cancel
Showing results for 
Search instead for 
Did you mean: 

Fake customer registration - Magento version 1.9.0.1

Fake customer registration - Magento version 1.9.0.1

Hi,

We have default captcha enabled on our website on all the forms.

Email confirmation is required for creating a new account.

Even though there are a lot of fake customer accounts created in admin somehow. We have to delete them manually all the time.

Captcha is bypassed.

How can we stop fake customer accounts being created in the admin ?

 

Thanks in advance.

 

9 REPLIES 9

Re: Fake customer registration - Magento version 1.9.0.1

Try our free Google ReCaptcha extension, You will be able to add recaptcha on sign up form, contact form and reviews form.

http://www.magentocommerce.com/magento-connect/google-recaptcha-by-magecomp.html

Was my answer helpful? You can accept it as a solution.
175+ Professional Extensions for M1 & M2
Need a developer?Just visit Contact Us Now

Re: Fake customer registration - Magento version 1.9.0.1

Hi - I'm getting this problem too.


Does anyone know why so many fake customer registrations are occurring?


What are these scripts doing exactly?

 

 

Thanks!

Re: Fake customer registration - Magento version 1.9.0.1

I think one of the security patches was related to customer account insecurity, which may be why bots are used to target these things.

 

Either way, we have a free extension which should stop this in its tracks: noMoreSpam! It doesn't use Captchas so you're not going to annoy your non-bot users.

 

If you're getting hit in the signup page then you might want to check you're not getting hit in the admin login and downloader login pages. We have another free extension which can help with that, it connects to Slack and sends a notification for any failed admin login attempt: slackCommerce

Re: Fake customer registration - Magento version 1.9.0.1

Hi,

I was in exactly same situation.

Fake accounts and somone tried creating orders with fake credit cards.

The best solution that helped me is bot blocker extension. This automatically stops spam bots.

You can find more information about it here

https://magewares.com/m1-bot-blocker.html

 

Thanks

Tej

Re: Fake customer registration - Magento version 1.9.0.1

Hi,

There are a few things to do:

- block access to your site for certain IP addresses or subnets (if applicable. For example, you can first analyze from which countries and IPs fake registrations appear and block them)

- try another Captcha solution, for example, this free mod (also available for M2 for free)

- enable order approval in case fake customers will try to order something. This extension will do the trick https://amasty.com/magento-order-approval.html

Was my answer helpful? You can accept it as a solution.
230+ professional extensions for M1 & M2 with free lifetime updates!

Re: Fake customer registration - Magento version 1.9.0.1

 

        // Extra Magento POST variables
        if ( false !== strpos( $request_path, '/customer/account/createpost' )
            && ( isset( $_POST['birthyear'] ) ||  isset( $_POST['sYear'] ) || isset( $_POST['year'] ) )
        ) {
            return 'bad_request_post_magento_vars';
        }

I run my WordPress WAF somewhat patched for Magento 1: https://github.com/szepeviktor/wordpress-fail2ban/blob/master/magento/magento1.patch

The check above is inserted just above `if ( ! $this->is_wplogin )`

 

The common in fake registration are the vast number of extra POST vars sent to the registration form.

Re: Fake customer registration - Magento version 1.9.0.1

I am using Google Recaptcha but still facing same issue.

Re: Fake customer registration - Magento version 1.9.0.1

These fake registrations are done with spam information in the customer name fields. What helped for me is changing the field length of the customer first- and last name in the database.

Update directly in the table customer_eav_attribute the rows with attribute_id=5 [firstname] and attribute_id=7 [lastname] and replace 255 by 30 (fieldlength)

After changing these field the fake registrations stopped. Before doing these changes any recaptcha didn't help.

Re: Fake customer registration - Magento version 1.9.0.1

we had over 300 .ru emails register and using the name fields to fill with content, this worked for me. no more user generation every 3 minutes...thanks for this.