People from Russia making fake accounts in our Magento 1.9.x store - why? The 2019 Stack...

What to do when moving next to a bird sanctuary with a loosely-domesticated cat?

Why are there uneven bright areas in this photo of black hole?

Accepted by European university, rejected by all American ones I applied to? Possible reasons?

how can a perfect fourth interval be considered either consonant or dissonant?

Simulating Exploding Dice

What aspect of planet Earth must be changed to prevent the industrial revolution?

Is 'stolen' appropriate word?

Does Parliament hold absolute power in the UK?

Do I have Disadvantage attacking with an off-hand weapon?

Is every episode of "Where are my Pants?" identical?

What would this chord progression be called?

"... to apply for a visa" or "... and applied for a visa"?

Did the UK government pay "millions and millions of dollars" to try to snag Julian Assange?

Deal with toxic manager when you can't quit

Mortgage adviser recommends a longer term than necessary combined with overpayments

Did the new image of black hole confirm the general theory of relativity?

How to determine omitted units in a publication

How did passengers keep warm on sail ships?

What is the role of 'For' here?

Huge performance difference of the command find with and without using %M option to show permissions

Presidential Pardon

Keeping a retro style to sci-fi spaceships?

How do you keep chess fun when your opponent constantly beats you?

First use of “packing” as in carrying a gun



People from Russia making fake accounts in our Magento 1.9.x store - why?



The 2019 Stack Overflow Developer Survey Results Are In
Announcing the arrival of Valued Associate #679: Cesar Manara
Planned maintenance scheduled April 17/18, 2019 at 00:00UTC (8:00pm US/Eastern)Prevent Spam Account RegistrationI accidentaly deleted some customers from CUSTOMERS - MANAGE CUSTOMERS…How to import them back from a backup?How to make Magento NOT send Thank you for registering Welcome Email?How to know from which site a customer is redirected to our storeCustomers couldn't login from Safari In magento 1.9How to transfer user accounts (user ID, password) from Magento 1.3.1 to 1.9.1?Magento global accounts set, but newsletter per storename or storeview - multi-storeMagento 1.9 infection - replicating html/php to fake Nike storeMagento 1 - Stop Spam Accounts from being createdMagento 1.9 : How to create our own custom timezone?Magento 1.9 - Why different Product URL for different StoreMagento 1.9 Fake customer with addressMaking addToCart and cart page execute synchronously in magento 1.9





.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ margin-bottom:0;
}







3















Magento 1.9.1 and 1.9.3.7
Porto theme


We have 2 Magento installations each with multiple domains/websites. I have noticed recently in the CUSTOMERS --) MANAGE CUSTOMERS area that there are customers with Russian Email addresses there (they never bought anything just registered).



Why would someone do that and is there any kind of a security risk involved? Shall I delete those accounts?



We have had problems with being blacklisted on different blacklists recently even though we NEVER EVER sent any spam whatsover! Could this be connected?



UPDATE ON October 16th, 2018:


We now have 136 348 new accounts. I have activated the Magento CAPTCHA yesterday for both new accounts and Guest Orders but I don't think that worked as we have 700 new fake accounts today alone (and it's only 13:33 MST).
What else do I need to do to stop this? I am so desperate I'm even thinking to temporarily stop sending Emails after customer registers. Please help...










share|improve this question

























  • did you activate reCaptcha on registration

    – WISAM HAKIM
    Apr 28 '18 at 13:55











  • magecomp.com/magento-new-recaptcha.html - Add this plugin which add google captcha on your site. So spammer will not add fake data in your site.

    – Chirag Rajput
    Apr 30 '18 at 5:30






  • 1





    this is no any hackers, this is just a bot - he registers an account with advertising information, and an activation letter or a newsletter comes to this email back and can be confusing to the owner. just enable honeypot or captcha.

    – MagenX
    Apr 30 '18 at 6:53


















3















Magento 1.9.1 and 1.9.3.7
Porto theme


We have 2 Magento installations each with multiple domains/websites. I have noticed recently in the CUSTOMERS --) MANAGE CUSTOMERS area that there are customers with Russian Email addresses there (they never bought anything just registered).



Why would someone do that and is there any kind of a security risk involved? Shall I delete those accounts?



We have had problems with being blacklisted on different blacklists recently even though we NEVER EVER sent any spam whatsover! Could this be connected?



UPDATE ON October 16th, 2018:


We now have 136 348 new accounts. I have activated the Magento CAPTCHA yesterday for both new accounts and Guest Orders but I don't think that worked as we have 700 new fake accounts today alone (and it's only 13:33 MST).
What else do I need to do to stop this? I am so desperate I'm even thinking to temporarily stop sending Emails after customer registers. Please help...










share|improve this question

























  • did you activate reCaptcha on registration

    – WISAM HAKIM
    Apr 28 '18 at 13:55











  • magecomp.com/magento-new-recaptcha.html - Add this plugin which add google captcha on your site. So spammer will not add fake data in your site.

    – Chirag Rajput
    Apr 30 '18 at 5:30






  • 1





    this is no any hackers, this is just a bot - he registers an account with advertising information, and an activation letter or a newsletter comes to this email back and can be confusing to the owner. just enable honeypot or captcha.

    – MagenX
    Apr 30 '18 at 6:53














3












3








3


2






Magento 1.9.1 and 1.9.3.7
Porto theme


We have 2 Magento installations each with multiple domains/websites. I have noticed recently in the CUSTOMERS --) MANAGE CUSTOMERS area that there are customers with Russian Email addresses there (they never bought anything just registered).



Why would someone do that and is there any kind of a security risk involved? Shall I delete those accounts?



We have had problems with being blacklisted on different blacklists recently even though we NEVER EVER sent any spam whatsover! Could this be connected?



UPDATE ON October 16th, 2018:


We now have 136 348 new accounts. I have activated the Magento CAPTCHA yesterday for both new accounts and Guest Orders but I don't think that worked as we have 700 new fake accounts today alone (and it's only 13:33 MST).
What else do I need to do to stop this? I am so desperate I'm even thinking to temporarily stop sending Emails after customer registers. Please help...










share|improve this question
















Magento 1.9.1 and 1.9.3.7
Porto theme


We have 2 Magento installations each with multiple domains/websites. I have noticed recently in the CUSTOMERS --) MANAGE CUSTOMERS area that there are customers with Russian Email addresses there (they never bought anything just registered).



Why would someone do that and is there any kind of a security risk involved? Shall I delete those accounts?



We have had problems with being blacklisted on different blacklists recently even though we NEVER EVER sent any spam whatsover! Could this be connected?



UPDATE ON October 16th, 2018:


We now have 136 348 new accounts. I have activated the Magento CAPTCHA yesterday for both new accounts and Guest Orders but I don't think that worked as we have 700 new fake accounts today alone (and it's only 13:33 MST).
What else do I need to do to stop this? I am so desperate I'm even thinking to temporarily stop sending Emails after customer registers. Please help...







magento-1.9 customer customer-account registration






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Oct 16 '18 at 19:35







Allysin

















asked Apr 28 '18 at 12:50









AllysinAllysin

701040




701040













  • did you activate reCaptcha on registration

    – WISAM HAKIM
    Apr 28 '18 at 13:55











  • magecomp.com/magento-new-recaptcha.html - Add this plugin which add google captcha on your site. So spammer will not add fake data in your site.

    – Chirag Rajput
    Apr 30 '18 at 5:30






  • 1





    this is no any hackers, this is just a bot - he registers an account with advertising information, and an activation letter or a newsletter comes to this email back and can be confusing to the owner. just enable honeypot or captcha.

    – MagenX
    Apr 30 '18 at 6:53



















  • did you activate reCaptcha on registration

    – WISAM HAKIM
    Apr 28 '18 at 13:55











  • magecomp.com/magento-new-recaptcha.html - Add this plugin which add google captcha on your site. So spammer will not add fake data in your site.

    – Chirag Rajput
    Apr 30 '18 at 5:30






  • 1





    this is no any hackers, this is just a bot - he registers an account with advertising information, and an activation letter or a newsletter comes to this email back and can be confusing to the owner. just enable honeypot or captcha.

    – MagenX
    Apr 30 '18 at 6:53

















did you activate reCaptcha on registration

– WISAM HAKIM
Apr 28 '18 at 13:55





did you activate reCaptcha on registration

– WISAM HAKIM
Apr 28 '18 at 13:55













magecomp.com/magento-new-recaptcha.html - Add this plugin which add google captcha on your site. So spammer will not add fake data in your site.

– Chirag Rajput
Apr 30 '18 at 5:30





magecomp.com/magento-new-recaptcha.html - Add this plugin which add google captcha on your site. So spammer will not add fake data in your site.

– Chirag Rajput
Apr 30 '18 at 5:30




1




1





this is no any hackers, this is just a bot - he registers an account with advertising information, and an activation letter or a newsletter comes to this email back and can be confusing to the owner. just enable honeypot or captcha.

– MagenX
Apr 30 '18 at 6:53





this is no any hackers, this is just a bot - he registers an account with advertising information, and an activation letter or a newsletter comes to this email back and can be confusing to the owner. just enable honeypot or captcha.

– MagenX
Apr 30 '18 at 6:53










6 Answers
6






active

oldest

votes


















5














If your Magento doesn't support CAPTCHA or you don't want to active it, you can modify the validate() function (line 709) /var/www/app/code/core/Mage/Customer/Model/Customer.php to block http string in customer name:



if (preg_match('/http/', $this->getFirstname())) {
$errors[] = Mage::helper('customer')->__('Password minimal length must be more %s', 32);
}
if (preg_match('/http/', $this->getLastname())) {
$errors[] = Mage::helper('customer')->__('Password minimal length must be more %s', 32);
}





share|improve this answer


























  • This is not working for an url like google.com. Replace /http.*=/ with /http/ as it is almost impossible people to have "http" in the name. I also added this for last name too.

    – Fa11enAngel
    Oct 6 '18 at 14:02













  • @Fa11enAngel We now have 136 348 new accounts. I have activated the Magento CAPTCHA yesterday for both new accounts and Guest Orders but I don't think that worked as we have 700 new fake accounts today alone (and it's only 13:33 MST). What else do I need to do to stop this? I am so desperate I'm even thinking to temporarily stop sending Emails after customer registers. Please help... I will try your solution next...

    – Allysin
    Oct 16 '18 at 19:40











  • Captcha is too simple in Magento and can be cracked very simple by tools. Try this. Currently it is working what I've changed the answer to.

    – Fa11enAngel
    Oct 16 '18 at 20:23











  • It's probably a good idea to change preg_match('/http/', ... to preg_match('/http/i', ... to make it case insensitive. I've not encountered Russian spam links with upper case characters but it would otherwise be easy for them to bypass this check.

    – Marco Miltenburg
    Jan 24 at 9:43



















4















Russian Email addresses (just registered).



We have had problems with being blacklisted on different blacklists recently even though we NEVER EVER sent any spam whatsover! Could this be connected?




Sure all of this is connected, if your website send a 'Welcome message' to new users, plus a 'Thank you for subscribing to our newsletter' to people that did not requested that, they identify your mails as spam, and you get blacklisted.



The worst scenario is when they use fields like firstname or lastname to include their 'propaganda', such as links to websites with fraud messages, identified (automatically) as spam by mailbox services.



Here is an example of what can be sent through the firstname via your shop :




Приветствуем Xxx! Ваш баланс №13567996ஆ 06.09.2018 подлежит упразднению. Укажите признак выплаты тут-



Welcome Xxx! Your balance №13567996ஆ on 06.09.2018 is subject to abolition. Specify the payment indication here- http://one-bad-link-here.gq/123456




If sent to russian people only, they may not understand english and just click on this link !



Same thing in chinese too.






share|improve this answer
























  • for solution, see there : magento.stackexchange.com/a/240716/50635

    – DependencyHell
    Sep 9 '18 at 20:00











  • We now have 136 348 new accounts. I have activated the Magento CAPTCHA yesterday for both new accounts and Guest Orders but I don't think that worked as we have 700 new fake accounts today alone (and it's only 13:33 MST). What else do I need to do to stop this? I am so desperate I'm even thinking to temporarily stop sending Emails after customer registers. Please help...

    – Allysin
    Oct 16 '18 at 19:39











  • @Allysin : did you fix this issue?

    – DependencyHell
    Nov 1 '18 at 13:50











  • Not yet - I've just tried putting in the Magento 1.9 Captcha but I guess it must be outdated because the problem continued. We ended up temporarily shutting the site down (we had like 150 000 new account registrations). Now it's been down for over a week and we are loosing revenue as well SEO rankings so I will have to do something soon. Someone suggested CAPTCHA from Amasty ($59) but I'm not sure if that will really work? Any other suggestions are greatly appreciated.

    – Allysin
    Nov 1 '18 at 17:22











  • I've seen other people complaining that the captcha is not enough for these kind of bot. Did you read the solution #6 I wrote there ? magento.stackexchange.com/questions/233368/… you can do this easily in your database, then try to register like the bot does to ensure it works

    – DependencyHell
    Nov 2 '18 at 10:01





















1














I think your site is attacked by some hackers, Recently I got news that many sites were attcked by this groups, to prevent this you can enable captcha in registration page.



to enable captcha



Go to System->Configuration->Customers->Customer Configuration->Enable captcha






share|improve this answer


























  • Hacked as in they got inside the Admin panel and had access to all the info in there? Or hacked that they sent spam somehow? I am enabling CAPTCHA now - shall I do it for all 3? (Forgot password, Checkout as Guest, and Register during Checkout)? How do they hack the site? Guess the passowrd?

    – Allysin
    Apr 28 '18 at 16:49











  • We had 81 fake accounts created on February 16th alone. They all are from something@yandex.ru (the something part changes)

    – Allysin
    Apr 28 '18 at 17:00











  • some of them refernce something like: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> rh.drive.google.com/open?id=1eA6rAsRSPrUk_J5zquu6NKG4Mk1irM8v

    – Allysin
    Apr 28 '18 at 17:01











  • or this as the name: "<p>The requested URL /es_combine/subjects.txt was not found on this server.</p> 530.drive.google.com/open?id=1Ky1OOErUWAETGRt4OI7phoVSzqNDwRJ7"

    – Allysin
    Apr 28 '18 at 17:03






  • 1





    they create account even enable magento default capcha, not sure how they do that

    – Suneth Kalhara
    Feb 18 at 8:31



















1














May be that can help … I install free module from mageplaza Google reCaptcha - Invisible CAPTCHA and it seems don't have anymore Russian new account.. It didn't cost me a penny and was easy to install.






share|improve this answer































    0














    Magento 1.9.x:
    We also have the problem with Russian "cheaters" that use our Customer Registration form to send spam-mails to a lot of unknown users. They also pass by our reCaptcha. But I found this solution to help (for now):
    - Reduce the possible text length for the first name / last name to around 30 letters, as the russian text usually are much longer.



    You have to edit your database table "customer_eav_attribute". In record 5 and 7, you can change values for length limitations for first name (5th) and last name (7th). Change the max_text_length with value 255 to 30 or any other number of your choice. With longer values in the text box, the "bot" will only get error messages.






    share|improve this answer
























    • Hi, For the solution you mentioned above. What should i do for Magento 2.2.6? the validate_rules is showing as "{"max_text_length":225,"min_text_length":1}", and there is also an "input_filter": "trim". should i remove "trim", and edit the 225 to 25? i tried it yesterday but the russian spam still coming through.

      – Kris Wen
      Mar 19 at 16:16



















    0














    You can block russian user to register in your store by validation in your registration page. It will work, i am also using this.



    <script type="text/javascript">
    jQuery('.customer-account-create #email_address').blur(function(){
    var emailId = jQuery('.customer-account-create #email_address').val();
    if( emailId.indexOf('.ru') >= 0){
    //alert("This email can not be registered.");
    jQuery('.customer-account-create #email_address').val('');
    jQuery('.customer-account-create #email_address').focus();
    return false;
    }
    });






    share
























      Your Answer








      StackExchange.ready(function() {
      var channelOptions = {
      tags: "".split(" "),
      id: "479"
      };
      initTagRenderer("".split(" "), "".split(" "), channelOptions);

      StackExchange.using("externalEditor", function() {
      // Have to fire editor after snippets, if snippets enabled
      if (StackExchange.settings.snippets.snippetsEnabled) {
      StackExchange.using("snippets", function() {
      createEditor();
      });
      }
      else {
      createEditor();
      }
      });

      function createEditor() {
      StackExchange.prepareEditor({
      heartbeatType: 'answer',
      autoActivateHeartbeat: false,
      convertImagesToLinks: false,
      noModals: true,
      showLowRepImageUploadWarning: true,
      reputationToPostImages: null,
      bindNavPrevention: true,
      postfix: "",
      imageUploader: {
      brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
      contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
      allowUrls: true
      },
      onDemand: true,
      discardSelector: ".discard-answer"
      ,immediatelyShowMarkdownHelp:true
      });


      }
      });














      draft saved

      draft discarded


















      StackExchange.ready(
      function () {
      StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fmagento.stackexchange.com%2fquestions%2f224083%2fpeople-from-russia-making-fake-accounts-in-our-magento-1-9-x-store-why%23new-answer', 'question_page');
      }
      );

      Post as a guest















      Required, but never shown

























      6 Answers
      6






      active

      oldest

      votes








      6 Answers
      6






      active

      oldest

      votes









      active

      oldest

      votes






      active

      oldest

      votes









      5














      If your Magento doesn't support CAPTCHA or you don't want to active it, you can modify the validate() function (line 709) /var/www/app/code/core/Mage/Customer/Model/Customer.php to block http string in customer name:



      if (preg_match('/http/', $this->getFirstname())) {
      $errors[] = Mage::helper('customer')->__('Password minimal length must be more %s', 32);
      }
      if (preg_match('/http/', $this->getLastname())) {
      $errors[] = Mage::helper('customer')->__('Password minimal length must be more %s', 32);
      }





      share|improve this answer


























      • This is not working for an url like google.com. Replace /http.*=/ with /http/ as it is almost impossible people to have "http" in the name. I also added this for last name too.

        – Fa11enAngel
        Oct 6 '18 at 14:02













      • @Fa11enAngel We now have 136 348 new accounts. I have activated the Magento CAPTCHA yesterday for both new accounts and Guest Orders but I don't think that worked as we have 700 new fake accounts today alone (and it's only 13:33 MST). What else do I need to do to stop this? I am so desperate I'm even thinking to temporarily stop sending Emails after customer registers. Please help... I will try your solution next...

        – Allysin
        Oct 16 '18 at 19:40











      • Captcha is too simple in Magento and can be cracked very simple by tools. Try this. Currently it is working what I've changed the answer to.

        – Fa11enAngel
        Oct 16 '18 at 20:23











      • It's probably a good idea to change preg_match('/http/', ... to preg_match('/http/i', ... to make it case insensitive. I've not encountered Russian spam links with upper case characters but it would otherwise be easy for them to bypass this check.

        – Marco Miltenburg
        Jan 24 at 9:43
















      5














      If your Magento doesn't support CAPTCHA or you don't want to active it, you can modify the validate() function (line 709) /var/www/app/code/core/Mage/Customer/Model/Customer.php to block http string in customer name:



      if (preg_match('/http/', $this->getFirstname())) {
      $errors[] = Mage::helper('customer')->__('Password minimal length must be more %s', 32);
      }
      if (preg_match('/http/', $this->getLastname())) {
      $errors[] = Mage::helper('customer')->__('Password minimal length must be more %s', 32);
      }





      share|improve this answer


























      • This is not working for an url like google.com. Replace /http.*=/ with /http/ as it is almost impossible people to have "http" in the name. I also added this for last name too.

        – Fa11enAngel
        Oct 6 '18 at 14:02













      • @Fa11enAngel We now have 136 348 new accounts. I have activated the Magento CAPTCHA yesterday for both new accounts and Guest Orders but I don't think that worked as we have 700 new fake accounts today alone (and it's only 13:33 MST). What else do I need to do to stop this? I am so desperate I'm even thinking to temporarily stop sending Emails after customer registers. Please help... I will try your solution next...

        – Allysin
        Oct 16 '18 at 19:40











      • Captcha is too simple in Magento and can be cracked very simple by tools. Try this. Currently it is working what I've changed the answer to.

        – Fa11enAngel
        Oct 16 '18 at 20:23











      • It's probably a good idea to change preg_match('/http/', ... to preg_match('/http/i', ... to make it case insensitive. I've not encountered Russian spam links with upper case characters but it would otherwise be easy for them to bypass this check.

        – Marco Miltenburg
        Jan 24 at 9:43














      5












      5








      5







      If your Magento doesn't support CAPTCHA or you don't want to active it, you can modify the validate() function (line 709) /var/www/app/code/core/Mage/Customer/Model/Customer.php to block http string in customer name:



      if (preg_match('/http/', $this->getFirstname())) {
      $errors[] = Mage::helper('customer')->__('Password minimal length must be more %s', 32);
      }
      if (preg_match('/http/', $this->getLastname())) {
      $errors[] = Mage::helper('customer')->__('Password minimal length must be more %s', 32);
      }





      share|improve this answer















      If your Magento doesn't support CAPTCHA or you don't want to active it, you can modify the validate() function (line 709) /var/www/app/code/core/Mage/Customer/Model/Customer.php to block http string in customer name:



      if (preg_match('/http/', $this->getFirstname())) {
      $errors[] = Mage::helper('customer')->__('Password minimal length must be more %s', 32);
      }
      if (preg_match('/http/', $this->getLastname())) {
      $errors[] = Mage::helper('customer')->__('Password minimal length must be more %s', 32);
      }






      share|improve this answer














      share|improve this answer



      share|improve this answer








      edited Oct 6 '18 at 16:26









      Fa11enAngel

      1034




      1034










      answered Jul 16 '18 at 14:19









      panticz.depanticz.de

      15113




      15113













      • This is not working for an url like google.com. Replace /http.*=/ with /http/ as it is almost impossible people to have "http" in the name. I also added this for last name too.

        – Fa11enAngel
        Oct 6 '18 at 14:02













      • @Fa11enAngel We now have 136 348 new accounts. I have activated the Magento CAPTCHA yesterday for both new accounts and Guest Orders but I don't think that worked as we have 700 new fake accounts today alone (and it's only 13:33 MST). What else do I need to do to stop this? I am so desperate I'm even thinking to temporarily stop sending Emails after customer registers. Please help... I will try your solution next...

        – Allysin
        Oct 16 '18 at 19:40











      • Captcha is too simple in Magento and can be cracked very simple by tools. Try this. Currently it is working what I've changed the answer to.

        – Fa11enAngel
        Oct 16 '18 at 20:23











      • It's probably a good idea to change preg_match('/http/', ... to preg_match('/http/i', ... to make it case insensitive. I've not encountered Russian spam links with upper case characters but it would otherwise be easy for them to bypass this check.

        – Marco Miltenburg
        Jan 24 at 9:43



















      • This is not working for an url like google.com. Replace /http.*=/ with /http/ as it is almost impossible people to have "http" in the name. I also added this for last name too.

        – Fa11enAngel
        Oct 6 '18 at 14:02













      • @Fa11enAngel We now have 136 348 new accounts. I have activated the Magento CAPTCHA yesterday for both new accounts and Guest Orders but I don't think that worked as we have 700 new fake accounts today alone (and it's only 13:33 MST). What else do I need to do to stop this? I am so desperate I'm even thinking to temporarily stop sending Emails after customer registers. Please help... I will try your solution next...

        – Allysin
        Oct 16 '18 at 19:40











      • Captcha is too simple in Magento and can be cracked very simple by tools. Try this. Currently it is working what I've changed the answer to.

        – Fa11enAngel
        Oct 16 '18 at 20:23











      • It's probably a good idea to change preg_match('/http/', ... to preg_match('/http/i', ... to make it case insensitive. I've not encountered Russian spam links with upper case characters but it would otherwise be easy for them to bypass this check.

        – Marco Miltenburg
        Jan 24 at 9:43

















      This is not working for an url like google.com. Replace /http.*=/ with /http/ as it is almost impossible people to have "http" in the name. I also added this for last name too.

      – Fa11enAngel
      Oct 6 '18 at 14:02







      This is not working for an url like google.com. Replace /http.*=/ with /http/ as it is almost impossible people to have "http" in the name. I also added this for last name too.

      – Fa11enAngel
      Oct 6 '18 at 14:02















      @Fa11enAngel We now have 136 348 new accounts. I have activated the Magento CAPTCHA yesterday for both new accounts and Guest Orders but I don't think that worked as we have 700 new fake accounts today alone (and it's only 13:33 MST). What else do I need to do to stop this? I am so desperate I'm even thinking to temporarily stop sending Emails after customer registers. Please help... I will try your solution next...

      – Allysin
      Oct 16 '18 at 19:40





      @Fa11enAngel We now have 136 348 new accounts. I have activated the Magento CAPTCHA yesterday for both new accounts and Guest Orders but I don't think that worked as we have 700 new fake accounts today alone (and it's only 13:33 MST). What else do I need to do to stop this? I am so desperate I'm even thinking to temporarily stop sending Emails after customer registers. Please help... I will try your solution next...

      – Allysin
      Oct 16 '18 at 19:40













      Captcha is too simple in Magento and can be cracked very simple by tools. Try this. Currently it is working what I've changed the answer to.

      – Fa11enAngel
      Oct 16 '18 at 20:23





      Captcha is too simple in Magento and can be cracked very simple by tools. Try this. Currently it is working what I've changed the answer to.

      – Fa11enAngel
      Oct 16 '18 at 20:23













      It's probably a good idea to change preg_match('/http/', ... to preg_match('/http/i', ... to make it case insensitive. I've not encountered Russian spam links with upper case characters but it would otherwise be easy for them to bypass this check.

      – Marco Miltenburg
      Jan 24 at 9:43





      It's probably a good idea to change preg_match('/http/', ... to preg_match('/http/i', ... to make it case insensitive. I've not encountered Russian spam links with upper case characters but it would otherwise be easy for them to bypass this check.

      – Marco Miltenburg
      Jan 24 at 9:43













      4















      Russian Email addresses (just registered).



      We have had problems with being blacklisted on different blacklists recently even though we NEVER EVER sent any spam whatsover! Could this be connected?




      Sure all of this is connected, if your website send a 'Welcome message' to new users, plus a 'Thank you for subscribing to our newsletter' to people that did not requested that, they identify your mails as spam, and you get blacklisted.



      The worst scenario is when they use fields like firstname or lastname to include their 'propaganda', such as links to websites with fraud messages, identified (automatically) as spam by mailbox services.



      Here is an example of what can be sent through the firstname via your shop :




      Приветствуем Xxx! Ваш баланс №13567996ஆ 06.09.2018 подлежит упразднению. Укажите признак выплаты тут-



      Welcome Xxx! Your balance №13567996ஆ on 06.09.2018 is subject to abolition. Specify the payment indication here- http://one-bad-link-here.gq/123456




      If sent to russian people only, they may not understand english and just click on this link !



      Same thing in chinese too.






      share|improve this answer
























      • for solution, see there : magento.stackexchange.com/a/240716/50635

        – DependencyHell
        Sep 9 '18 at 20:00











      • We now have 136 348 new accounts. I have activated the Magento CAPTCHA yesterday for both new accounts and Guest Orders but I don't think that worked as we have 700 new fake accounts today alone (and it's only 13:33 MST). What else do I need to do to stop this? I am so desperate I'm even thinking to temporarily stop sending Emails after customer registers. Please help...

        – Allysin
        Oct 16 '18 at 19:39











      • @Allysin : did you fix this issue?

        – DependencyHell
        Nov 1 '18 at 13:50











      • Not yet - I've just tried putting in the Magento 1.9 Captcha but I guess it must be outdated because the problem continued. We ended up temporarily shutting the site down (we had like 150 000 new account registrations). Now it's been down for over a week and we are loosing revenue as well SEO rankings so I will have to do something soon. Someone suggested CAPTCHA from Amasty ($59) but I'm not sure if that will really work? Any other suggestions are greatly appreciated.

        – Allysin
        Nov 1 '18 at 17:22











      • I've seen other people complaining that the captcha is not enough for these kind of bot. Did you read the solution #6 I wrote there ? magento.stackexchange.com/questions/233368/… you can do this easily in your database, then try to register like the bot does to ensure it works

        – DependencyHell
        Nov 2 '18 at 10:01


















      4















      Russian Email addresses (just registered).



      We have had problems with being blacklisted on different blacklists recently even though we NEVER EVER sent any spam whatsover! Could this be connected?




      Sure all of this is connected, if your website send a 'Welcome message' to new users, plus a 'Thank you for subscribing to our newsletter' to people that did not requested that, they identify your mails as spam, and you get blacklisted.



      The worst scenario is when they use fields like firstname or lastname to include their 'propaganda', such as links to websites with fraud messages, identified (automatically) as spam by mailbox services.



      Here is an example of what can be sent through the firstname via your shop :




      Приветствуем Xxx! Ваш баланс №13567996ஆ 06.09.2018 подлежит упразднению. Укажите признак выплаты тут-



      Welcome Xxx! Your balance №13567996ஆ on 06.09.2018 is subject to abolition. Specify the payment indication here- http://one-bad-link-here.gq/123456




      If sent to russian people only, they may not understand english and just click on this link !



      Same thing in chinese too.






      share|improve this answer
























      • for solution, see there : magento.stackexchange.com/a/240716/50635

        – DependencyHell
        Sep 9 '18 at 20:00











      • We now have 136 348 new accounts. I have activated the Magento CAPTCHA yesterday for both new accounts and Guest Orders but I don't think that worked as we have 700 new fake accounts today alone (and it's only 13:33 MST). What else do I need to do to stop this? I am so desperate I'm even thinking to temporarily stop sending Emails after customer registers. Please help...

        – Allysin
        Oct 16 '18 at 19:39











      • @Allysin : did you fix this issue?

        – DependencyHell
        Nov 1 '18 at 13:50











      • Not yet - I've just tried putting in the Magento 1.9 Captcha but I guess it must be outdated because the problem continued. We ended up temporarily shutting the site down (we had like 150 000 new account registrations). Now it's been down for over a week and we are loosing revenue as well SEO rankings so I will have to do something soon. Someone suggested CAPTCHA from Amasty ($59) but I'm not sure if that will really work? Any other suggestions are greatly appreciated.

        – Allysin
        Nov 1 '18 at 17:22











      • I've seen other people complaining that the captcha is not enough for these kind of bot. Did you read the solution #6 I wrote there ? magento.stackexchange.com/questions/233368/… you can do this easily in your database, then try to register like the bot does to ensure it works

        – DependencyHell
        Nov 2 '18 at 10:01
















      4












      4








      4








      Russian Email addresses (just registered).



      We have had problems with being blacklisted on different blacklists recently even though we NEVER EVER sent any spam whatsover! Could this be connected?




      Sure all of this is connected, if your website send a 'Welcome message' to new users, plus a 'Thank you for subscribing to our newsletter' to people that did not requested that, they identify your mails as spam, and you get blacklisted.



      The worst scenario is when they use fields like firstname or lastname to include their 'propaganda', such as links to websites with fraud messages, identified (automatically) as spam by mailbox services.



      Here is an example of what can be sent through the firstname via your shop :




      Приветствуем Xxx! Ваш баланс №13567996ஆ 06.09.2018 подлежит упразднению. Укажите признак выплаты тут-



      Welcome Xxx! Your balance №13567996ஆ on 06.09.2018 is subject to abolition. Specify the payment indication here- http://one-bad-link-here.gq/123456




      If sent to russian people only, they may not understand english and just click on this link !



      Same thing in chinese too.






      share|improve this answer














      Russian Email addresses (just registered).



      We have had problems with being blacklisted on different blacklists recently even though we NEVER EVER sent any spam whatsover! Could this be connected?




      Sure all of this is connected, if your website send a 'Welcome message' to new users, plus a 'Thank you for subscribing to our newsletter' to people that did not requested that, they identify your mails as spam, and you get blacklisted.



      The worst scenario is when they use fields like firstname or lastname to include their 'propaganda', such as links to websites with fraud messages, identified (automatically) as spam by mailbox services.



      Here is an example of what can be sent through the firstname via your shop :




      Приветствуем Xxx! Ваш баланс №13567996ஆ 06.09.2018 подлежит упразднению. Укажите признак выплаты тут-



      Welcome Xxx! Your balance №13567996ஆ on 06.09.2018 is subject to abolition. Specify the payment indication here- http://one-bad-link-here.gq/123456




      If sent to russian people only, they may not understand english and just click on this link !



      Same thing in chinese too.







      share|improve this answer












      share|improve this answer



      share|improve this answer










      answered Sep 4 '18 at 8:05









      DependencyHellDependencyHell

      828422




      828422













      • for solution, see there : magento.stackexchange.com/a/240716/50635

        – DependencyHell
        Sep 9 '18 at 20:00











      • We now have 136 348 new accounts. I have activated the Magento CAPTCHA yesterday for both new accounts and Guest Orders but I don't think that worked as we have 700 new fake accounts today alone (and it's only 13:33 MST). What else do I need to do to stop this? I am so desperate I'm even thinking to temporarily stop sending Emails after customer registers. Please help...

        – Allysin
        Oct 16 '18 at 19:39











      • @Allysin : did you fix this issue?

        – DependencyHell
        Nov 1 '18 at 13:50











      • Not yet - I've just tried putting in the Magento 1.9 Captcha but I guess it must be outdated because the problem continued. We ended up temporarily shutting the site down (we had like 150 000 new account registrations). Now it's been down for over a week and we are loosing revenue as well SEO rankings so I will have to do something soon. Someone suggested CAPTCHA from Amasty ($59) but I'm not sure if that will really work? Any other suggestions are greatly appreciated.

        – Allysin
        Nov 1 '18 at 17:22











      • I've seen other people complaining that the captcha is not enough for these kind of bot. Did you read the solution #6 I wrote there ? magento.stackexchange.com/questions/233368/… you can do this easily in your database, then try to register like the bot does to ensure it works

        – DependencyHell
        Nov 2 '18 at 10:01





















      • for solution, see there : magento.stackexchange.com/a/240716/50635

        – DependencyHell
        Sep 9 '18 at 20:00











      • We now have 136 348 new accounts. I have activated the Magento CAPTCHA yesterday for both new accounts and Guest Orders but I don't think that worked as we have 700 new fake accounts today alone (and it's only 13:33 MST). What else do I need to do to stop this? I am so desperate I'm even thinking to temporarily stop sending Emails after customer registers. Please help...

        – Allysin
        Oct 16 '18 at 19:39











      • @Allysin : did you fix this issue?

        – DependencyHell
        Nov 1 '18 at 13:50











      • Not yet - I've just tried putting in the Magento 1.9 Captcha but I guess it must be outdated because the problem continued. We ended up temporarily shutting the site down (we had like 150 000 new account registrations). Now it's been down for over a week and we are loosing revenue as well SEO rankings so I will have to do something soon. Someone suggested CAPTCHA from Amasty ($59) but I'm not sure if that will really work? Any other suggestions are greatly appreciated.

        – Allysin
        Nov 1 '18 at 17:22











      • I've seen other people complaining that the captcha is not enough for these kind of bot. Did you read the solution #6 I wrote there ? magento.stackexchange.com/questions/233368/… you can do this easily in your database, then try to register like the bot does to ensure it works

        – DependencyHell
        Nov 2 '18 at 10:01



















      for solution, see there : magento.stackexchange.com/a/240716/50635

      – DependencyHell
      Sep 9 '18 at 20:00





      for solution, see there : magento.stackexchange.com/a/240716/50635

      – DependencyHell
      Sep 9 '18 at 20:00













      We now have 136 348 new accounts. I have activated the Magento CAPTCHA yesterday for both new accounts and Guest Orders but I don't think that worked as we have 700 new fake accounts today alone (and it's only 13:33 MST). What else do I need to do to stop this? I am so desperate I'm even thinking to temporarily stop sending Emails after customer registers. Please help...

      – Allysin
      Oct 16 '18 at 19:39





      We now have 136 348 new accounts. I have activated the Magento CAPTCHA yesterday for both new accounts and Guest Orders but I don't think that worked as we have 700 new fake accounts today alone (and it's only 13:33 MST). What else do I need to do to stop this? I am so desperate I'm even thinking to temporarily stop sending Emails after customer registers. Please help...

      – Allysin
      Oct 16 '18 at 19:39













      @Allysin : did you fix this issue?

      – DependencyHell
      Nov 1 '18 at 13:50





      @Allysin : did you fix this issue?

      – DependencyHell
      Nov 1 '18 at 13:50













      Not yet - I've just tried putting in the Magento 1.9 Captcha but I guess it must be outdated because the problem continued. We ended up temporarily shutting the site down (we had like 150 000 new account registrations). Now it's been down for over a week and we are loosing revenue as well SEO rankings so I will have to do something soon. Someone suggested CAPTCHA from Amasty ($59) but I'm not sure if that will really work? Any other suggestions are greatly appreciated.

      – Allysin
      Nov 1 '18 at 17:22





      Not yet - I've just tried putting in the Magento 1.9 Captcha but I guess it must be outdated because the problem continued. We ended up temporarily shutting the site down (we had like 150 000 new account registrations). Now it's been down for over a week and we are loosing revenue as well SEO rankings so I will have to do something soon. Someone suggested CAPTCHA from Amasty ($59) but I'm not sure if that will really work? Any other suggestions are greatly appreciated.

      – Allysin
      Nov 1 '18 at 17:22













      I've seen other people complaining that the captcha is not enough for these kind of bot. Did you read the solution #6 I wrote there ? magento.stackexchange.com/questions/233368/… you can do this easily in your database, then try to register like the bot does to ensure it works

      – DependencyHell
      Nov 2 '18 at 10:01







      I've seen other people complaining that the captcha is not enough for these kind of bot. Did you read the solution #6 I wrote there ? magento.stackexchange.com/questions/233368/… you can do this easily in your database, then try to register like the bot does to ensure it works

      – DependencyHell
      Nov 2 '18 at 10:01













      1














      I think your site is attacked by some hackers, Recently I got news that many sites were attcked by this groups, to prevent this you can enable captcha in registration page.



      to enable captcha



      Go to System->Configuration->Customers->Customer Configuration->Enable captcha






      share|improve this answer


























      • Hacked as in they got inside the Admin panel and had access to all the info in there? Or hacked that they sent spam somehow? I am enabling CAPTCHA now - shall I do it for all 3? (Forgot password, Checkout as Guest, and Register during Checkout)? How do they hack the site? Guess the passowrd?

        – Allysin
        Apr 28 '18 at 16:49











      • We had 81 fake accounts created on February 16th alone. They all are from something@yandex.ru (the something part changes)

        – Allysin
        Apr 28 '18 at 17:00











      • some of them refernce something like: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> rh.drive.google.com/open?id=1eA6rAsRSPrUk_J5zquu6NKG4Mk1irM8v

        – Allysin
        Apr 28 '18 at 17:01











      • or this as the name: "<p>The requested URL /es_combine/subjects.txt was not found on this server.</p> 530.drive.google.com/open?id=1Ky1OOErUWAETGRt4OI7phoVSzqNDwRJ7"

        – Allysin
        Apr 28 '18 at 17:03






      • 1





        they create account even enable magento default capcha, not sure how they do that

        – Suneth Kalhara
        Feb 18 at 8:31
















      1














      I think your site is attacked by some hackers, Recently I got news that many sites were attcked by this groups, to prevent this you can enable captcha in registration page.



      to enable captcha



      Go to System->Configuration->Customers->Customer Configuration->Enable captcha






      share|improve this answer


























      • Hacked as in they got inside the Admin panel and had access to all the info in there? Or hacked that they sent spam somehow? I am enabling CAPTCHA now - shall I do it for all 3? (Forgot password, Checkout as Guest, and Register during Checkout)? How do they hack the site? Guess the passowrd?

        – Allysin
        Apr 28 '18 at 16:49











      • We had 81 fake accounts created on February 16th alone. They all are from something@yandex.ru (the something part changes)

        – Allysin
        Apr 28 '18 at 17:00











      • some of them refernce something like: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> rh.drive.google.com/open?id=1eA6rAsRSPrUk_J5zquu6NKG4Mk1irM8v

        – Allysin
        Apr 28 '18 at 17:01











      • or this as the name: "<p>The requested URL /es_combine/subjects.txt was not found on this server.</p> 530.drive.google.com/open?id=1Ky1OOErUWAETGRt4OI7phoVSzqNDwRJ7"

        – Allysin
        Apr 28 '18 at 17:03






      • 1





        they create account even enable magento default capcha, not sure how they do that

        – Suneth Kalhara
        Feb 18 at 8:31














      1












      1








      1







      I think your site is attacked by some hackers, Recently I got news that many sites were attcked by this groups, to prevent this you can enable captcha in registration page.



      to enable captcha



      Go to System->Configuration->Customers->Customer Configuration->Enable captcha






      share|improve this answer















      I think your site is attacked by some hackers, Recently I got news that many sites were attcked by this groups, to prevent this you can enable captcha in registration page.



      to enable captcha



      Go to System->Configuration->Customers->Customer Configuration->Enable captcha







      share|improve this answer














      share|improve this answer



      share|improve this answer








      edited Apr 28 '18 at 17:56

























      answered Apr 28 '18 at 13:22









      Murtuza ZabuawalaMurtuza Zabuawala

      12.7k73362




      12.7k73362













      • Hacked as in they got inside the Admin panel and had access to all the info in there? Or hacked that they sent spam somehow? I am enabling CAPTCHA now - shall I do it for all 3? (Forgot password, Checkout as Guest, and Register during Checkout)? How do they hack the site? Guess the passowrd?

        – Allysin
        Apr 28 '18 at 16:49











      • We had 81 fake accounts created on February 16th alone. They all are from something@yandex.ru (the something part changes)

        – Allysin
        Apr 28 '18 at 17:00











      • some of them refernce something like: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> rh.drive.google.com/open?id=1eA6rAsRSPrUk_J5zquu6NKG4Mk1irM8v

        – Allysin
        Apr 28 '18 at 17:01











      • or this as the name: "<p>The requested URL /es_combine/subjects.txt was not found on this server.</p> 530.drive.google.com/open?id=1Ky1OOErUWAETGRt4OI7phoVSzqNDwRJ7"

        – Allysin
        Apr 28 '18 at 17:03






      • 1





        they create account even enable magento default capcha, not sure how they do that

        – Suneth Kalhara
        Feb 18 at 8:31



















      • Hacked as in they got inside the Admin panel and had access to all the info in there? Or hacked that they sent spam somehow? I am enabling CAPTCHA now - shall I do it for all 3? (Forgot password, Checkout as Guest, and Register during Checkout)? How do they hack the site? Guess the passowrd?

        – Allysin
        Apr 28 '18 at 16:49











      • We had 81 fake accounts created on February 16th alone. They all are from something@yandex.ru (the something part changes)

        – Allysin
        Apr 28 '18 at 17:00











      • some of them refernce something like: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> rh.drive.google.com/open?id=1eA6rAsRSPrUk_J5zquu6NKG4Mk1irM8v

        – Allysin
        Apr 28 '18 at 17:01











      • or this as the name: "<p>The requested URL /es_combine/subjects.txt was not found on this server.</p> 530.drive.google.com/open?id=1Ky1OOErUWAETGRt4OI7phoVSzqNDwRJ7"

        – Allysin
        Apr 28 '18 at 17:03






      • 1





        they create account even enable magento default capcha, not sure how they do that

        – Suneth Kalhara
        Feb 18 at 8:31

















      Hacked as in they got inside the Admin panel and had access to all the info in there? Or hacked that they sent spam somehow? I am enabling CAPTCHA now - shall I do it for all 3? (Forgot password, Checkout as Guest, and Register during Checkout)? How do they hack the site? Guess the passowrd?

      – Allysin
      Apr 28 '18 at 16:49





      Hacked as in they got inside the Admin panel and had access to all the info in there? Or hacked that they sent spam somehow? I am enabling CAPTCHA now - shall I do it for all 3? (Forgot password, Checkout as Guest, and Register during Checkout)? How do they hack the site? Guess the passowrd?

      – Allysin
      Apr 28 '18 at 16:49













      We had 81 fake accounts created on February 16th alone. They all are from something@yandex.ru (the something part changes)

      – Allysin
      Apr 28 '18 at 17:00





      We had 81 fake accounts created on February 16th alone. They all are from something@yandex.ru (the something part changes)

      – Allysin
      Apr 28 '18 at 17:00













      some of them refernce something like: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> rh.drive.google.com/open?id=1eA6rAsRSPrUk_J5zquu6NKG4Mk1irM8v

      – Allysin
      Apr 28 '18 at 17:01





      some of them refernce something like: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> rh.drive.google.com/open?id=1eA6rAsRSPrUk_J5zquu6NKG4Mk1irM8v

      – Allysin
      Apr 28 '18 at 17:01













      or this as the name: "<p>The requested URL /es_combine/subjects.txt was not found on this server.</p> 530.drive.google.com/open?id=1Ky1OOErUWAETGRt4OI7phoVSzqNDwRJ7"

      – Allysin
      Apr 28 '18 at 17:03





      or this as the name: "<p>The requested URL /es_combine/subjects.txt was not found on this server.</p> 530.drive.google.com/open?id=1Ky1OOErUWAETGRt4OI7phoVSzqNDwRJ7"

      – Allysin
      Apr 28 '18 at 17:03




      1




      1





      they create account even enable magento default capcha, not sure how they do that

      – Suneth Kalhara
      Feb 18 at 8:31





      they create account even enable magento default capcha, not sure how they do that

      – Suneth Kalhara
      Feb 18 at 8:31











      1














      May be that can help … I install free module from mageplaza Google reCaptcha - Invisible CAPTCHA and it seems don't have anymore Russian new account.. It didn't cost me a penny and was easy to install.






      share|improve this answer




























        1














        May be that can help … I install free module from mageplaza Google reCaptcha - Invisible CAPTCHA and it seems don't have anymore Russian new account.. It didn't cost me a penny and was easy to install.






        share|improve this answer


























          1












          1








          1







          May be that can help … I install free module from mageplaza Google reCaptcha - Invisible CAPTCHA and it seems don't have anymore Russian new account.. It didn't cost me a penny and was easy to install.






          share|improve this answer













          May be that can help … I install free module from mageplaza Google reCaptcha - Invisible CAPTCHA and it seems don't have anymore Russian new account.. It didn't cost me a penny and was easy to install.







          share|improve this answer












          share|improve this answer



          share|improve this answer










          answered Jan 28 at 10:47









          cadoworldcadoworld

          163




          163























              0














              Magento 1.9.x:
              We also have the problem with Russian "cheaters" that use our Customer Registration form to send spam-mails to a lot of unknown users. They also pass by our reCaptcha. But I found this solution to help (for now):
              - Reduce the possible text length for the first name / last name to around 30 letters, as the russian text usually are much longer.



              You have to edit your database table "customer_eav_attribute". In record 5 and 7, you can change values for length limitations for first name (5th) and last name (7th). Change the max_text_length with value 255 to 30 or any other number of your choice. With longer values in the text box, the "bot" will only get error messages.






              share|improve this answer
























              • Hi, For the solution you mentioned above. What should i do for Magento 2.2.6? the validate_rules is showing as "{"max_text_length":225,"min_text_length":1}", and there is also an "input_filter": "trim". should i remove "trim", and edit the 225 to 25? i tried it yesterday but the russian spam still coming through.

                – Kris Wen
                Mar 19 at 16:16
















              0














              Magento 1.9.x:
              We also have the problem with Russian "cheaters" that use our Customer Registration form to send spam-mails to a lot of unknown users. They also pass by our reCaptcha. But I found this solution to help (for now):
              - Reduce the possible text length for the first name / last name to around 30 letters, as the russian text usually are much longer.



              You have to edit your database table "customer_eav_attribute". In record 5 and 7, you can change values for length limitations for first name (5th) and last name (7th). Change the max_text_length with value 255 to 30 or any other number of your choice. With longer values in the text box, the "bot" will only get error messages.






              share|improve this answer
























              • Hi, For the solution you mentioned above. What should i do for Magento 2.2.6? the validate_rules is showing as "{"max_text_length":225,"min_text_length":1}", and there is also an "input_filter": "trim". should i remove "trim", and edit the 225 to 25? i tried it yesterday but the russian spam still coming through.

                – Kris Wen
                Mar 19 at 16:16














              0












              0








              0







              Magento 1.9.x:
              We also have the problem with Russian "cheaters" that use our Customer Registration form to send spam-mails to a lot of unknown users. They also pass by our reCaptcha. But I found this solution to help (for now):
              - Reduce the possible text length for the first name / last name to around 30 letters, as the russian text usually are much longer.



              You have to edit your database table "customer_eav_attribute". In record 5 and 7, you can change values for length limitations for first name (5th) and last name (7th). Change the max_text_length with value 255 to 30 or any other number of your choice. With longer values in the text box, the "bot" will only get error messages.






              share|improve this answer













              Magento 1.9.x:
              We also have the problem with Russian "cheaters" that use our Customer Registration form to send spam-mails to a lot of unknown users. They also pass by our reCaptcha. But I found this solution to help (for now):
              - Reduce the possible text length for the first name / last name to around 30 letters, as the russian text usually are much longer.



              You have to edit your database table "customer_eav_attribute". In record 5 and 7, you can change values for length limitations for first name (5th) and last name (7th). Change the max_text_length with value 255 to 30 or any other number of your choice. With longer values in the text box, the "bot" will only get error messages.







              share|improve this answer












              share|improve this answer



              share|improve this answer










              answered Feb 10 at 18:05









              AtianAtian

              2117




              2117













              • Hi, For the solution you mentioned above. What should i do for Magento 2.2.6? the validate_rules is showing as "{"max_text_length":225,"min_text_length":1}", and there is also an "input_filter": "trim". should i remove "trim", and edit the 225 to 25? i tried it yesterday but the russian spam still coming through.

                – Kris Wen
                Mar 19 at 16:16



















              • Hi, For the solution you mentioned above. What should i do for Magento 2.2.6? the validate_rules is showing as "{"max_text_length":225,"min_text_length":1}", and there is also an "input_filter": "trim". should i remove "trim", and edit the 225 to 25? i tried it yesterday but the russian spam still coming through.

                – Kris Wen
                Mar 19 at 16:16

















              Hi, For the solution you mentioned above. What should i do for Magento 2.2.6? the validate_rules is showing as "{"max_text_length":225,"min_text_length":1}", and there is also an "input_filter": "trim". should i remove "trim", and edit the 225 to 25? i tried it yesterday but the russian spam still coming through.

              – Kris Wen
              Mar 19 at 16:16





              Hi, For the solution you mentioned above. What should i do for Magento 2.2.6? the validate_rules is showing as "{"max_text_length":225,"min_text_length":1}", and there is also an "input_filter": "trim". should i remove "trim", and edit the 225 to 25? i tried it yesterday but the russian spam still coming through.

              – Kris Wen
              Mar 19 at 16:16











              0














              You can block russian user to register in your store by validation in your registration page. It will work, i am also using this.



              <script type="text/javascript">
              jQuery('.customer-account-create #email_address').blur(function(){
              var emailId = jQuery('.customer-account-create #email_address').val();
              if( emailId.indexOf('.ru') >= 0){
              //alert("This email can not be registered.");
              jQuery('.customer-account-create #email_address').val('');
              jQuery('.customer-account-create #email_address').focus();
              return false;
              }
              });






              share




























                0














                You can block russian user to register in your store by validation in your registration page. It will work, i am also using this.



                <script type="text/javascript">
                jQuery('.customer-account-create #email_address').blur(function(){
                var emailId = jQuery('.customer-account-create #email_address').val();
                if( emailId.indexOf('.ru') >= 0){
                //alert("This email can not be registered.");
                jQuery('.customer-account-create #email_address').val('');
                jQuery('.customer-account-create #email_address').focus();
                return false;
                }
                });






                share


























                  0












                  0








                  0







                  You can block russian user to register in your store by validation in your registration page. It will work, i am also using this.



                  <script type="text/javascript">
                  jQuery('.customer-account-create #email_address').blur(function(){
                  var emailId = jQuery('.customer-account-create #email_address').val();
                  if( emailId.indexOf('.ru') >= 0){
                  //alert("This email can not be registered.");
                  jQuery('.customer-account-create #email_address').val('');
                  jQuery('.customer-account-create #email_address').focus();
                  return false;
                  }
                  });






                  share













                  You can block russian user to register in your store by validation in your registration page. It will work, i am also using this.



                  <script type="text/javascript">
                  jQuery('.customer-account-create #email_address').blur(function(){
                  var emailId = jQuery('.customer-account-create #email_address').val();
                  if( emailId.indexOf('.ru') >= 0){
                  //alert("This email can not be registered.");
                  jQuery('.customer-account-create #email_address').val('');
                  jQuery('.customer-account-create #email_address').focus();
                  return false;
                  }
                  });







                  share











                  share


                  share










                  answered 2 mins ago









                  Imroz AnjumImroz Anjum

                  164




                  164






























                      draft saved

                      draft discarded




















































                      Thanks for contributing an answer to Magento Stack Exchange!


                      • Please be sure to answer the question. Provide details and share your research!

                      But avoid



                      • Asking for help, clarification, or responding to other answers.

                      • Making statements based on opinion; back them up with references or personal experience.


                      To learn more, see our tips on writing great answers.




                      draft saved


                      draft discarded














                      StackExchange.ready(
                      function () {
                      StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fmagento.stackexchange.com%2fquestions%2f224083%2fpeople-from-russia-making-fake-accounts-in-our-magento-1-9-x-store-why%23new-answer', 'question_page');
                      }
                      );

                      Post as a guest















                      Required, but never shown





















































                      Required, but never shown














                      Required, but never shown












                      Required, but never shown







                      Required, but never shown

































                      Required, but never shown














                      Required, but never shown












                      Required, but never shown







                      Required, but never shown







                      Popular posts from this blog

                      “%fieldName is a required field.”, in Magento2 REST API Call for GET Method Type The Next...

                      How to change City field to a dropdown in Checkout step Magento 2Magento 2 : How to change UI field(s)...

                      變成蝙蝠會怎樣? 參考資料 外部連結 导航菜单Thomas Nagel, "What is it like to be a...