People from Russia making fake accounts in our Magento 1.9.x store - why? The 2019 Stack Overflow Developer Survey Results Are In Announcing the arrival of Valued Associate #679: Cesar Manara Planned maintenance scheduled April 17/18, 2019 at 00:00UTC (8:00pm US/Eastern)Prevent Spam Account RegistrationI accidentaly deleted some customers from CUSTOMERS - MANAGE CUSTOMERS…How to import them back from a backup?How to make Magento NOT send Thank you for registering Welcome Email?How to know from which site a customer is redirected to our storeCustomers couldn't login from Safari In magento 1.9How to transfer user accounts (user ID, password) from Magento 1.3.1 to 1.9.1?Magento global accounts set, but newsletter per storename or storeview - multi-storeMagento 1.9 infection - replicating html/php to fake Nike storeMagento 1 - Stop Spam Accounts from being createdMagento 1.9 : How to create our own custom timezone?Magento 1.9 - Why different Product URL for different StoreMagento 1.9 Fake customer with addressMaking addToCart and cart page execute synchronously in magento 1.9
Can withdrawing asylum be illegal?
One-dimensional Japanese puzzle
Can the DM override racial traits?
Homework question about an engine pulling a train
Is it ethical to upload a automatically generated paper to a non peer-reviewed site as part of a larger research?
Simulating Exploding Dice
University's motivation for having tenure-track positions
Loose spokes after only a few rides
If I score a critical hit on an 18 or higher, what are my chances of getting a critical hit if I roll 3d20?
When did F become S? Why?
Identify 80s or 90s comics with ripped creatures (not dwarves)
Why can't devices on different VLANs, but on the same subnet, communicate?
For what reasons would an animal species NOT cross a *horizontal* land bridge?
Example of compact Riemannian manifold with only one geodesic.
Is it ok to offer lower paid work as a trial period before negotiating for a full-time job?
Does Parliament need to approve the new Brexit delay to 31 October 2019?
How to politely respond to generic emails requesting a PhD/job in my lab? Without wasting too much time
How do I design a circuit to convert a 100 mV and 50 Hz sine wave to a square wave?
Button changing its text & action. Good or terrible?
Is 'stolen' appropriate word?
how can a perfect fourth interval be considered either consonant or dissonant?
Is this wall load bearing? Blueprints and photos attached
Why are PDP-7-style microprogrammed instructions out of vogue?
What aspect of planet Earth must be changed to prevent the industrial revolution?
People from Russia making fake accounts in our Magento 1.9.x store - why?
The 2019 Stack Overflow Developer Survey Results Are In
Announcing the arrival of Valued Associate #679: Cesar Manara
Planned maintenance scheduled April 17/18, 2019 at 00:00UTC (8:00pm US/Eastern)Prevent Spam Account RegistrationI accidentaly deleted some customers from CUSTOMERS - MANAGE CUSTOMERS…How to import them back from a backup?How to make Magento NOT send Thank you for registering Welcome Email?How to know from which site a customer is redirected to our storeCustomers couldn't login from Safari In magento 1.9How to transfer user accounts (user ID, password) from Magento 1.3.1 to 1.9.1?Magento global accounts set, but newsletter per storename or storeview - multi-storeMagento 1.9 infection - replicating html/php to fake Nike storeMagento 1 - Stop Spam Accounts from being createdMagento 1.9 : How to create our own custom timezone?Magento 1.9 - Why different Product URL for different StoreMagento 1.9 Fake customer with addressMaking addToCart and cart page execute synchronously in magento 1.9
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty margin-bottom:0;
Magento 1.9.1 and 1.9.3.7
Porto theme
We have 2 Magento installations each with multiple domains/websites. I have noticed recently in the CUSTOMERS --) MANAGE CUSTOMERS area that there are customers with Russian Email addresses there (they never bought anything just registered).
Why would someone do that and is there any kind of a security risk involved? Shall I delete those accounts?
We have had problems with being blacklisted on different blacklists recently even though we NEVER EVER sent any spam whatsover! Could this be connected?
UPDATE ON October 16th, 2018:
We now have 136 348 new accounts. I have activated the Magento CAPTCHA yesterday for both new accounts and Guest Orders but I don't think that worked as we have 700 new fake accounts today alone (and it's only 13:33 MST).
What else do I need to do to stop this? I am so desperate I'm even thinking to temporarily stop sending Emails after customer registers. Please help...
magento-1.9 customer customer-account registration
asked Apr 28 '18 at 12:50
AllysinAllysin
701040
add a comment |
Magento 1.9.1 and 1.9.3.7
Porto theme
We have 2 Magento installations each with multiple domains/websites. I have noticed recently in the CUSTOMERS --) MANAGE CUSTOMERS area that there are customers with Russian Email addresses there (they never bought anything just registered).
Why would someone do that and is there any kind of a security risk involved? Shall I delete those accounts?
We have had problems with being blacklisted on different blacklists recently even though we NEVER EVER sent any spam whatsover! Could this be connected?
UPDATE ON October 16th, 2018:
We now have 136 348 new accounts. I have activated the Magento CAPTCHA yesterday for both new accounts and Guest Orders but I don't think that worked as we have 700 new fake accounts today alone (and it's only 13:33 MST).
What else do I need to do to stop this? I am so desperate I'm even thinking to temporarily stop sending Emails after customer registers. Please help...
magento-1.9 customer customer-account registration
asked Apr 28 '18 at 12:50
AllysinAllysin
701040
did you activate reCaptcha on registration
– WISAM HAKIM
Apr 28 '18 at 13:55
magecomp.com/magento-new-recaptcha.html - Add this plugin which add google captcha on your site. So spammer will not add fake data in your site.
– Chirag Rajput
Apr 30 '18 at 5:30
1
this is no any hackers, this is just a bot - he registers an account with advertising information, and an activation letter or a newsletter comes to this email back and can be confusing to the owner. just enable honeypot or captcha.
– MagenX
Apr 30 '18 at 6:53
add a comment |
Magento 1.9.1 and 1.9.3.7
Porto theme
We have 2 Magento installations each with multiple domains/websites. I have noticed recently in the CUSTOMERS --) MANAGE CUSTOMERS area that there are customers with Russian Email addresses there (they never bought anything just registered).
Why would someone do that and is there any kind of a security risk involved? Shall I delete those accounts?
We have had problems with being blacklisted on different blacklists recently even though we NEVER EVER sent any spam whatsover! Could this be connected?
UPDATE ON October 16th, 2018:
We now have 136 348 new accounts. I have activated the Magento CAPTCHA yesterday for both new accounts and Guest Orders but I don't think that worked as we have 700 new fake accounts today alone (and it's only 13:33 MST).
What else do I need to do to stop this? I am so desperate I'm even thinking to temporarily stop sending Emails after customer registers. Please help...
magento-1.9 customer customer-account registration
asked Apr 28 '18 at 12:50
AllysinAllysin
701040
Magento 1.9.1 and 1.9.3.7
Porto theme
We have 2 Magento installations each with multiple domains/websites. I have noticed recently in the CUSTOMERS --) MANAGE CUSTOMERS area that there are customers with Russian Email addresses there (they never bought anything just registered).
Why would someone do that and is there any kind of a security risk involved? Shall I delete those accounts?
We have had problems with being blacklisted on different blacklists recently even though we NEVER EVER sent any spam whatsover! Could this be connected?
UPDATE ON October 16th, 2018:
We now have 136 348 new accounts. I have activated the Magento CAPTCHA yesterday for both new accounts and Guest Orders but I don't think that worked as we have 700 new fake accounts today alone (and it's only 13:33 MST).
What else do I need to do to stop this? I am so desperate I'm even thinking to temporarily stop sending Emails after customer registers. Please help...
magento-1.9 customer customer-account registration
magento-1.9 customer customer-account registration
asked Apr 28 '18 at 12:50
AllysinAllysin
701040
asked Apr 28 '18 at 12:50
AllysinAllysin
701040
edited Oct 16 '18 at 19:35
Allysin
asked Apr 28 '18 at 12:50
AllysinAllysin
701040
asked Apr 28 '18 at 12:50
AllysinAllysin
701040
asked Apr 28 '18 at 12:50
AllysinAllysin
701040
701040
did you activate reCaptcha on registration
– WISAM HAKIM
Apr 28 '18 at 13:55
magecomp.com/magento-new-recaptcha.html - Add this plugin which add google captcha on your site. So spammer will not add fake data in your site.
– Chirag Rajput
Apr 30 '18 at 5:30
1
this is no any hackers, this is just a bot - he registers an account with advertising information, and an activation letter or a newsletter comes to this email back and can be confusing to the owner. just enable honeypot or captcha.
– MagenX
Apr 30 '18 at 6:53
add a comment |
did you activate reCaptcha on registration
– WISAM HAKIM
Apr 28 '18 at 13:55
magecomp.com/magento-new-recaptcha.html - Add this plugin which add google captcha on your site. So spammer will not add fake data in your site.
– Chirag Rajput
Apr 30 '18 at 5:30
1
this is no any hackers, this is just a bot - he registers an account with advertising information, and an activation letter or a newsletter comes to this email back and can be confusing to the owner. just enable honeypot or captcha.
– MagenX
Apr 30 '18 at 6:53
did you activate reCaptcha on registration
– WISAM HAKIM
Apr 28 '18 at 13:55
did you activate reCaptcha on registration
– WISAM HAKIM
Apr 28 '18 at 13:55
magecomp.com/magento-new-recaptcha.html - Add this plugin which add google captcha on your site. So spammer will not add fake data in your site.
– Chirag Rajput
Apr 30 '18 at 5:30
magecomp.com/magento-new-recaptcha.html - Add this plugin which add google captcha on your site. So spammer will not add fake data in your site.
– Chirag Rajput
Apr 30 '18 at 5:30
1
1
this is no any hackers, this is just a bot - he registers an account with advertising information, and an activation letter or a newsletter comes to this email back and can be confusing to the owner. just enable honeypot or captcha.
– MagenX
Apr 30 '18 at 6:53
this is no any hackers, this is just a bot - he registers an account with advertising information, and an activation letter or a newsletter comes to this email back and can be confusing to the owner. just enable honeypot or captcha.
– MagenX
Apr 30 '18 at 6:53
add a comment |
6 Answers
6
active
oldest
votes
If your Magento doesn't support CAPTCHA or you don't want to active it, you can modify the validate() function (line 709) /var/www/app/code/core/Mage/Customer/Model/Customer.php to block http string in customer name:
if (preg_match('/http/', $this->getFirstname()))
$errors[] = Mage::helper('customer')->__('Password minimal length must be more %s', 32);
if (preg_match('/http/', $this->getLastname()))
$errors[] = Mage::helper('customer')->__('Password minimal length must be more %s', 32);
edited Oct 6 '18 at 16:26
Fa11enAngel
1034
answered Jul 16 '18 at 14:19
panticz.depanticz.de
15113
This is not working for an url like google.com. Replace /http.*=/ with /http/ as it is almost impossible people to have "http" in the name. I also added this for last name too.
– Fa11enAngel
Oct 6 '18 at 14:02
@Fa11enAngel We now have 136 348 new accounts. I have activated the Magento CAPTCHA yesterday for both new accounts and Guest Orders but I don't think that worked as we have 700 new fake accounts today alone (and it's only 13:33 MST). What else do I need to do to stop this? I am so desperate I'm even thinking to temporarily stop sending Emails after customer registers. Please help... I will try your solution next...
– Allysin
Oct 16 '18 at 19:40
Captcha is too simple in Magento and can be cracked very simple by tools. Try this. Currently it is working what I've changed the answer to.
– Fa11enAngel
Oct 16 '18 at 20:23
It's probably a good idea to changepreg_match('/http/', ...topreg_match('/http/i', ...to make it case insensitive. I've not encountered Russian spam links with upper case characters but it would otherwise be easy for them to bypass this check.
– Marco Miltenburg
Jan 24 at 9:43
add a comment |
Russian Email addresses (just registered).
We have had problems with being blacklisted on different blacklists recently even though we NEVER EVER sent any spam whatsover! Could this be connected?
Sure all of this is connected, if your website send a 'Welcome message' to new users, plus a 'Thank you for subscribing to our newsletter' to people that did not requested that, they identify your mails as spam, and you get blacklisted.
The worst scenario is when they use fields like firstname or lastname to include their 'propaganda', such as links to websites with fraud messages, identified (automatically) as spam by mailbox services.
Here is an example of what can be sent through the firstname via your shop :
Приветствуем Xxx! Ваш баланс №13567996ஆ 06.09.2018 подлежит упразднению. Укажите признак выплаты тут-
Welcome Xxx! Your balance №13567996ஆ on 06.09.2018 is subject to abolition. Specify the payment indication here-
http://one-bad-link-here.gq/123456
If sent to russian people only, they may not understand english and just click on this link !
Same thing in chinese too.
answered Sep 4 '18 at 8:05
DependencyHellDependencyHell
828422
for solution, see there : magento.stackexchange.com/a/240716/50635
– DependencyHell
Sep 9 '18 at 20:00
We now have 136 348 new accounts. I have activated the Magento CAPTCHA yesterday for both new accounts and Guest Orders but I don't think that worked as we have 700 new fake accounts today alone (and it's only 13:33 MST). What else do I need to do to stop this? I am so desperate I'm even thinking to temporarily stop sending Emails after customer registers. Please help...
– Allysin
Oct 16 '18 at 19:39
@Allysin : did you fix this issue?
– DependencyHell
Nov 1 '18 at 13:50
Not yet - I've just tried putting in the Magento 1.9 Captcha but I guess it must be outdated because the problem continued. We ended up temporarily shutting the site down (we had like 150 000 new account registrations). Now it's been down for over a week and we are loosing revenue as well SEO rankings so I will have to do something soon. Someone suggested CAPTCHA from Amasty ($59) but I'm not sure if that will really work? Any other suggestions are greatly appreciated.
– Allysin
Nov 1 '18 at 17:22
I've seen other people complaining that the captcha is not enough for these kind of bot. Did you read the solution #6 I wrote there ? magento.stackexchange.com/questions/233368/… you can do this easily in your database, then try to register like the bot does to ensure it works
– DependencyHell
Nov 2 '18 at 10:01
add a comment |
I think your site is attacked by some hackers, Recently I got news that many sites were attcked by this groups, to prevent this you can enable captcha in registration page.
to enable captcha
Go to System->Configuration->Customers->Customer Configuration->Enable captcha
answered Apr 28 '18 at 13:22
Murtuza ZabuawalaMurtuza Zabuawala
12.7k73362
Hacked as in they got inside the Admin panel and had access to all the info in there? Or hacked that they sent spam somehow? I am enabling CAPTCHA now - shall I do it for all 3? (Forgot password, Checkout as Guest, and Register during Checkout)? How do they hack the site? Guess the passowrd?
– Allysin
Apr 28 '18 at 16:49
We had 81 fake accounts created on February 16th alone. They all are from something@yandex.ru (the something part changes)
– Allysin
Apr 28 '18 at 17:00
some of them refernce something like: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> rh.drive.google.com/open?id=1eA6rAsRSPrUk_J5zquu6NKG4Mk1irM8v
– Allysin
Apr 28 '18 at 17:01
or this as the name: "<p>The requested URL /es_combine/subjects.txt was not found on this server.</p> 530.drive.google.com/open?id=1Ky1OOErUWAETGRt4OI7phoVSzqNDwRJ7"
– Allysin
Apr 28 '18 at 17:03
1
they create account even enable magento default capcha, not sure how they do that
– Suneth Kalhara
Feb 18 at 8:31
|
show 5 more comments
May be that can help … I install free module from mageplaza Google reCaptcha - Invisible CAPTCHA and it seems don't have anymore Russian new account.. It didn't cost me a penny and was easy to install.
answered Jan 28 at 10:47
cadoworldcadoworld
163
add a comment |
Magento 1.9.x:
We also have the problem with Russian "cheaters" that use our Customer Registration form to send spam-mails to a lot of unknown users. They also pass by our reCaptcha. But I found this solution to help (for now):
- Reduce the possible text length for the first name / last name to around 30 letters, as the russian text usually are much longer.
You have to edit your database table "customer_eav_attribute". In record 5 and 7, you can change values for length limitations for first name (5th) and last name (7th). Change the max_text_length with value 255 to 30 or any other number of your choice. With longer values in the text box, the "bot" will only get error messages.
answered Feb 10 at 18:05
AtianAtian
2117
Hi, For the solution you mentioned above. What should i do for Magento 2.2.6? the validate_rules is showing as ""max_text_length":225,"min_text_length":1", and there is also an "input_filter": "trim". should i remove "trim", and edit the 225 to 25? i tried it yesterday but the russian spam still coming through.
– Kris Wen
Mar 19 at 16:16
add a comment |
You can block russian user to register in your store by validation in your registration page. It will work, i am also using this.
<script type="text/javascript">
jQuery('.customer-account-create #email_address').blur(function()
var emailId = jQuery('.customer-account-create #email_address').val();
if( emailId.indexOf('.ru') >= 0)
//alert("This email can not be registered.");
jQuery('.customer-account-create #email_address').val('');
jQuery('.customer-account-create #email_address').focus();
return false;
);
answered 19 mins ago
Imroz AnjumImroz Anjum
164
add a comment |
Your Answer
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "479"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fmagento.stackexchange.com%2fquestions%2f224083%2fpeople-from-russia-making-fake-accounts-in-our-magento-1-9-x-store-why%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
6 Answers
6
active
oldest
votes
6 Answers
6
active
oldest
votes
active
oldest
votes
active
oldest
votes
If your Magento doesn't support CAPTCHA or you don't want to active it, you can modify the validate() function (line 709) /var/www/app/code/core/Mage/Customer/Model/Customer.php to block http string in customer name:
if (preg_match('/http/', $this->getFirstname()))
$errors[] = Mage::helper('customer')->__('Password minimal length must be more %s', 32);
if (preg_match('/http/', $this->getLastname()))
$errors[] = Mage::helper('customer')->__('Password minimal length must be more %s', 32);
edited Oct 6 '18 at 16:26
Fa11enAngel
1034
answered Jul 16 '18 at 14:19
panticz.depanticz.de
15113
This is not working for an url like google.com. Replace /http.*=/ with /http/ as it is almost impossible people to have "http" in the name. I also added this for last name too.
– Fa11enAngel
Oct 6 '18 at 14:02
@Fa11enAngel We now have 136 348 new accounts. I have activated the Magento CAPTCHA yesterday for both new accounts and Guest Orders but I don't think that worked as we have 700 new fake accounts today alone (and it's only 13:33 MST). What else do I need to do to stop this? I am so desperate I'm even thinking to temporarily stop sending Emails after customer registers. Please help... I will try your solution next...
– Allysin
Oct 16 '18 at 19:40
Captcha is too simple in Magento and can be cracked very simple by tools. Try this. Currently it is working what I've changed the answer to.
– Fa11enAngel
Oct 16 '18 at 20:23
It's probably a good idea to changepreg_match('/http/', ...topreg_match('/http/i', ...to make it case insensitive. I've not encountered Russian spam links with upper case characters but it would otherwise be easy for them to bypass this check.
– Marco Miltenburg
Jan 24 at 9:43
add a comment |
If your Magento doesn't support CAPTCHA or you don't want to active it, you can modify the validate() function (line 709) /var/www/app/code/core/Mage/Customer/Model/Customer.php to block http string in customer name:
if (preg_match('/http/', $this->getFirstname()))
$errors[] = Mage::helper('customer')->__('Password minimal length must be more %s', 32);
if (preg_match('/http/', $this->getLastname()))
$errors[] = Mage::helper('customer')->__('Password minimal length must be more %s', 32);
edited Oct 6 '18 at 16:26
Fa11enAngel
1034
answered Jul 16 '18 at 14:19
panticz.depanticz.de
15113
This is not working for an url like google.com. Replace /http.*=/ with /http/ as it is almost impossible people to have "http" in the name. I also added this for last name too.
– Fa11enAngel
Oct 6 '18 at 14:02
@Fa11enAngel We now have 136 348 new accounts. I have activated the Magento CAPTCHA yesterday for both new accounts and Guest Orders but I don't think that worked as we have 700 new fake accounts today alone (and it's only 13:33 MST). What else do I need to do to stop this? I am so desperate I'm even thinking to temporarily stop sending Emails after customer registers. Please help... I will try your solution next...
– Allysin
Oct 16 '18 at 19:40
Captcha is too simple in Magento and can be cracked very simple by tools. Try this. Currently it is working what I've changed the answer to.
– Fa11enAngel
Oct 16 '18 at 20:23
It's probably a good idea to changepreg_match('/http/', ...topreg_match('/http/i', ...to make it case insensitive. I've not encountered Russian spam links with upper case characters but it would otherwise be easy for them to bypass this check.
– Marco Miltenburg
Jan 24 at 9:43
add a comment |
If your Magento doesn't support CAPTCHA or you don't want to active it, you can modify the validate() function (line 709) /var/www/app/code/core/Mage/Customer/Model/Customer.php to block http string in customer name:
if (preg_match('/http/', $this->getFirstname()))
$errors[] = Mage::helper('customer')->__('Password minimal length must be more %s', 32);
if (preg_match('/http/', $this->getLastname()))
$errors[] = Mage::helper('customer')->__('Password minimal length must be more %s', 32);
edited Oct 6 '18 at 16:26
Fa11enAngel
1034
answered Jul 16 '18 at 14:19
panticz.depanticz.de
15113
If your Magento doesn't support CAPTCHA or you don't want to active it, you can modify the validate() function (line 709) /var/www/app/code/core/Mage/Customer/Model/Customer.php to block http string in customer name:
if (preg_match('/http/', $this->getFirstname()))
$errors[] = Mage::helper('customer')->__('Password minimal length must be more %s', 32);
if (preg_match('/http/', $this->getLastname()))
$errors[] = Mage::helper('customer')->__('Password minimal length must be more %s', 32);
edited Oct 6 '18 at 16:26
Fa11enAngel
1034
answered Jul 16 '18 at 14:19
panticz.depanticz.de
15113
edited Oct 6 '18 at 16:26
Fa11enAngel
1034
edited Oct 6 '18 at 16:26
Fa11enAngel
1034
edited Oct 6 '18 at 16:26
Fa11enAngel
1034
1034
answered Jul 16 '18 at 14:19
panticz.depanticz.de
15113
answered Jul 16 '18 at 14:19
panticz.depanticz.de
15113
answered Jul 16 '18 at 14:19
panticz.depanticz.de
15113
15113
This is not working for an url like google.com. Replace /http.*=/ with /http/ as it is almost impossible people to have "http" in the name. I also added this for last name too.
– Fa11enAngel
Oct 6 '18 at 14:02
@Fa11enAngel We now have 136 348 new accounts. I have activated the Magento CAPTCHA yesterday for both new accounts and Guest Orders but I don't think that worked as we have 700 new fake accounts today alone (and it's only 13:33 MST). What else do I need to do to stop this? I am so desperate I'm even thinking to temporarily stop sending Emails after customer registers. Please help... I will try your solution next...
– Allysin
Oct 16 '18 at 19:40
Captcha is too simple in Magento and can be cracked very simple by tools. Try this. Currently it is working what I've changed the answer to.
– Fa11enAngel
Oct 16 '18 at 20:23
It's probably a good idea to changepreg_match('/http/', ...topreg_match('/http/i', ...to make it case insensitive. I've not encountered Russian spam links with upper case characters but it would otherwise be easy for them to bypass this check.
– Marco Miltenburg
Jan 24 at 9:43
add a comment |
This is not working for an url like google.com. Replace /http.*=/ with /http/ as it is almost impossible people to have "http" in the name. I also added this for last name too.
– Fa11enAngel
Oct 6 '18 at 14:02
@Fa11enAngel We now have 136 348 new accounts. I have activated the Magento CAPTCHA yesterday for both new accounts and Guest Orders but I don't think that worked as we have 700 new fake accounts today alone (and it's only 13:33 MST). What else do I need to do to stop this? I am so desperate I'm even thinking to temporarily stop sending Emails after customer registers. Please help... I will try your solution next...
– Allysin
Oct 16 '18 at 19:40
Captcha is too simple in Magento and can be cracked very simple by tools. Try this. Currently it is working what I've changed the answer to.
– Fa11enAngel
Oct 16 '18 at 20:23
It's probably a good idea to changepreg_match('/http/', ...topreg_match('/http/i', ...to make it case insensitive. I've not encountered Russian spam links with upper case characters but it would otherwise be easy for them to bypass this check.
– Marco Miltenburg
Jan 24 at 9:43
This is not working for an url like google.com. Replace /http.*=/ with /http/ as it is almost impossible people to have "http" in the name. I also added this for last name too.
– Fa11enAngel
Oct 6 '18 at 14:02
This is not working for an url like google.com. Replace /http.*=/ with /http/ as it is almost impossible people to have "http" in the name. I also added this for last name too.
– Fa11enAngel
Oct 6 '18 at 14:02
@Fa11enAngel We now have 136 348 new accounts. I have activated the Magento CAPTCHA yesterday for both new accounts and Guest Orders but I don't think that worked as we have 700 new fake accounts today alone (and it's only 13:33 MST). What else do I need to do to stop this? I am so desperate I'm even thinking to temporarily stop sending Emails after customer registers. Please help... I will try your solution next...
– Allysin
Oct 16 '18 at 19:40
@Fa11enAngel We now have 136 348 new accounts. I have activated the Magento CAPTCHA yesterday for both new accounts and Guest Orders but I don't think that worked as we have 700 new fake accounts today alone (and it's only 13:33 MST). What else do I need to do to stop this? I am so desperate I'm even thinking to temporarily stop sending Emails after customer registers. Please help... I will try your solution next...
– Allysin
Oct 16 '18 at 19:40
Captcha is too simple in Magento and can be cracked very simple by tools. Try this. Currently it is working what I've changed the answer to.
– Fa11enAngel
Oct 16 '18 at 20:23
Captcha is too simple in Magento and can be cracked very simple by tools. Try this. Currently it is working what I've changed the answer to.
– Fa11enAngel
Oct 16 '18 at 20:23
It's probably a good idea to change
preg_match('/http/', ... to preg_match('/http/i', ... to make it case insensitive. I've not encountered Russian spam links with upper case characters but it would otherwise be easy for them to bypass this check.– Marco Miltenburg
Jan 24 at 9:43
It's probably a good idea to change
preg_match('/http/', ... to preg_match('/http/i', ... to make it case insensitive. I've not encountered Russian spam links with upper case characters but it would otherwise be easy for them to bypass this check.– Marco Miltenburg
Jan 24 at 9:43
add a comment |
Russian Email addresses (just registered).
We have had problems with being blacklisted on different blacklists recently even though we NEVER EVER sent any spam whatsover! Could this be connected?
Sure all of this is connected, if your website send a 'Welcome message' to new users, plus a 'Thank you for subscribing to our newsletter' to people that did not requested that, they identify your mails as spam, and you get blacklisted.
The worst scenario is when they use fields like firstname or lastname to include their 'propaganda', such as links to websites with fraud messages, identified (automatically) as spam by mailbox services.
Here is an example of what can be sent through the firstname via your shop :
Приветствуем Xxx! Ваш баланс №13567996ஆ 06.09.2018 подлежит упразднению. Укажите признак выплаты тут-
Welcome Xxx! Your balance №13567996ஆ on 06.09.2018 is subject to abolition. Specify the payment indication here-
http://one-bad-link-here.gq/123456
If sent to russian people only, they may not understand english and just click on this link !
Same thing in chinese too.
answered Sep 4 '18 at 8:05
DependencyHellDependencyHell
828422
for solution, see there : magento.stackexchange.com/a/240716/50635
– DependencyHell
Sep 9 '18 at 20:00
We now have 136 348 new accounts. I have activated the Magento CAPTCHA yesterday for both new accounts and Guest Orders but I don't think that worked as we have 700 new fake accounts today alone (and it's only 13:33 MST). What else do I need to do to stop this? I am so desperate I'm even thinking to temporarily stop sending Emails after customer registers. Please help...
– Allysin
Oct 16 '18 at 19:39
@Allysin : did you fix this issue?
– DependencyHell
Nov 1 '18 at 13:50
Not yet - I've just tried putting in the Magento 1.9 Captcha but I guess it must be outdated because the problem continued. We ended up temporarily shutting the site down (we had like 150 000 new account registrations). Now it's been down for over a week and we are loosing revenue as well SEO rankings so I will have to do something soon. Someone suggested CAPTCHA from Amasty ($59) but I'm not sure if that will really work? Any other suggestions are greatly appreciated.
– Allysin
Nov 1 '18 at 17:22
I've seen other people complaining that the captcha is not enough for these kind of bot. Did you read the solution #6 I wrote there ? magento.stackexchange.com/questions/233368/… you can do this easily in your database, then try to register like the bot does to ensure it works
– DependencyHell
Nov 2 '18 at 10:01
add a comment |
Russian Email addresses (just registered).
We have had problems with being blacklisted on different blacklists recently even though we NEVER EVER sent any spam whatsover! Could this be connected?
Sure all of this is connected, if your website send a 'Welcome message' to new users, plus a 'Thank you for subscribing to our newsletter' to people that did not requested that, they identify your mails as spam, and you get blacklisted.
The worst scenario is when they use fields like firstname or lastname to include their 'propaganda', such as links to websites with fraud messages, identified (automatically) as spam by mailbox services.
Here is an example of what can be sent through the firstname via your shop :
Приветствуем Xxx! Ваш баланс №13567996ஆ 06.09.2018 подлежит упразднению. Укажите признак выплаты тут-
Welcome Xxx! Your balance №13567996ஆ on 06.09.2018 is subject to abolition. Specify the payment indication here-
http://one-bad-link-here.gq/123456
If sent to russian people only, they may not understand english and just click on this link !
Same thing in chinese too.
answered Sep 4 '18 at 8:05
DependencyHellDependencyHell
828422
for solution, see there : magento.stackexchange.com/a/240716/50635
– DependencyHell
Sep 9 '18 at 20:00
We now have 136 348 new accounts. I have activated the Magento CAPTCHA yesterday for both new accounts and Guest Orders but I don't think that worked as we have 700 new fake accounts today alone (and it's only 13:33 MST). What else do I need to do to stop this? I am so desperate I'm even thinking to temporarily stop sending Emails after customer registers. Please help...
– Allysin
Oct 16 '18 at 19:39
@Allysin : did you fix this issue?
– DependencyHell
Nov 1 '18 at 13:50
Not yet - I've just tried putting in the Magento 1.9 Captcha but I guess it must be outdated because the problem continued. We ended up temporarily shutting the site down (we had like 150 000 new account registrations). Now it's been down for over a week and we are loosing revenue as well SEO rankings so I will have to do something soon. Someone suggested CAPTCHA from Amasty ($59) but I'm not sure if that will really work? Any other suggestions are greatly appreciated.
– Allysin
Nov 1 '18 at 17:22
I've seen other people complaining that the captcha is not enough for these kind of bot. Did you read the solution #6 I wrote there ? magento.stackexchange.com/questions/233368/… you can do this easily in your database, then try to register like the bot does to ensure it works
– DependencyHell
Nov 2 '18 at 10:01
add a comment |
Russian Email addresses (just registered).
We have had problems with being blacklisted on different blacklists recently even though we NEVER EVER sent any spam whatsover! Could this be connected?
Sure all of this is connected, if your website send a 'Welcome message' to new users, plus a 'Thank you for subscribing to our newsletter' to people that did not requested that, they identify your mails as spam, and you get blacklisted.
The worst scenario is when they use fields like firstname or lastname to include their 'propaganda', such as links to websites with fraud messages, identified (automatically) as spam by mailbox services.
Here is an example of what can be sent through the firstname via your shop :
Приветствуем Xxx! Ваш баланс №13567996ஆ 06.09.2018 подлежит упразднению. Укажите признак выплаты тут-
Welcome Xxx! Your balance №13567996ஆ on 06.09.2018 is subject to abolition. Specify the payment indication here-
http://one-bad-link-here.gq/123456
If sent to russian people only, they may not understand english and just click on this link !
Same thing in chinese too.
answered Sep 4 '18 at 8:05
DependencyHellDependencyHell
828422
Russian Email addresses (just registered).
We have had problems with being blacklisted on different blacklists recently even though we NEVER EVER sent any spam whatsover! Could this be connected?
Sure all of this is connected, if your website send a 'Welcome message' to new users, plus a 'Thank you for subscribing to our newsletter' to people that did not requested that, they identify your mails as spam, and you get blacklisted.
The worst scenario is when they use fields like firstname or lastname to include their 'propaganda', such as links to websites with fraud messages, identified (automatically) as spam by mailbox services.
Here is an example of what can be sent through the firstname via your shop :
Приветствуем Xxx! Ваш баланс №13567996ஆ 06.09.2018 подлежит упразднению. Укажите признак выплаты тут-
Welcome Xxx! Your balance №13567996ஆ on 06.09.2018 is subject to abolition. Specify the payment indication here-
http://one-bad-link-here.gq/123456
If sent to russian people only, they may not understand english and just click on this link !
Same thing in chinese too.
answered Sep 4 '18 at 8:05
DependencyHellDependencyHell
828422
answered Sep 4 '18 at 8:05
DependencyHellDependencyHell
828422
answered Sep 4 '18 at 8:05
DependencyHellDependencyHell
828422
answered Sep 4 '18 at 8:05
DependencyHellDependencyHell
828422
828422
for solution, see there : magento.stackexchange.com/a/240716/50635
– DependencyHell
Sep 9 '18 at 20:00
We now have 136 348 new accounts. I have activated the Magento CAPTCHA yesterday for both new accounts and Guest Orders but I don't think that worked as we have 700 new fake accounts today alone (and it's only 13:33 MST). What else do I need to do to stop this? I am so desperate I'm even thinking to temporarily stop sending Emails after customer registers. Please help...
– Allysin
Oct 16 '18 at 19:39
@Allysin : did you fix this issue?
– DependencyHell
Nov 1 '18 at 13:50
Not yet - I've just tried putting in the Magento 1.9 Captcha but I guess it must be outdated because the problem continued. We ended up temporarily shutting the site down (we had like 150 000 new account registrations). Now it's been down for over a week and we are loosing revenue as well SEO rankings so I will have to do something soon. Someone suggested CAPTCHA from Amasty ($59) but I'm not sure if that will really work? Any other suggestions are greatly appreciated.
– Allysin
Nov 1 '18 at 17:22
I've seen other people complaining that the captcha is not enough for these kind of bot. Did you read the solution #6 I wrote there ? magento.stackexchange.com/questions/233368/… you can do this easily in your database, then try to register like the bot does to ensure it works
– DependencyHell
Nov 2 '18 at 10:01
add a comment |
for solution, see there : magento.stackexchange.com/a/240716/50635
– DependencyHell
Sep 9 '18 at 20:00
We now have 136 348 new accounts. I have activated the Magento CAPTCHA yesterday for both new accounts and Guest Orders but I don't think that worked as we have 700 new fake accounts today alone (and it's only 13:33 MST). What else do I need to do to stop this? I am so desperate I'm even thinking to temporarily stop sending Emails after customer registers. Please help...
– Allysin
Oct 16 '18 at 19:39
@Allysin : did you fix this issue?
– DependencyHell
Nov 1 '18 at 13:50
Not yet - I've just tried putting in the Magento 1.9 Captcha but I guess it must be outdated because the problem continued. We ended up temporarily shutting the site down (we had like 150 000 new account registrations). Now it's been down for over a week and we are loosing revenue as well SEO rankings so I will have to do something soon. Someone suggested CAPTCHA from Amasty ($59) but I'm not sure if that will really work? Any other suggestions are greatly appreciated.
– Allysin
Nov 1 '18 at 17:22
I've seen other people complaining that the captcha is not enough for these kind of bot. Did you read the solution #6 I wrote there ? magento.stackexchange.com/questions/233368/… you can do this easily in your database, then try to register like the bot does to ensure it works
– DependencyHell
Nov 2 '18 at 10:01
for solution, see there : magento.stackexchange.com/a/240716/50635
– DependencyHell
Sep 9 '18 at 20:00
for solution, see there : magento.stackexchange.com/a/240716/50635
– DependencyHell
Sep 9 '18 at 20:00
We now have 136 348 new accounts. I have activated the Magento CAPTCHA yesterday for both new accounts and Guest Orders but I don't think that worked as we have 700 new fake accounts today alone (and it's only 13:33 MST). What else do I need to do to stop this? I am so desperate I'm even thinking to temporarily stop sending Emails after customer registers. Please help...
– Allysin
Oct 16 '18 at 19:39
We now have 136 348 new accounts. I have activated the Magento CAPTCHA yesterday for both new accounts and Guest Orders but I don't think that worked as we have 700 new fake accounts today alone (and it's only 13:33 MST). What else do I need to do to stop this? I am so desperate I'm even thinking to temporarily stop sending Emails after customer registers. Please help...
– Allysin
Oct 16 '18 at 19:39
@Allysin : did you fix this issue?
– DependencyHell
Nov 1 '18 at 13:50
@Allysin : did you fix this issue?
– DependencyHell
Nov 1 '18 at 13:50
Not yet - I've just tried putting in the Magento 1.9 Captcha but I guess it must be outdated because the problem continued. We ended up temporarily shutting the site down (we had like 150 000 new account registrations). Now it's been down for over a week and we are loosing revenue as well SEO rankings so I will have to do something soon. Someone suggested CAPTCHA from Amasty ($59) but I'm not sure if that will really work? Any other suggestions are greatly appreciated.
– Allysin
Nov 1 '18 at 17:22
Not yet - I've just tried putting in the Magento 1.9 Captcha but I guess it must be outdated because the problem continued. We ended up temporarily shutting the site down (we had like 150 000 new account registrations). Now it's been down for over a week and we are loosing revenue as well SEO rankings so I will have to do something soon. Someone suggested CAPTCHA from Amasty ($59) but I'm not sure if that will really work? Any other suggestions are greatly appreciated.
– Allysin
Nov 1 '18 at 17:22
I've seen other people complaining that the captcha is not enough for these kind of bot. Did you read the solution #6 I wrote there ? magento.stackexchange.com/questions/233368/… you can do this easily in your database, then try to register like the bot does to ensure it works
– DependencyHell
Nov 2 '18 at 10:01
I've seen other people complaining that the captcha is not enough for these kind of bot. Did you read the solution #6 I wrote there ? magento.stackexchange.com/questions/233368/… you can do this easily in your database, then try to register like the bot does to ensure it works
– DependencyHell
Nov 2 '18 at 10:01
add a comment |
I think your site is attacked by some hackers, Recently I got news that many sites were attcked by this groups, to prevent this you can enable captcha in registration page.
to enable captcha
Go to System->Configuration->Customers->Customer Configuration->Enable captcha
answered Apr 28 '18 at 13:22
Murtuza ZabuawalaMurtuza Zabuawala
12.7k73362
Hacked as in they got inside the Admin panel and had access to all the info in there? Or hacked that they sent spam somehow? I am enabling CAPTCHA now - shall I do it for all 3? (Forgot password, Checkout as Guest, and Register during Checkout)? How do they hack the site? Guess the passowrd?
– Allysin
Apr 28 '18 at 16:49
We had 81 fake accounts created on February 16th alone. They all are from something@yandex.ru (the something part changes)
– Allysin
Apr 28 '18 at 17:00
some of them refernce something like: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> rh.drive.google.com/open?id=1eA6rAsRSPrUk_J5zquu6NKG4Mk1irM8v
– Allysin
Apr 28 '18 at 17:01
or this as the name: "<p>The requested URL /es_combine/subjects.txt was not found on this server.</p> 530.drive.google.com/open?id=1Ky1OOErUWAETGRt4OI7phoVSzqNDwRJ7"
– Allysin
Apr 28 '18 at 17:03
1
they create account even enable magento default capcha, not sure how they do that
– Suneth Kalhara
Feb 18 at 8:31
|
show 5 more comments
I think your site is attacked by some hackers, Recently I got news that many sites were attcked by this groups, to prevent this you can enable captcha in registration page.
to enable captcha
Go to System->Configuration->Customers->Customer Configuration->Enable captcha
answered Apr 28 '18 at 13:22
Murtuza ZabuawalaMurtuza Zabuawala
12.7k73362
Hacked as in they got inside the Admin panel and had access to all the info in there? Or hacked that they sent spam somehow? I am enabling CAPTCHA now - shall I do it for all 3? (Forgot password, Checkout as Guest, and Register during Checkout)? How do they hack the site? Guess the passowrd?
– Allysin
Apr 28 '18 at 16:49
We had 81 fake accounts created on February 16th alone. They all are from something@yandex.ru (the something part changes)
– Allysin
Apr 28 '18 at 17:00
some of them refernce something like: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> rh.drive.google.com/open?id=1eA6rAsRSPrUk_J5zquu6NKG4Mk1irM8v
– Allysin
Apr 28 '18 at 17:01
or this as the name: "<p>The requested URL /es_combine/subjects.txt was not found on this server.</p> 530.drive.google.com/open?id=1Ky1OOErUWAETGRt4OI7phoVSzqNDwRJ7"
– Allysin
Apr 28 '18 at 17:03
1
they create account even enable magento default capcha, not sure how they do that
– Suneth Kalhara
Feb 18 at 8:31
|
show 5 more comments
I think your site is attacked by some hackers, Recently I got news that many sites were attcked by this groups, to prevent this you can enable captcha in registration page.
to enable captcha
Go to System->Configuration->Customers->Customer Configuration->Enable captcha
answered Apr 28 '18 at 13:22
Murtuza ZabuawalaMurtuza Zabuawala
12.7k73362
I think your site is attacked by some hackers, Recently I got news that many sites were attcked by this groups, to prevent this you can enable captcha in registration page.
to enable captcha
Go to System->Configuration->Customers->Customer Configuration->Enable captcha
answered Apr 28 '18 at 13:22
Murtuza ZabuawalaMurtuza Zabuawala
12.7k73362
edited Apr 28 '18 at 17:56
answered Apr 28 '18 at 13:22
Murtuza ZabuawalaMurtuza Zabuawala
12.7k73362
answered Apr 28 '18 at 13:22
Murtuza ZabuawalaMurtuza Zabuawala
12.7k73362
answered Apr 28 '18 at 13:22
Murtuza ZabuawalaMurtuza Zabuawala
12.7k73362
12.7k73362
Hacked as in they got inside the Admin panel and had access to all the info in there? Or hacked that they sent spam somehow? I am enabling CAPTCHA now - shall I do it for all 3? (Forgot password, Checkout as Guest, and Register during Checkout)? How do they hack the site? Guess the passowrd?
– Allysin
Apr 28 '18 at 16:49
We had 81 fake accounts created on February 16th alone. They all are from something@yandex.ru (the something part changes)
– Allysin
Apr 28 '18 at 17:00
some of them refernce something like: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> rh.drive.google.com/open?id=1eA6rAsRSPrUk_J5zquu6NKG4Mk1irM8v
– Allysin
Apr 28 '18 at 17:01
or this as the name: "<p>The requested URL /es_combine/subjects.txt was not found on this server.</p> 530.drive.google.com/open?id=1Ky1OOErUWAETGRt4OI7phoVSzqNDwRJ7"
– Allysin
Apr 28 '18 at 17:03
1
they create account even enable magento default capcha, not sure how they do that
– Suneth Kalhara
Feb 18 at 8:31
|
show 5 more comments
Hacked as in they got inside the Admin panel and had access to all the info in there? Or hacked that they sent spam somehow? I am enabling CAPTCHA now - shall I do it for all 3? (Forgot password, Checkout as Guest, and Register during Checkout)? How do they hack the site? Guess the passowrd?
– Allysin
Apr 28 '18 at 16:49
We had 81 fake accounts created on February 16th alone. They all are from something@yandex.ru (the something part changes)
– Allysin
Apr 28 '18 at 17:00
some of them refernce something like: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> rh.drive.google.com/open?id=1eA6rAsRSPrUk_J5zquu6NKG4Mk1irM8v
– Allysin
Apr 28 '18 at 17:01
or this as the name: "<p>The requested URL /es_combine/subjects.txt was not found on this server.</p> 530.drive.google.com/open?id=1Ky1OOErUWAETGRt4OI7phoVSzqNDwRJ7"
– Allysin
Apr 28 '18 at 17:03
1
they create account even enable magento default capcha, not sure how they do that
– Suneth Kalhara
Feb 18 at 8:31
Hacked as in they got inside the Admin panel and had access to all the info in there? Or hacked that they sent spam somehow? I am enabling CAPTCHA now - shall I do it for all 3? (Forgot password, Checkout as Guest, and Register during Checkout)? How do they hack the site? Guess the passowrd?
– Allysin
Apr 28 '18 at 16:49
Hacked as in they got inside the Admin panel and had access to all the info in there? Or hacked that they sent spam somehow? I am enabling CAPTCHA now - shall I do it for all 3? (Forgot password, Checkout as Guest, and Register during Checkout)? How do they hack the site? Guess the passowrd?
– Allysin
Apr 28 '18 at 16:49
We had 81 fake accounts created on February 16th alone. They all are from something@yandex.ru (the something part changes)
– Allysin
Apr 28 '18 at 17:00
We had 81 fake accounts created on February 16th alone. They all are from something@yandex.ru (the something part changes)
– Allysin
Apr 28 '18 at 17:00
some of them refernce something like: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> rh.drive.google.com/open?id=1eA6rAsRSPrUk_J5zquu6NKG4Mk1irM8v
– Allysin
Apr 28 '18 at 17:01
some of them refernce something like: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> rh.drive.google.com/open?id=1eA6rAsRSPrUk_J5zquu6NKG4Mk1irM8v
– Allysin
Apr 28 '18 at 17:01
or this as the name: "<p>The requested URL /es_combine/subjects.txt was not found on this server.</p> 530.drive.google.com/open?id=1Ky1OOErUWAETGRt4OI7phoVSzqNDwRJ7"
– Allysin
Apr 28 '18 at 17:03
or this as the name: "<p>The requested URL /es_combine/subjects.txt was not found on this server.</p> 530.drive.google.com/open?id=1Ky1OOErUWAETGRt4OI7phoVSzqNDwRJ7"
– Allysin
Apr 28 '18 at 17:03
1
1
they create account even enable magento default capcha, not sure how they do that
– Suneth Kalhara
Feb 18 at 8:31
they create account even enable magento default capcha, not sure how they do that
– Suneth Kalhara
Feb 18 at 8:31
|
show 5 more comments
May be that can help … I install free module from mageplaza Google reCaptcha - Invisible CAPTCHA and it seems don't have anymore Russian new account.. It didn't cost me a penny and was easy to install.
answered Jan 28 at 10:47
cadoworldcadoworld
163
add a comment |
May be that can help … I install free module from mageplaza Google reCaptcha - Invisible CAPTCHA and it seems don't have anymore Russian new account.. It didn't cost me a penny and was easy to install.
answered Jan 28 at 10:47
cadoworldcadoworld
163
add a comment |
May be that can help … I install free module from mageplaza Google reCaptcha - Invisible CAPTCHA and it seems don't have anymore Russian new account.. It didn't cost me a penny and was easy to install.
answered Jan 28 at 10:47
cadoworldcadoworld
163
May be that can help … I install free module from mageplaza Google reCaptcha - Invisible CAPTCHA and it seems don't have anymore Russian new account.. It didn't cost me a penny and was easy to install.
answered Jan 28 at 10:47
cadoworldcadoworld
163
answered Jan 28 at 10:47
cadoworldcadoworld
163
answered Jan 28 at 10:47
cadoworldcadoworld
163
answered Jan 28 at 10:47
cadoworldcadoworld
163
163
add a comment |
add a comment |
Magento 1.9.x:
We also have the problem with Russian "cheaters" that use our Customer Registration form to send spam-mails to a lot of unknown users. They also pass by our reCaptcha. But I found this solution to help (for now):
- Reduce the possible text length for the first name / last name to around 30 letters, as the russian text usually are much longer.
You have to edit your database table "customer_eav_attribute". In record 5 and 7, you can change values for length limitations for first name (5th) and last name (7th). Change the max_text_length with value 255 to 30 or any other number of your choice. With longer values in the text box, the "bot" will only get error messages.
answered Feb 10 at 18:05
AtianAtian
2117
Hi, For the solution you mentioned above. What should i do for Magento 2.2.6? the validate_rules is showing as ""max_text_length":225,"min_text_length":1", and there is also an "input_filter": "trim". should i remove "trim", and edit the 225 to 25? i tried it yesterday but the russian spam still coming through.
– Kris Wen
Mar 19 at 16:16
add a comment |
Magento 1.9.x:
We also have the problem with Russian "cheaters" that use our Customer Registration form to send spam-mails to a lot of unknown users. They also pass by our reCaptcha. But I found this solution to help (for now):
- Reduce the possible text length for the first name / last name to around 30 letters, as the russian text usually are much longer.
You have to edit your database table "customer_eav_attribute". In record 5 and 7, you can change values for length limitations for first name (5th) and last name (7th). Change the max_text_length with value 255 to 30 or any other number of your choice. With longer values in the text box, the "bot" will only get error messages.
answered Feb 10 at 18:05
AtianAtian
2117
Hi, For the solution you mentioned above. What should i do for Magento 2.2.6? the validate_rules is showing as ""max_text_length":225,"min_text_length":1", and there is also an "input_filter": "trim". should i remove "trim", and edit the 225 to 25? i tried it yesterday but the russian spam still coming through.
– Kris Wen
Mar 19 at 16:16
add a comment |
Magento 1.9.x:
We also have the problem with Russian "cheaters" that use our Customer Registration form to send spam-mails to a lot of unknown users. They also pass by our reCaptcha. But I found this solution to help (for now):
- Reduce the possible text length for the first name / last name to around 30 letters, as the russian text usually are much longer.
You have to edit your database table "customer_eav_attribute". In record 5 and 7, you can change values for length limitations for first name (5th) and last name (7th). Change the max_text_length with value 255 to 30 or any other number of your choice. With longer values in the text box, the "bot" will only get error messages.
answered Feb 10 at 18:05
AtianAtian
2117
Magento 1.9.x:
We also have the problem with Russian "cheaters" that use our Customer Registration form to send spam-mails to a lot of unknown users. They also pass by our reCaptcha. But I found this solution to help (for now):
- Reduce the possible text length for the first name / last name to around 30 letters, as the russian text usually are much longer.
You have to edit your database table "customer_eav_attribute". In record 5 and 7, you can change values for length limitations for first name (5th) and last name (7th). Change the max_text_length with value 255 to 30 or any other number of your choice. With longer values in the text box, the "bot" will only get error messages.
answered Feb 10 at 18:05
AtianAtian
2117
answered Feb 10 at 18:05
AtianAtian
2117
answered Feb 10 at 18:05
AtianAtian
2117
answered Feb 10 at 18:05
AtianAtian
2117
2117
Hi, For the solution you mentioned above. What should i do for Magento 2.2.6? the validate_rules is showing as ""max_text_length":225,"min_text_length":1", and there is also an "input_filter": "trim". should i remove "trim", and edit the 225 to 25? i tried it yesterday but the russian spam still coming through.
– Kris Wen
Mar 19 at 16:16
add a comment |
Hi, For the solution you mentioned above. What should i do for Magento 2.2.6? the validate_rules is showing as ""max_text_length":225,"min_text_length":1", and there is also an "input_filter": "trim". should i remove "trim", and edit the 225 to 25? i tried it yesterday but the russian spam still coming through.
– Kris Wen
Mar 19 at 16:16
Hi, For the solution you mentioned above. What should i do for Magento 2.2.6? the validate_rules is showing as ""max_text_length":225,"min_text_length":1", and there is also an "input_filter": "trim". should i remove "trim", and edit the 225 to 25? i tried it yesterday but the russian spam still coming through.
– Kris Wen
Mar 19 at 16:16
Hi, For the solution you mentioned above. What should i do for Magento 2.2.6? the validate_rules is showing as ""max_text_length":225,"min_text_length":1", and there is also an "input_filter": "trim". should i remove "trim", and edit the 225 to 25? i tried it yesterday but the russian spam still coming through.
– Kris Wen
Mar 19 at 16:16
add a comment |
You can block russian user to register in your store by validation in your registration page. It will work, i am also using this.
<script type="text/javascript">
jQuery('.customer-account-create #email_address').blur(function()
var emailId = jQuery('.customer-account-create #email_address').val();
if( emailId.indexOf('.ru') >= 0)
//alert("This email can not be registered.");
jQuery('.customer-account-create #email_address').val('');
jQuery('.customer-account-create #email_address').focus();
return false;
);
answered 19 mins ago
Imroz AnjumImroz Anjum
164
add a comment |
You can block russian user to register in your store by validation in your registration page. It will work, i am also using this.
<script type="text/javascript">
jQuery('.customer-account-create #email_address').blur(function()
var emailId = jQuery('.customer-account-create #email_address').val();
if( emailId.indexOf('.ru') >= 0)
//alert("This email can not be registered.");
jQuery('.customer-account-create #email_address').val('');
jQuery('.customer-account-create #email_address').focus();
return false;
);
answered 19 mins ago
Imroz AnjumImroz Anjum
164
add a comment |
You can block russian user to register in your store by validation in your registration page. It will work, i am also using this.
<script type="text/javascript">
jQuery('.customer-account-create #email_address').blur(function()
var emailId = jQuery('.customer-account-create #email_address').val();
if( emailId.indexOf('.ru') >= 0)
//alert("This email can not be registered.");
jQuery('.customer-account-create #email_address').val('');
jQuery('.customer-account-create #email_address').focus();
return false;
);
answered 19 mins ago
Imroz AnjumImroz Anjum
164
You can block russian user to register in your store by validation in your registration page. It will work, i am also using this.
<script type="text/javascript">
jQuery('.customer-account-create #email_address').blur(function()
var emailId = jQuery('.customer-account-create #email_address').val();
if( emailId.indexOf('.ru') >= 0)
//alert("This email can not be registered.");
jQuery('.customer-account-create #email_address').val('');
jQuery('.customer-account-create #email_address').focus();
return false;
);
answered 19 mins ago
Imroz AnjumImroz Anjum
164
answered 19 mins ago
Imroz AnjumImroz Anjum
164
answered 19 mins ago
Imroz AnjumImroz Anjum
164
answered 19 mins ago
Imroz AnjumImroz Anjum
164
164
add a comment |
add a comment |
Thanks for contributing an answer to Magento Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fmagento.stackexchange.com%2fquestions%2f224083%2fpeople-from-russia-making-fake-accounts-in-our-magento-1-9-x-store-why%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
did you activate reCaptcha on registration
– WISAM HAKIM
Apr 28 '18 at 13:55
magecomp.com/magento-new-recaptcha.html - Add this plugin which add google captcha on your site. So spammer will not add fake data in your site.
– Chirag Rajput
Apr 30 '18 at 5:30
1
this is no any hackers, this is just a bot - he registers an account with advertising information, and an activation letter or a newsletter comes to this email back and can be confusing to the owner. just enable honeypot or captcha.
– MagenX
Apr 30 '18 at 6:53