With the growing popularity of Magento users, there has been a surge in the creation of spam accounts as well in the Magento e-stores. It is a known fact that bots always crawl all the websites but for quite a long time now, bots are dominating the website traffic. Google bot, Bing bot, and a few more bots are good for a website as they determine the ranking of a website and a few other major factors as well; but unfortunately, there are more bad bots crawling as compared to the good ones.
Many stores find a great disparity between the website traffic shown by the analytics tool like Google Analytics and the actual website traffic. This variation in the data is due to the attacks by the bots. These bots sometimes create thousands of accounts which are almost impossible to detect and delete manually. These bots may overwhelm a small Magento store but actually, they bring in more harm than good. So, let’s take a look at the preventive measures which can be taken in advance to save the e-store from landing into the trouble caused by bad bots:
Recognize the possible patterns of the fake accounts
The first step is to recognize spam customer accounts. It is very important as not even a single genuine user account should be deleted. You can list down the similarities in the fake account. For example, there can be the following similarities:
• Numbers in the first name and last name
• E-mails with domains like .ua, .rt, .xyz, etc.
• Capital letters in the first and last place of the address
• Sequential numbers within the e-mail address
• Identical first name and last name
Run a Magento code if any order was placed from the accounts selected
Another step to ensure that no genuine account gets deleted is to run a code which checks whether an order has been placed using any of the mentioned addresses or not. If an order is placed then, there are high chances that the account is of a genuine user else it can be regarded as a spam account. So, a meticulously developed code to check for the order placed by the created accounts can be really helpful.
Latest version of Magento comes with Google reCaptcha feature. This is a great way to reassure that no bot creates a spam customer account. Google reCaptcha has a checkbox to be marked by the humans which says “I am not a robot” instead of typing wiggling characters. This task is easy for humans to do and hard for robots. So, enabling Google reCaptcha is another easy way to secure the website.
Two Factor Authentication
An extra layer of security that latest version of Magento is providing. Along with password authentication user will receive a security code or token as a text or in email that has to be entered for login. Bots are not intelligent enough to do this so the system can be protected.
You can set rate limit rule
Another way to curb spam customer accounts is to set a rate limit to the number of requests from a particular country, IP address, URL etc. This will also help in limiting the bots to create spam accounts.
Magento custom extensions
Magento Restrict Fake Registration, Honey Spam and many other extensions are available in the market to prevent bots from creating spam customer accounts. These extensions allow the store owners to reject the fake registrations.
For example, Honey Spam adds a hidden field to the account registration which normal users can’t see. The bots can see this field and if this field is filled by it, then the registration gets rejected. Also, it checks the time taken to fill in the form. If the form is filled too fast then, the registration gets rejected. Like this extension, every extension available in the market uses its unique way to stop the bots from creating spam user accounts in the online e-commerce stores.
Another way is to add the extension offered by Magento i.e. Email Blacklist, using which users can block a particular domain or even use wildcard masks like “@”.ua etc.
Block IP addresses creating spam accounts
Using the knowledge and experience of in-house programmers or taking help from out-house programmers, the IP addresses’ creating spam customer accounts can be blocked. This requires extreme attention as the program developed may block some genuine users as well.
Magento spam customer registration has become a major security problem faced by its users. Magneto comes up with regular updates to provide maximum security to its customers but still, there are some highly programmed bot attacks which can breach its security. These eight tips will definitely help you prevent your Magento e-store form bots creating spam customer accounts.