Magento 2.2.6 How to Prevent Spam Account RegistrationPrevent Spam Account RegistrationCustomer Account Registration FormHow to prevent customer from change DOB?Magento 2: Prevent customer account auto registrationOverride Account Controller for registration functionMagento2 : How to remove email validation from customer account registration pageMagento2 : How to remove Personal Information from customer account registration pagespam email/account @qq.comredirect to a specific url upon account registrationPrevent Spam Account RegistrationInstalling Google recaptcha:2.0.0 on Magento Open Source 2.2.6

Testing thermite for chemical properties

How does the Linux command "mount -a" work?

Digital signature that is only verifiable by one specific person

How to make all magic-casting innate, but still rare?

How can I maintain game balance while allowing my player to craft genuinely useful items?

What are the mechanical differences between Adapt and Monstrosity?

How did space travel spread through the galaxy?

What is the context for Napoleon's quote "[the Austrians] did not know the value of five minutes"?

Time at 1G acceleration to travel 100000 light years

Numerical second order differentiation

Basic power tool set for Home repair and simple projects

Background for black and white chart

My student in one course asks for paid tutoring in another course. Appropriate?

How can the US president give an order to a civilian?

How do credit card companies know what type of business I'm paying for?

What is the color associated with lukewarm?

Is swap gate equivalent to just exchanging the wire of the two qubits?

At what temperature should the earth be cooked to prevent human infection?

1960s sci-fi anthology with a Viking fighting a U.S. army MP on the cover

Have Steve Rogers (Captain America) and a young Erik Lehnsherr (Magneto) interacted during WWII?

Why is Skinner so awkward in Hot Fuzz?

...and then she held the gun

On George Box, Galit Shmueli and the scientific method?

How to ask if I can mow my neighbor's lawn



Magento 2.2.6 How to Prevent Spam Account Registration


Prevent Spam Account RegistrationCustomer Account Registration FormHow to prevent customer from change DOB?Magento 2: Prevent customer account auto registrationOverride Account Controller for registration functionMagento2 : How to remove email validation from customer account registration pageMagento2 : How to remove Personal Information from customer account registration pagespam email/account @qq.comredirect to a specific url upon account registrationPrevent Spam Account RegistrationInstalling Google recaptcha:2.0.0 on Magento Open Source 2.2.6






.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty margin-bottom:0;








2















I tried to use the solution 6 from here, but not exactly sure how to do it.




Prevent Spam Account Registration
Solution 6: Update fields limitation rules from database : directly in
the customer_eav_attribute table, update rows with attribute_id=5
[firstname] and attribute_id=7 [lastname] and replace 255 by 25 :




In my magento 2.2.6 version, the attribute_id=5 and 7 has




validate_rules=""max_text_length":225,"min_text_length":1"




and also




input_filter="trim"




I tried to change them to




validate_rules =""max_text_length":25,"min_text_length":1"




and




input_filter =""




but i'm still getting a lot of Russian spam account registration.






magento2 customer-account recaptcha







share|improve this question






















  • spam registration is coming from unprotected API access. see my answer below. you can generate accounts registration all day long with customized data

    – MagenX
    Jun 9 at 11:54

















2















I tried to use the solution 6 from here, but not exactly sure how to do it.




Prevent Spam Account Registration
Solution 6: Update fields limitation rules from database : directly in
the customer_eav_attribute table, update rows with attribute_id=5
[firstname] and attribute_id=7 [lastname] and replace 255 by 25 :




In my magento 2.2.6 version, the attribute_id=5 and 7 has




validate_rules=""max_text_length":225,"min_text_length":1"




and also




input_filter="trim"




I tried to change them to




validate_rules =""max_text_length":25,"min_text_length":1"




and




input_filter =""




but i'm still getting a lot of Russian spam account registration.






magento2 customer-account recaptcha







share|improve this question






















  • spam registration is coming from unprotected API access. see my answer below. you can generate accounts registration all day long with customized data

    – MagenX
    Jun 9 at 11:54













2












2








2








I tried to use the solution 6 from here, but not exactly sure how to do it.




Prevent Spam Account Registration
Solution 6: Update fields limitation rules from database : directly in
the customer_eav_attribute table, update rows with attribute_id=5
[firstname] and attribute_id=7 [lastname] and replace 255 by 25 :




In my magento 2.2.6 version, the attribute_id=5 and 7 has




validate_rules=""max_text_length":225,"min_text_length":1"




and also




input_filter="trim"




I tried to change them to




validate_rules =""max_text_length":25,"min_text_length":1"




and




input_filter =""




but i'm still getting a lot of Russian spam account registration.






magento2 customer-account recaptcha







share|improve this question














I tried to use the solution 6 from here, but not exactly sure how to do it.




Prevent Spam Account Registration
Solution 6: Update fields limitation rules from database : directly in
the customer_eav_attribute table, update rows with attribute_id=5
[firstname] and attribute_id=7 [lastname] and replace 255 by 25 :




In my magento 2.2.6 version, the attribute_id=5 and 7 has




validate_rules=""max_text_length":225,"min_text_length":1"




and also




input_filter="trim"




I tried to change them to




validate_rules =""max_text_length":25,"min_text_length":1"




and




input_filter =""




but i'm still getting a lot of Russian spam account registration.






magento2 customer-account recaptcha




magento2 customer-account recaptcha






share|improve this question













share|improve this question











share|improve this question




share|improve this question










asked Mar 19 at 16:44









Kris WenKris Wen

3509




3509












  • spam registration is coming from unprotected API access. see my answer below. you can generate accounts registration all day long with customized data

    – MagenX
    Jun 9 at 11:54

















  • spam registration is coming from unprotected API access. see my answer below. you can generate accounts registration all day long with customized data

    – MagenX
    Jun 9 at 11:54
















spam registration is coming from unprotected API access. see my answer below. you can generate accounts registration all day long with customized data

– MagenX
Jun 9 at 11:54





spam registration is coming from unprotected API access. see my answer below. you can generate accounts registration all day long with customized data

– MagenX
Jun 9 at 11:54










3 Answers
3






active

oldest

votes


















1














Magento 2 extension for blocking spam creating new customer accounts



https://github.com/mageplaza/magento-2-google-recaptcha



https://github.com/samsteele/spam-registration-blocker



https://github.com/arcmedia/mage2-customer-honeypot



Magento 2 extension for blocking (RUSSIAN) spam bots creating new customer accounts



https://github.com/Kreativsoehne/magento-2-simple-antispam






share|improve this answer




















  • 1





    i installed the mageplaza google recaptcha extension yesterday, have not get any new russian spam signup for a day now, i'll pick this one as an answer. thanks.

    – Kris Wen
    Mar 20 at 16:11











  • glad to help you.

    – MageSoftech
    Mar 20 at 16:19


















1














in magento 2.3.1 you can simply create user with direct API access, using POSTMAN request with Content-Type:application/json
and this raw body:




 "customer": 
 "email": "jdoe@example.com",
 "firstname": "Jane",
 "lastname": "Doe",
 "addresses": [
 
 "defaultShipping": true,
 "defaultBilling": true,
 "firstname": "Jane",
 "lastname": "Doe",
 "region": 
 "regionCode": "NY",
 "region": "New York",
 "regionId": 43
 ,
 "postcode": "10755",
 "street": [
 "123 Oak Ave"
 ],
 "city": "Purchase",
 "telephone": "512-555-1111",
 "countryId": "US"
 
 ]
 ,
 "password": "Password1"




response:





 "id": 22,
 "group_id": 1,
 "default_billing": "16",
 "default_shipping": "16",
 "created_at": "2019-06-09 11:48:19",
 "updated_at": "2019-06-09 11:48:19",
 "created_in": "Default Store View",
 "email": "jdoe@example.com",
 "firstname": "Jane",
 "lastname": "Doe",
 "store_id": 1,
 "website_id": 1,
 "addresses": [
 
 "id": 16,
 "customer_id": 22,
 "region": 
 "region_code": "NY",
 "region": "New York",
 "region_id": 43
 ,
 "region_id": 43,
 "country_id": "US",
 "street": [
 "123 Oak Ave"
 ],
 "telephone": "512-555-1111",
 "postcode": "10755",
 "city": "Purchase",
 "firstname": "Jane",
 "lastname": "Doe",
 "default_shipping": true,
 "default_billing": true
 
 ],
 "disable_auto_group_change": 0,
 "extension_attributes": 
 "is_subscribed": false






share|improve this answer























  • Is API access on by default? Do you not need an API user and / or role configured? Or is this on by default too?

    – Dominic Xigen
    Jun 9 at 14:09












  • magento 2 api is always open, some parts required access token, but mostly not.

    – MagenX
    Jun 9 at 16:22











  • I'm checking for creating a customer in the docs. Found this devdocs.magento.com/guides/v2.3/rest/tutorials/orders/… but that says you need token. Can you create customer without token? I'm trying to figure out whether we need to start locking down api. Also found this. devdocs.magento.com/guides/v2.3/rest/…. that would suggest yes it is open. But as you say a lot of stuff is open. That has surprised me.

    – Dominic Xigen
    Jun 9 at 18:53











  • wow. how do i lock down the create account api in this case?

    – Kris Wen
    Jun 10 at 16:22











  • you can deny access by IP or create some security rule, to check access with some logic

    – MagenX
    Jun 10 at 17:48


















0














Enable Captcha From




Admin -> Store -> Configuration - > Customer -> Customer Configuration
- > Captcha , Choose Create User




option






share|improve this answer























  • I already enable the magento reCAPTCHA but they're bypassing it. thanks

    – Kris Wen
    Mar 19 at 16:59











  • Have you tried setting up more strict rules for captcha from admin, or try with third party google recaptcha

    – Pravin
    Mar 19 at 17:14











Your Answer








StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "479"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);

else
createEditor();

);

function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);



);













draft saved

draft discarded


















StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fmagento.stackexchange.com%2fquestions%2f266564%2fmagento-2-2-6-how-to-prevent-spam-account-registration%23new-answer', 'question_page');

);

Post as a guest















Required, but never shown

























3 Answers
3






active

oldest

votes








3 Answers
3






active

oldest

votes









active

oldest

votes






active

oldest

votes









1














Magento 2 extension for blocking spam creating new customer accounts



https://github.com/mageplaza/magento-2-google-recaptcha



https://github.com/samsteele/spam-registration-blocker



https://github.com/arcmedia/mage2-customer-honeypot



Magento 2 extension for blocking (RUSSIAN) spam bots creating new customer accounts



https://github.com/Kreativsoehne/magento-2-simple-antispam






share|improve this answer




















  • 1





    i installed the mageplaza google recaptcha extension yesterday, have not get any new russian spam signup for a day now, i'll pick this one as an answer. thanks.

    – Kris Wen
    Mar 20 at 16:11











  • glad to help you.

    – MageSoftech
    Mar 20 at 16:19















1














Magento 2 extension for blocking spam creating new customer accounts



https://github.com/mageplaza/magento-2-google-recaptcha



https://github.com/samsteele/spam-registration-blocker



https://github.com/arcmedia/mage2-customer-honeypot



Magento 2 extension for blocking (RUSSIAN) spam bots creating new customer accounts



https://github.com/Kreativsoehne/magento-2-simple-antispam






share|improve this answer




















  • 1





    i installed the mageplaza google recaptcha extension yesterday, have not get any new russian spam signup for a day now, i'll pick this one as an answer. thanks.

    – Kris Wen
    Mar 20 at 16:11











  • glad to help you.

    – MageSoftech
    Mar 20 at 16:19













1












1








1







Magento 2 extension for blocking spam creating new customer accounts



https://github.com/mageplaza/magento-2-google-recaptcha



https://github.com/samsteele/spam-registration-blocker



https://github.com/arcmedia/mage2-customer-honeypot



Magento 2 extension for blocking (RUSSIAN) spam bots creating new customer accounts



https://github.com/Kreativsoehne/magento-2-simple-antispam






share|improve this answer















Magento 2 extension for blocking spam creating new customer accounts



https://github.com/mageplaza/magento-2-google-recaptcha



https://github.com/samsteele/spam-registration-blocker



https://github.com/arcmedia/mage2-customer-honeypot



Magento 2 extension for blocking (RUSSIAN) spam bots creating new customer accounts



https://github.com/Kreativsoehne/magento-2-simple-antispam







share|improve this answer














share|improve this answer



share|improve this answer








edited Mar 19 at 17:32









Amit Bera

61.3k1683182




61.3k1683182










answered Mar 19 at 17:03









MageSoftechMageSoftech

15811




15811







  • 1





    i installed the mageplaza google recaptcha extension yesterday, have not get any new russian spam signup for a day now, i'll pick this one as an answer. thanks.

    – Kris Wen
    Mar 20 at 16:11











  • glad to help you.

    – MageSoftech
    Mar 20 at 16:19












  • 1





    i installed the mageplaza google recaptcha extension yesterday, have not get any new russian spam signup for a day now, i'll pick this one as an answer. thanks.

    – Kris Wen
    Mar 20 at 16:11











  • glad to help you.

    – MageSoftech
    Mar 20 at 16:19







1




1





i installed the mageplaza google recaptcha extension yesterday, have not get any new russian spam signup for a day now, i'll pick this one as an answer. thanks.

– Kris Wen
Mar 20 at 16:11





i installed the mageplaza google recaptcha extension yesterday, have not get any new russian spam signup for a day now, i'll pick this one as an answer. thanks.

– Kris Wen
Mar 20 at 16:11













glad to help you.

– MageSoftech
Mar 20 at 16:19





glad to help you.

– MageSoftech
Mar 20 at 16:19













1














in magento 2.3.1 you can simply create user with direct API access, using POSTMAN request with Content-Type:application/json
and this raw body:




 "customer": 
 "email": "jdoe@example.com",
 "firstname": "Jane",
 "lastname": "Doe",
 "addresses": [
 
 "defaultShipping": true,
 "defaultBilling": true,
 "firstname": "Jane",
 "lastname": "Doe",
 "region": 
 "regionCode": "NY",
 "region": "New York",
 "regionId": 43
 ,
 "postcode": "10755",
 "street": [
 "123 Oak Ave"
 ],
 "city": "Purchase",
 "telephone": "512-555-1111",
 "countryId": "US"
 
 ]
 ,
 "password": "Password1"




response:





 "id": 22,
 "group_id": 1,
 "default_billing": "16",
 "default_shipping": "16",
 "created_at": "2019-06-09 11:48:19",
 "updated_at": "2019-06-09 11:48:19",
 "created_in": "Default Store View",
 "email": "jdoe@example.com",
 "firstname": "Jane",
 "lastname": "Doe",
 "store_id": 1,
 "website_id": 1,
 "addresses": [
 
 "id": 16,
 "customer_id": 22,
 "region": 
 "region_code": "NY",
 "region": "New York",
 "region_id": 43
 ,
 "region_id": 43,
 "country_id": "US",
 "street": [
 "123 Oak Ave"
 ],
 "telephone": "512-555-1111",
 "postcode": "10755",
 "city": "Purchase",
 "firstname": "Jane",
 "lastname": "Doe",
 "default_shipping": true,
 "default_billing": true
 
 ],
 "disable_auto_group_change": 0,
 "extension_attributes": 
 "is_subscribed": false






share|improve this answer























  • Is API access on by default? Do you not need an API user and / or role configured? Or is this on by default too?

    – Dominic Xigen
    Jun 9 at 14:09












  • magento 2 api is always open, some parts required access token, but mostly not.

    – MagenX
    Jun 9 at 16:22











  • I'm checking for creating a customer in the docs. Found this devdocs.magento.com/guides/v2.3/rest/tutorials/orders/… but that says you need token. Can you create customer without token? I'm trying to figure out whether we need to start locking down api. Also found this. devdocs.magento.com/guides/v2.3/rest/…. that would suggest yes it is open. But as you say a lot of stuff is open. That has surprised me.

    – Dominic Xigen
    Jun 9 at 18:53











  • wow. how do i lock down the create account api in this case?

    – Kris Wen
    Jun 10 at 16:22











  • you can deny access by IP or create some security rule, to check access with some logic

    – MagenX
    Jun 10 at 17:48















1














in magento 2.3.1 you can simply create user with direct API access, using POSTMAN request with Content-Type:application/json
and this raw body:




 "customer": 
 "email": "jdoe@example.com",
 "firstname": "Jane",
 "lastname": "Doe",
 "addresses": [
 
 "defaultShipping": true,
 "defaultBilling": true,
 "firstname": "Jane",
 "lastname": "Doe",
 "region": 
 "regionCode": "NY",
 "region": "New York",
 "regionId": 43
 ,
 "postcode": "10755",
 "street": [
 "123 Oak Ave"
 ],
 "city": "Purchase",
 "telephone": "512-555-1111",
 "countryId": "US"
 
 ]
 ,
 "password": "Password1"




response:





 "id": 22,
 "group_id": 1,
 "default_billing": "16",
 "default_shipping": "16",
 "created_at": "2019-06-09 11:48:19",
 "updated_at": "2019-06-09 11:48:19",
 "created_in": "Default Store View",
 "email": "jdoe@example.com",
 "firstname": "Jane",
 "lastname": "Doe",
 "store_id": 1,
 "website_id": 1,
 "addresses": [
 
 "id": 16,
 "customer_id": 22,
 "region": 
 "region_code": "NY",
 "region": "New York",
 "region_id": 43
 ,
 "region_id": 43,
 "country_id": "US",
 "street": [
 "123 Oak Ave"
 ],
 "telephone": "512-555-1111",
 "postcode": "10755",
 "city": "Purchase",
 "firstname": "Jane",
 "lastname": "Doe",
 "default_shipping": true,
 "default_billing": true
 
 ],
 "disable_auto_group_change": 0,
 "extension_attributes": 
 "is_subscribed": false






share|improve this answer























  • Is API access on by default? Do you not need an API user and / or role configured? Or is this on by default too?

    – Dominic Xigen
    Jun 9 at 14:09












  • magento 2 api is always open, some parts required access token, but mostly not.

    – MagenX
    Jun 9 at 16:22











  • I'm checking for creating a customer in the docs. Found this devdocs.magento.com/guides/v2.3/rest/tutorials/orders/… but that says you need token. Can you create customer without token? I'm trying to figure out whether we need to start locking down api. Also found this. devdocs.magento.com/guides/v2.3/rest/…. that would suggest yes it is open. But as you say a lot of stuff is open. That has surprised me.

    – Dominic Xigen
    Jun 9 at 18:53











  • wow. how do i lock down the create account api in this case?

    – Kris Wen
    Jun 10 at 16:22











  • you can deny access by IP or create some security rule, to check access with some logic

    – MagenX
    Jun 10 at 17:48













1












1








1







in magento 2.3.1 you can simply create user with direct API access, using POSTMAN request with Content-Type:application/json
and this raw body:




 "customer": 
 "email": "jdoe@example.com",
 "firstname": "Jane",
 "lastname": "Doe",
 "addresses": [
 
 "defaultShipping": true,
 "defaultBilling": true,
 "firstname": "Jane",
 "lastname": "Doe",
 "region": 
 "regionCode": "NY",
 "region": "New York",
 "regionId": 43
 ,
 "postcode": "10755",
 "street": [
 "123 Oak Ave"
 ],
 "city": "Purchase",
 "telephone": "512-555-1111",
 "countryId": "US"
 
 ]
 ,
 "password": "Password1"




response:





 "id": 22,
 "group_id": 1,
 "default_billing": "16",
 "default_shipping": "16",
 "created_at": "2019-06-09 11:48:19",
 "updated_at": "2019-06-09 11:48:19",
 "created_in": "Default Store View",
 "email": "jdoe@example.com",
 "firstname": "Jane",
 "lastname": "Doe",
 "store_id": 1,
 "website_id": 1,
 "addresses": [
 
 "id": 16,
 "customer_id": 22,
 "region": 
 "region_code": "NY",
 "region": "New York",
 "region_id": 43
 ,
 "region_id": 43,
 "country_id": "US",
 "street": [
 "123 Oak Ave"
 ],
 "telephone": "512-555-1111",
 "postcode": "10755",
 "city": "Purchase",
 "firstname": "Jane",
 "lastname": "Doe",
 "default_shipping": true,
 "default_billing": true
 
 ],
 "disable_auto_group_change": 0,
 "extension_attributes": 
 "is_subscribed": false






share|improve this answer













in magento 2.3.1 you can simply create user with direct API access, using POSTMAN request with Content-Type:application/json
and this raw body:




 "customer": 
 "email": "jdoe@example.com",
 "firstname": "Jane",
 "lastname": "Doe",
 "addresses": [
 
 "defaultShipping": true,
 "defaultBilling": true,
 "firstname": "Jane",
 "lastname": "Doe",
 "region": 
 "regionCode": "NY",
 "region": "New York",
 "regionId": 43
 ,
 "postcode": "10755",
 "street": [
 "123 Oak Ave"
 ],
 "city": "Purchase",
 "telephone": "512-555-1111",
 "countryId": "US"
 
 ]
 ,
 "password": "Password1"




response:





 "id": 22,
 "group_id": 1,
 "default_billing": "16",
 "default_shipping": "16",
 "created_at": "2019-06-09 11:48:19",
 "updated_at": "2019-06-09 11:48:19",
 "created_in": "Default Store View",
 "email": "jdoe@example.com",
 "firstname": "Jane",
 "lastname": "Doe",
 "store_id": 1,
 "website_id": 1,
 "addresses": [
 
 "id": 16,
 "customer_id": 22,
 "region": 
 "region_code": "NY",
 "region": "New York",
 "region_id": 43
 ,
 "region_id": 43,
 "country_id": "US",
 "street": [
 "123 Oak Ave"
 ],
 "telephone": "512-555-1111",
 "postcode": "10755",
 "city": "Purchase",
 "firstname": "Jane",
 "lastname": "Doe",
 "default_shipping": true,
 "default_billing": true
 
 ],
 "disable_auto_group_change": 0,
 "extension_attributes": 
 "is_subscribed": false







share|improve this answer












share|improve this answer



share|improve this answer










answered Jun 9 at 11:50









MagenXMagenX

2,2921027




2,2921027












  • Is API access on by default? Do you not need an API user and / or role configured? Or is this on by default too?

    – Dominic Xigen
    Jun 9 at 14:09












  • magento 2 api is always open, some parts required access token, but mostly not.

    – MagenX
    Jun 9 at 16:22











  • I'm checking for creating a customer in the docs. Found this devdocs.magento.com/guides/v2.3/rest/tutorials/orders/… but that says you need token. Can you create customer without token? I'm trying to figure out whether we need to start locking down api. Also found this. devdocs.magento.com/guides/v2.3/rest/…. that would suggest yes it is open. But as you say a lot of stuff is open. That has surprised me.

    – Dominic Xigen
    Jun 9 at 18:53











  • wow. how do i lock down the create account api in this case?

    – Kris Wen
    Jun 10 at 16:22











  • you can deny access by IP or create some security rule, to check access with some logic

    – MagenX
    Jun 10 at 17:48

















  • Is API access on by default? Do you not need an API user and / or role configured? Or is this on by default too?

    – Dominic Xigen
    Jun 9 at 14:09












  • magento 2 api is always open, some parts required access token, but mostly not.

    – MagenX
    Jun 9 at 16:22











  • I'm checking for creating a customer in the docs. Found this devdocs.magento.com/guides/v2.3/rest/tutorials/orders/… but that says you need token. Can you create customer without token? I'm trying to figure out whether we need to start locking down api. Also found this. devdocs.magento.com/guides/v2.3/rest/…. that would suggest yes it is open. But as you say a lot of stuff is open. That has surprised me.

    – Dominic Xigen
    Jun 9 at 18:53











  • wow. how do i lock down the create account api in this case?

    – Kris Wen
    Jun 10 at 16:22











  • you can deny access by IP or create some security rule, to check access with some logic

    – MagenX
    Jun 10 at 17:48
















Is API access on by default? Do you not need an API user and / or role configured? Or is this on by default too?

– Dominic Xigen
Jun 9 at 14:09






Is API access on by default? Do you not need an API user and / or role configured? Or is this on by default too?

– Dominic Xigen
Jun 9 at 14:09














magento 2 api is always open, some parts required access token, but mostly not.

– MagenX
Jun 9 at 16:22





magento 2 api is always open, some parts required access token, but mostly not.

– MagenX
Jun 9 at 16:22













I'm checking for creating a customer in the docs. Found this devdocs.magento.com/guides/v2.3/rest/tutorials/orders/… but that says you need token. Can you create customer without token? I'm trying to figure out whether we need to start locking down api. Also found this. devdocs.magento.com/guides/v2.3/rest/…. that would suggest yes it is open. But as you say a lot of stuff is open. That has surprised me.

– Dominic Xigen
Jun 9 at 18:53





I'm checking for creating a customer in the docs. Found this devdocs.magento.com/guides/v2.3/rest/tutorials/orders/… but that says you need token. Can you create customer without token? I'm trying to figure out whether we need to start locking down api. Also found this. devdocs.magento.com/guides/v2.3/rest/…. that would suggest yes it is open. But as you say a lot of stuff is open. That has surprised me.

– Dominic Xigen
Jun 9 at 18:53













wow. how do i lock down the create account api in this case?

– Kris Wen
Jun 10 at 16:22





wow. how do i lock down the create account api in this case?

– Kris Wen
Jun 10 at 16:22













you can deny access by IP or create some security rule, to check access with some logic

– MagenX
Jun 10 at 17:48





you can deny access by IP or create some security rule, to check access with some logic

– MagenX
Jun 10 at 17:48











0














Enable Captcha From




Admin -> Store -> Configuration - > Customer -> Customer Configuration
- > Captcha , Choose Create User




option






share|improve this answer























  • I already enable the magento reCAPTCHA but they're bypassing it. thanks

    – Kris Wen
    Mar 19 at 16:59











  • Have you tried setting up more strict rules for captcha from admin, or try with third party google recaptcha

    – Pravin
    Mar 19 at 17:14















0














Enable Captcha From




Admin -> Store -> Configuration - > Customer -> Customer Configuration
- > Captcha , Choose Create User




option






share|improve this answer























  • I already enable the magento reCAPTCHA but they're bypassing it. thanks

    – Kris Wen
    Mar 19 at 16:59











  • Have you tried setting up more strict rules for captcha from admin, or try with third party google recaptcha

    – Pravin
    Mar 19 at 17:14













0












0








0







Enable Captcha From




Admin -> Store -> Configuration - > Customer -> Customer Configuration
- > Captcha , Choose Create User




option






share|improve this answer













Enable Captcha From




Admin -> Store -> Configuration - > Customer -> Customer Configuration
- > Captcha , Choose Create User




option







share|improve this answer












share|improve this answer



share|improve this answer










answered Mar 19 at 16:57









PravinPravin

403521




403521












  • I already enable the magento reCAPTCHA but they're bypassing it. thanks

    – Kris Wen
    Mar 19 at 16:59











  • Have you tried setting up more strict rules for captcha from admin, or try with third party google recaptcha

    – Pravin
    Mar 19 at 17:14

















  • I already enable the magento reCAPTCHA but they're bypassing it. thanks

    – Kris Wen
    Mar 19 at 16:59











  • Have you tried setting up more strict rules for captcha from admin, or try with third party google recaptcha

    – Pravin
    Mar 19 at 17:14
















I already enable the magento reCAPTCHA but they're bypassing it. thanks

– Kris Wen
Mar 19 at 16:59





I already enable the magento reCAPTCHA but they're bypassing it. thanks

– Kris Wen
Mar 19 at 16:59













Have you tried setting up more strict rules for captcha from admin, or try with third party google recaptcha

– Pravin
Mar 19 at 17:14





Have you tried setting up more strict rules for captcha from admin, or try with third party google recaptcha

– Pravin
Mar 19 at 17:14

















draft saved

draft discarded
















































Thanks for contributing an answer to Magento Stack Exchange!


  • Please be sure to answer the question. Provide details and share your research!

But avoid


  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.

To learn more, see our tips on writing great answers.




draft saved


draft discarded














StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fmagento.stackexchange.com%2fquestions%2f266564%2fmagento-2-2-6-how-to-prevent-spam-account-registration%23new-answer', 'question_page');

);

Post as a guest















Required, but never shown





















































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown

































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown







-

Popular posts from this blog

Category:9 (number) SubcategoriesMedia in category "9 (number)"Navigation menuUpload mediaGND ID: 4485639-8Library of Congress authority ID: sh85091979ReasonatorScholiaStatistics

Image
Natural numbersSquare numbersCategories requiring diffusion Help Category:9 (number) From Wikimedia Commons, the free media repository Jump to navigation Jump to search number: 9 (nine) instance of: natural number, deficient number, square number, composite number, odd number, centered cube number, centered octagonal number and nonagonal number other integers: -8 • -4 • -2 • -1 • 0 • 1 • 2 • 3 • 4 • 5 • 6 • 7 • 8 • 9 • 10 • 11 • 12 • 13 • 14 • 15 • 16 • 17 • 18 • 19 • 20 • 21 • 22 • 23 • 24 • 25 • 26 • 27 • 28 • 29 -20 • 0 • 10 • 20 • 30 • 40 • 50 • 60 • 70 • 80 • 90 • 100 • 110 • 120 • 130 • 140 • 150 • 160 • 170 • 180 • 190 • 200 This category has become too crowded. It should list very few images directly. Files should be moved to subcategories where appropriate. New subcategories can be created. Some files need to be moved elsewhere. Search for more categories: fulltext, Main Page, topics, meta categories. Please remove or replace this tag
Read more

Circuit construction for execution of conditional statements using least significant bitHow are two different registers being used as “control”?How exactly is the stated composite state of the two registers being produced using the $R_zz$ controlled rotations?Efficiently performing controlled rotations in HHLWould this quantum algorithm implementation work?How to prepare a superposed states of odd integers from $1$ to $sqrtN$?Why is this implementation of the order finding algorithm not working?Circuit construction for Hamiltonian simulationHow can I invert the least significant bit of a certain term of a superposed state?Implementing an oracleImplementing a controlled sum operation

Image
How to attach cable mounting points to a bicycle frame? Is Jon Snow the last of his House? A steel cutting sword? I know that there is a preselected candidate for a position to be filled at my department. What should I do? Is the field of q-series 'dead'? How to cut a climbing rope? Do photons bend spacetime or not? Where have Brexit voters gone? Is it legal to have an abortion in another state or abroad? Did this character show any indication of wanting to rule before S8E6? How to respond to upset student? Compaq Portable vs IBM 5155 Portable PC Is the Indo-European language family made up? Can I summon an otherworldly creature with the Gate spell without knowing its true name? USPS Back Room - Trespassing? Can my floppy disk still work without a shutter spring? Alternatives to achieve certain output format Are black holes spherical during merger? Can the product of any two aperiodic functions which are defined on the entire number line be p
Read more

Magento 2 “No Payment Methods” in Admin New OrderHow to integrate Paypal Express Checkout with the Magento APIMagento 1.5 - Sales > Order > edit order and shipping methods disappearAuto Invoice Check/Money Order Payment methodAdd more simple payment methods?Shipping methods not showingWhat should I do to change payment methods if changing the configuration has no effects?1.9 - No Payment Methods showing upMy Payment Methods not Showing for downloadable/virtual product when checkout?Magento2 API to access internal payment methodHow to call an existing payment methods in the registration form?

Image
What is the meaning of [[:space:]] in bash? Is this artwork (used in a video game) real? What happens on Day 6? Link of a singularity Should I be able to keep my company purchased standing desk when I leave my job? Alternator dying so junk car? A scene of Jimmy diversity Is the Gritty Realism variant incompatible with dungeon-based adventures? What could be reasoning of male prison in VR world to only allow undershirt and sarong as nightwear to male prisoners Why does FFmpeg choose 10+20+20 ms instead of an even 16 ms for 60 fps GIF images? Sending a photo of my bank account card to the future employer Advice for paying off student loans and auto loans now that I have my first 'real' job If I stood next to a piece of metal heated to a million degrees, but in a perfect vacuum, would I feel hot? What made Windows ME so crash-prone? Can a dragon's breath weapon pass through Leomund's Tiny Hut? Did 007 exist before James Bond? Is there a sour
Read more