We have default captcha enabled on our website on all the forms.
Email confirmation is required for creating a new account.
Even though there are a lot of fake customer accounts created in admin somehow. We have to delete them manually all the time.
Captcha is bypassed.
How can we stop fake customer accounts being created in the admin ?
Thanks in advance.
Try our free Google ReCaptcha extension, You will be able to add recaptcha on sign up form, contact form and reviews form.
Hi - I'm getting this problem too.
Does anyone know why so many fake customer registrations are occurring?
What are these scripts doing exactly?
I think one of the security patches was related to customer account insecurity, which may be why bots are used to target these things.
Either way, we have a free extension which should stop this in its tracks: noMoreSpam! It doesn't use Captchas so you're not going to annoy your non-bot users.
If you're getting hit in the signup page then you might want to check you're not getting hit in the admin login and downloader login pages. We have another free extension which can help with that, it connects to Slack and sends a notification for any failed admin login attempt: slackCommerce
I was in exactly same situation.
Fake accounts and somone tried creating orders with fake credit cards.
The best solution that helped me is bot blocker extension. This automatically stops spam bots.
You can find more information about it here
There are a few things to do:
- block access to your site for certain IP addresses or subnets (if applicable. For example, you can first analyze from which countries and IPs fake registrations appear and block them)
- try another Captcha solution, for example, this free mod (also available for M2 for free)
- enable order approval in case fake customers will try to order something. This extension will do the trick https://amasty.com/magento-order-approval.html