Fake user registration

Question

Since a few days, our store is getting a lot of new fake accounts registration from russian bots with first and last name that looks like :

Денис, сегодня не вторник февральский Киберпонедельник и мы раздаем тройной кэшбэк: https://google.com/#q=t0p0%70rO%73&b%74%6E%49=RU28507 - получение только в течение 24 часов Для получения информации перейдите по ссылке выше

I've tried to update the field limitations rules as indicated in this post (Prevent Spam Account Registration) but nothing.

Appreciate your help, thanks. P.S : Captcha is enabled for user creation.

Edit: I was finally able to solve this issue by setting the "displaying mode" for the captcha to "always".

please install google recaptcha – HIren Kadivar Feb 05 '19 at 12:46 — HIren Kadivar, Feb 05 '19 at 12:46
I tried, but unfortunately the issue persist. – crowd42 Feb 05 '19 at 15:49 — crowd42, Feb 05 '19 at 15:49

score 0 · Answer 1 · answered Feb 06 '19 at 16:59

For a quick solution you can limit the filed length to 65 character or less in database table of your customer entity. As the attacker used the big string for the name. Same thing you can apply on last name as well.

Although the you can contact to server guys to restrict the Russian IPs.

Hope this will help you.

Fake user registration

1 Answers1