @mdrucker

Here are some solution you can implement for prevent spam account registration

1. Enable Magento Captcha:

Enable Magento captcha from store configuration.

2. Pass encrypted string in phtml file:

<input name="form_key_hidden" type="hidden" value="<?php echo $FormKey->getFormKey().'259a8240fba23e82626efdc9eaa0c483';?>" />
and check in controller

$customformKey = $require->getParam('form_key_hidden');
if ($customformKey == $objectManager->create('\Magento\Framework\Data\Form\FormKey')->getFormKey() . '259a8240fba23e82626efdc9eaa0c483') {
//
// default code
//
}

3. Update fields limitation rules from database:

Update directly in the customer_eav_attribute table, update rows with attribute_id=5 [firstname] and attribute_id=7 [lastname] and replace 255 by 25 :

a:2:{s:15:"max_text_length";i:255;s:15:"min_text_length";i:1;} (before update/ bydefault)
a:2:{s:15:"max_text_length";i:25;s:15:"min_text_length";i:1;} (modified)

4. Add Google Captcha:

Magento provides limited form's captcha , for custom form either we need to custom code for magento captcha or add google captcha.

5. Block IP address:

Check that every time bot is running from same ip then block that ip from your .htaccess file
Example: Deny from 000.000.00.111

I hope all above solutions will help you.

Thanks

If issue solved, Click Kudos & Accept as Solution

nimita · ‎03-14-2019

There are some solutions I have applied and its working for me.

https://community.magento.com/t5/Magento-2-x-Technical-Issues/Prevent-Spam-Account-Registration-and-...

if issue solved,Click Kudos & Accept as Solution

ehsantoron7481 · ‎09-30-2020

Tried turning on Google invisible Capcha, then no customer could login. Can you please advise? I appreciate your help.

elfling · ‎09-30-2020

This can happen if you have regular captcha enabled in Stores > Configuration > Customers

If the sign in form is from a custom theme, the custom theme may not support recatpcha login. Easiest thing to do would be to delete the file from your theme and use the default login file.

fastcellular · ‎12-04-2022

the step 3 ofPankajS_Magento helped me. thanks a lot

BOTS Creating Customer Accounts

BOTS Creating Customer Accounts

Re: BOTS Creating Customer Accounts

Re: BOTS Creating Customer Accounts

Re: BOTS Creating Customer Accounts

Re: BOTS Creating Customer Accounts

Re: BOTS Creating Customer Accounts

Re: BOTS Creating Customer Accounts

Re: BOTS Creating Customer Accounts

Re: BOTS Creating Customer Accounts