***This issue has been around for a very long time and not been resolved.***
We have created a brand new, fresh installation of the latest version of Magento 2. It's totally sandboxed and closed to the outside world.
Could someone then, please explain how fake Customer Account Registrations still persist?!?!
Does this imply's that Magento Core is compromised as the root cause?!?
If Magento Core is creating fake accounts with .ru extenstions for example, what other back doors or data breaches are embedded? Is this a fair question to ask?
Could others please replicate and report back on this thread?
Installing Magento 2 alone is not sufficient to have your website sustain Internet noise: bots, and other sorts of malicious traffic.
Magento core is not compromised.
You need to use the right software to complement your stack.
Probably you all failed to configure Fail2ban.