Magento 2.2.6 How to Prevent Spam Account RegistrationPrevent Spam Account RegistrationCustomer Account Registration FormHow to prevent customer from change DOB?Magento 2: Prevent customer account auto registrationOverride Account Controller for registration functionMagento2 : How to remove email validation from customer account registration pageMagento2 : How to remove Personal Information from customer account registration pagespam email/account @qq.comredirect to a specific url upon account registrationPrevent Spam Account RegistrationInstalling Google recaptcha:2.0.0 on Magento Open Source 2.2.6
Testing thermite for chemical properties
How does the Linux command "mount -a" work?
Digital signature that is only verifiable by one specific person
How to make all magic-casting innate, but still rare?
How can I maintain game balance while allowing my player to craft genuinely useful items?
What are the mechanical differences between Adapt and Monstrosity?
How did space travel spread through the galaxy?
What is the context for Napoleon's quote "[the Austrians] did not know the value of five minutes"?
Time at 1G acceleration to travel 100000 light years
Numerical second order differentiation
Basic power tool set for Home repair and simple projects
Background for black and white chart
My student in one course asks for paid tutoring in another course. Appropriate?
How can the US president give an order to a civilian?
How do credit card companies know what type of business I'm paying for?
What is the color associated with lukewarm?
Is swap gate equivalent to just exchanging the wire of the two qubits?
At what temperature should the earth be cooked to prevent human infection?
1960s sci-fi anthology with a Viking fighting a U.S. army MP on the cover
Have Steve Rogers (Captain America) and a young Erik Lehnsherr (Magneto) interacted during WWII?
Why is Skinner so awkward in Hot Fuzz?
...and then she held the gun
On George Box, Galit Shmueli and the scientific method?
How to ask if I can mow my neighbor's lawn
Magento 2.2.6 How to Prevent Spam Account Registration
Prevent Spam Account RegistrationCustomer Account Registration FormHow to prevent customer from change DOB?Magento 2: Prevent customer account auto registrationOverride Account Controller for registration functionMagento2 : How to remove email validation from customer account registration pageMagento2 : How to remove Personal Information from customer account registration pagespam email/account @qq.comredirect to a specific url upon account registrationPrevent Spam Account RegistrationInstalling Google recaptcha:2.0.0 on Magento Open Source 2.2.6
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty margin-bottom:0;
I tried to use the solution 6 from here, but not exactly sure how to do it.
Prevent Spam Account Registration
Solution 6: Update fields limitation rules from database : directly in
the customer_eav_attribute table, update rows with attribute_id=5
[firstname] and attribute_id=7 [lastname] and replace 255 by 25 :
In my magento 2.2.6 version, the attribute_id=5 and 7 has
validate_rules=""max_text_length":225,"min_text_length":1"
and also
input_filter="trim"
I tried to change them to
validate_rules =""max_text_length":25,"min_text_length":1"
and
input_filter =""
but i'm still getting a lot of Russian spam account registration.
magento2 customer-account recaptcha
asked Mar 19 at 16:44
Kris WenKris Wen
3509
add a comment |
I tried to use the solution 6 from here, but not exactly sure how to do it.
Prevent Spam Account Registration
Solution 6: Update fields limitation rules from database : directly in
the customer_eav_attribute table, update rows with attribute_id=5
[firstname] and attribute_id=7 [lastname] and replace 255 by 25 :
In my magento 2.2.6 version, the attribute_id=5 and 7 has
validate_rules=""max_text_length":225,"min_text_length":1"
and also
input_filter="trim"
I tried to change them to
validate_rules =""max_text_length":25,"min_text_length":1"
and
input_filter =""
but i'm still getting a lot of Russian spam account registration.
magento2 customer-account recaptcha
asked Mar 19 at 16:44
Kris WenKris Wen
3509
spam registration is coming from unprotected API access. see my answer below. you can generate accounts registration all day long with customized data
– MagenX
Jun 9 at 11:54
add a comment |
I tried to use the solution 6 from here, but not exactly sure how to do it.
Prevent Spam Account Registration
Solution 6: Update fields limitation rules from database : directly in
the customer_eav_attribute table, update rows with attribute_id=5
[firstname] and attribute_id=7 [lastname] and replace 255 by 25 :
In my magento 2.2.6 version, the attribute_id=5 and 7 has
validate_rules=""max_text_length":225,"min_text_length":1"
and also
input_filter="trim"
I tried to change them to
validate_rules =""max_text_length":25,"min_text_length":1"
and
input_filter =""
but i'm still getting a lot of Russian spam account registration.
magento2 customer-account recaptcha
asked Mar 19 at 16:44
Kris WenKris Wen
3509
I tried to use the solution 6 from here, but not exactly sure how to do it.
Prevent Spam Account Registration
Solution 6: Update fields limitation rules from database : directly in
the customer_eav_attribute table, update rows with attribute_id=5
[firstname] and attribute_id=7 [lastname] and replace 255 by 25 :
In my magento 2.2.6 version, the attribute_id=5 and 7 has
validate_rules=""max_text_length":225,"min_text_length":1"
and also
input_filter="trim"
I tried to change them to
validate_rules =""max_text_length":25,"min_text_length":1"
and
input_filter =""
but i'm still getting a lot of Russian spam account registration.
magento2 customer-account recaptcha
magento2 customer-account recaptcha
asked Mar 19 at 16:44
Kris WenKris Wen
3509
asked Mar 19 at 16:44
Kris WenKris Wen
3509
asked Mar 19 at 16:44
Kris WenKris Wen
3509
asked Mar 19 at 16:44
Kris WenKris Wen
3509
asked Mar 19 at 16:44
Kris WenKris Wen
3509
3509
spam registration is coming from unprotected API access. see my answer below. you can generate accounts registration all day long with customized data
– MagenX
Jun 9 at 11:54
add a comment |
spam registration is coming from unprotected API access. see my answer below. you can generate accounts registration all day long with customized data
– MagenX
Jun 9 at 11:54
spam registration is coming from unprotected API access. see my answer below. you can generate accounts registration all day long with customized data
– MagenX
Jun 9 at 11:54
spam registration is coming from unprotected API access. see my answer below. you can generate accounts registration all day long with customized data
– MagenX
Jun 9 at 11:54
add a comment |
3 Answers
3
active
oldest
votes
Magento 2 extension for blocking spam creating new customer accounts
https://github.com/mageplaza/magento-2-google-recaptcha
https://github.com/samsteele/spam-registration-blocker
https://github.com/arcmedia/mage2-customer-honeypot
Magento 2 extension for blocking (RUSSIAN) spam bots creating new customer accounts
https://github.com/Kreativsoehne/magento-2-simple-antispam
edited Mar 19 at 17:32
Amit Bera♦
61.3k1683182
answered Mar 19 at 17:03
MageSoftechMageSoftech
15811
1
i installed the mageplaza google recaptcha extension yesterday, have not get any new russian spam signup for a day now, i'll pick this one as an answer. thanks.
– Kris Wen
Mar 20 at 16:11
glad to help you.
– MageSoftech
Mar 20 at 16:19
add a comment |
in magento 2.3.1 you can simply create user with direct API access, using POSTMAN request with Content-Type:application/json
and this raw body:
"customer":
"email": "jdoe@example.com",
"firstname": "Jane",
"lastname": "Doe",
"addresses": [
"defaultShipping": true,
"defaultBilling": true,
"firstname": "Jane",
"lastname": "Doe",
"region":
"regionCode": "NY",
"region": "New York",
"regionId": 43
,
"postcode": "10755",
"street": [
"123 Oak Ave"
],
"city": "Purchase",
"telephone": "512-555-1111",
"countryId": "US"
]
,
"password": "Password1"
response:
"id": 22,
"group_id": 1,
"default_billing": "16",
"default_shipping": "16",
"created_at": "2019-06-09 11:48:19",
"updated_at": "2019-06-09 11:48:19",
"created_in": "Default Store View",
"email": "jdoe@example.com",
"firstname": "Jane",
"lastname": "Doe",
"store_id": 1,
"website_id": 1,
"addresses": [
"id": 16,
"customer_id": 22,
"region":
"region_code": "NY",
"region": "New York",
"region_id": 43
,
"region_id": 43,
"country_id": "US",
"street": [
"123 Oak Ave"
],
"telephone": "512-555-1111",
"postcode": "10755",
"city": "Purchase",
"firstname": "Jane",
"lastname": "Doe",
"default_shipping": true,
"default_billing": true
],
"disable_auto_group_change": 0,
"extension_attributes":
"is_subscribed": false
answered Jun 9 at 11:50
MagenXMagenX
2,2921027
Is API access on by default? Do you not need an API user and / or role configured? Or is this on by default too?
– Dominic Xigen
Jun 9 at 14:09
magento 2 api is always open, some parts required access token, but mostly not.
– MagenX
Jun 9 at 16:22
I'm checking for creating a customer in the docs. Found this devdocs.magento.com/guides/v2.3/rest/tutorials/orders/… but that says you need token. Can you create customer without token? I'm trying to figure out whether we need to start locking down api. Also found this. devdocs.magento.com/guides/v2.3/rest/…. that would suggest yes it is open. But as you say a lot of stuff is open. That has surprised me.
– Dominic Xigen
Jun 9 at 18:53
wow. how do i lock down the create account api in this case?
– Kris Wen
Jun 10 at 16:22
you can deny access by IP or create some security rule, to check access with some logic
– MagenX
Jun 10 at 17:48
add a comment |
Enable Captcha From
Admin -> Store -> Configuration - > Customer -> Customer Configuration
- > Captcha , Choose Create User
option
answered Mar 19 at 16:57
PravinPravin
403521
I already enable the magento reCAPTCHA but they're bypassing it. thanks
– Kris Wen
Mar 19 at 16:59
Have you tried setting up more strict rules for captcha from admin, or try with third party google recaptcha
– Pravin
Mar 19 at 17:14
add a comment |
Your Answer
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "479"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fmagento.stackexchange.com%2fquestions%2f266564%2fmagento-2-2-6-how-to-prevent-spam-account-registration%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
3 Answers
3
active
oldest
votes
3 Answers
3
active
oldest
votes
active
oldest
votes
active
oldest
votes
Magento 2 extension for blocking spam creating new customer accounts
https://github.com/mageplaza/magento-2-google-recaptcha
https://github.com/samsteele/spam-registration-blocker
https://github.com/arcmedia/mage2-customer-honeypot
Magento 2 extension for blocking (RUSSIAN) spam bots creating new customer accounts
https://github.com/Kreativsoehne/magento-2-simple-antispam
edited Mar 19 at 17:32
Amit Bera♦
61.3k1683182
answered Mar 19 at 17:03
MageSoftechMageSoftech
15811
1
i installed the mageplaza google recaptcha extension yesterday, have not get any new russian spam signup for a day now, i'll pick this one as an answer. thanks.
– Kris Wen
Mar 20 at 16:11
glad to help you.
– MageSoftech
Mar 20 at 16:19
add a comment |
Magento 2 extension for blocking spam creating new customer accounts
https://github.com/mageplaza/magento-2-google-recaptcha
https://github.com/samsteele/spam-registration-blocker
https://github.com/arcmedia/mage2-customer-honeypot
Magento 2 extension for blocking (RUSSIAN) spam bots creating new customer accounts
https://github.com/Kreativsoehne/magento-2-simple-antispam
edited Mar 19 at 17:32
Amit Bera♦
61.3k1683182
answered Mar 19 at 17:03
MageSoftechMageSoftech
15811
1
i installed the mageplaza google recaptcha extension yesterday, have not get any new russian spam signup for a day now, i'll pick this one as an answer. thanks.
– Kris Wen
Mar 20 at 16:11
glad to help you.
– MageSoftech
Mar 20 at 16:19
add a comment |
Magento 2 extension for blocking spam creating new customer accounts
https://github.com/mageplaza/magento-2-google-recaptcha
https://github.com/samsteele/spam-registration-blocker
https://github.com/arcmedia/mage2-customer-honeypot
Magento 2 extension for blocking (RUSSIAN) spam bots creating new customer accounts
https://github.com/Kreativsoehne/magento-2-simple-antispam
edited Mar 19 at 17:32
Amit Bera♦
61.3k1683182
answered Mar 19 at 17:03
MageSoftechMageSoftech
15811
Magento 2 extension for blocking spam creating new customer accounts
https://github.com/mageplaza/magento-2-google-recaptcha
https://github.com/samsteele/spam-registration-blocker
https://github.com/arcmedia/mage2-customer-honeypot
Magento 2 extension for blocking (RUSSIAN) spam bots creating new customer accounts
https://github.com/Kreativsoehne/magento-2-simple-antispam
edited Mar 19 at 17:32
Amit Bera♦
61.3k1683182
answered Mar 19 at 17:03
MageSoftechMageSoftech
15811
edited Mar 19 at 17:32
Amit Bera♦
61.3k1683182
edited Mar 19 at 17:32
Amit Bera♦
61.3k1683182
edited Mar 19 at 17:32
Amit Bera♦
61.3k1683182
61.3k1683182
answered Mar 19 at 17:03
MageSoftechMageSoftech
15811
answered Mar 19 at 17:03
MageSoftechMageSoftech
15811
answered Mar 19 at 17:03
MageSoftechMageSoftech
15811
15811
1
i installed the mageplaza google recaptcha extension yesterday, have not get any new russian spam signup for a day now, i'll pick this one as an answer. thanks.
– Kris Wen
Mar 20 at 16:11
glad to help you.
– MageSoftech
Mar 20 at 16:19
add a comment |
1
i installed the mageplaza google recaptcha extension yesterday, have not get any new russian spam signup for a day now, i'll pick this one as an answer. thanks.
– Kris Wen
Mar 20 at 16:11
glad to help you.
– MageSoftech
Mar 20 at 16:19
1
1
i installed the mageplaza google recaptcha extension yesterday, have not get any new russian spam signup for a day now, i'll pick this one as an answer. thanks.
– Kris Wen
Mar 20 at 16:11
i installed the mageplaza google recaptcha extension yesterday, have not get any new russian spam signup for a day now, i'll pick this one as an answer. thanks.
– Kris Wen
Mar 20 at 16:11
glad to help you.
– MageSoftech
Mar 20 at 16:19
glad to help you.
– MageSoftech
Mar 20 at 16:19
add a comment |
in magento 2.3.1 you can simply create user with direct API access, using POSTMAN request with Content-Type:application/json
and this raw body:
"customer":
"email": "jdoe@example.com",
"firstname": "Jane",
"lastname": "Doe",
"addresses": [
"defaultShipping": true,
"defaultBilling": true,
"firstname": "Jane",
"lastname": "Doe",
"region":
"regionCode": "NY",
"region": "New York",
"regionId": 43
,
"postcode": "10755",
"street": [
"123 Oak Ave"
],
"city": "Purchase",
"telephone": "512-555-1111",
"countryId": "US"
]
,
"password": "Password1"
response:
"id": 22,
"group_id": 1,
"default_billing": "16",
"default_shipping": "16",
"created_at": "2019-06-09 11:48:19",
"updated_at": "2019-06-09 11:48:19",
"created_in": "Default Store View",
"email": "jdoe@example.com",
"firstname": "Jane",
"lastname": "Doe",
"store_id": 1,
"website_id": 1,
"addresses": [
"id": 16,
"customer_id": 22,
"region":
"region_code": "NY",
"region": "New York",
"region_id": 43
,
"region_id": 43,
"country_id": "US",
"street": [
"123 Oak Ave"
],
"telephone": "512-555-1111",
"postcode": "10755",
"city": "Purchase",
"firstname": "Jane",
"lastname": "Doe",
"default_shipping": true,
"default_billing": true
],
"disable_auto_group_change": 0,
"extension_attributes":
"is_subscribed": false
answered Jun 9 at 11:50
MagenXMagenX
2,2921027
Is API access on by default? Do you not need an API user and / or role configured? Or is this on by default too?
– Dominic Xigen
Jun 9 at 14:09
magento 2 api is always open, some parts required access token, but mostly not.
– MagenX
Jun 9 at 16:22
I'm checking for creating a customer in the docs. Found this devdocs.magento.com/guides/v2.3/rest/tutorials/orders/… but that says you need token. Can you create customer without token? I'm trying to figure out whether we need to start locking down api. Also found this. devdocs.magento.com/guides/v2.3/rest/…. that would suggest yes it is open. But as you say a lot of stuff is open. That has surprised me.
– Dominic Xigen
Jun 9 at 18:53
wow. how do i lock down the create account api in this case?
– Kris Wen
Jun 10 at 16:22
you can deny access by IP or create some security rule, to check access with some logic
– MagenX
Jun 10 at 17:48
add a comment |
in magento 2.3.1 you can simply create user with direct API access, using POSTMAN request with Content-Type:application/json
and this raw body:
"customer":
"email": "jdoe@example.com",
"firstname": "Jane",
"lastname": "Doe",
"addresses": [
"defaultShipping": true,
"defaultBilling": true,
"firstname": "Jane",
"lastname": "Doe",
"region":
"regionCode": "NY",
"region": "New York",
"regionId": 43
,
"postcode": "10755",
"street": [
"123 Oak Ave"
],
"city": "Purchase",
"telephone": "512-555-1111",
"countryId": "US"
]
,
"password": "Password1"
response:
"id": 22,
"group_id": 1,
"default_billing": "16",
"default_shipping": "16",
"created_at": "2019-06-09 11:48:19",
"updated_at": "2019-06-09 11:48:19",
"created_in": "Default Store View",
"email": "jdoe@example.com",
"firstname": "Jane",
"lastname": "Doe",
"store_id": 1,
"website_id": 1,
"addresses": [
"id": 16,
"customer_id": 22,
"region":
"region_code": "NY",
"region": "New York",
"region_id": 43
,
"region_id": 43,
"country_id": "US",
"street": [
"123 Oak Ave"
],
"telephone": "512-555-1111",
"postcode": "10755",
"city": "Purchase",
"firstname": "Jane",
"lastname": "Doe",
"default_shipping": true,
"default_billing": true
],
"disable_auto_group_change": 0,
"extension_attributes":
"is_subscribed": false
answered Jun 9 at 11:50
MagenXMagenX
2,2921027
Is API access on by default? Do you not need an API user and / or role configured? Or is this on by default too?
– Dominic Xigen
Jun 9 at 14:09
magento 2 api is always open, some parts required access token, but mostly not.
– MagenX
Jun 9 at 16:22
I'm checking for creating a customer in the docs. Found this devdocs.magento.com/guides/v2.3/rest/tutorials/orders/… but that says you need token. Can you create customer without token? I'm trying to figure out whether we need to start locking down api. Also found this. devdocs.magento.com/guides/v2.3/rest/…. that would suggest yes it is open. But as you say a lot of stuff is open. That has surprised me.
– Dominic Xigen
Jun 9 at 18:53
wow. how do i lock down the create account api in this case?
– Kris Wen
Jun 10 at 16:22
you can deny access by IP or create some security rule, to check access with some logic
– MagenX
Jun 10 at 17:48
add a comment |
in magento 2.3.1 you can simply create user with direct API access, using POSTMAN request with Content-Type:application/json
and this raw body:
"customer":
"email": "jdoe@example.com",
"firstname": "Jane",
"lastname": "Doe",
"addresses": [
"defaultShipping": true,
"defaultBilling": true,
"firstname": "Jane",
"lastname": "Doe",
"region":
"regionCode": "NY",
"region": "New York",
"regionId": 43
,
"postcode": "10755",
"street": [
"123 Oak Ave"
],
"city": "Purchase",
"telephone": "512-555-1111",
"countryId": "US"
]
,
"password": "Password1"
response:
"id": 22,
"group_id": 1,
"default_billing": "16",
"default_shipping": "16",
"created_at": "2019-06-09 11:48:19",
"updated_at": "2019-06-09 11:48:19",
"created_in": "Default Store View",
"email": "jdoe@example.com",
"firstname": "Jane",
"lastname": "Doe",
"store_id": 1,
"website_id": 1,
"addresses": [
"id": 16,
"customer_id": 22,
"region":
"region_code": "NY",
"region": "New York",
"region_id": 43
,
"region_id": 43,
"country_id": "US",
"street": [
"123 Oak Ave"
],
"telephone": "512-555-1111",
"postcode": "10755",
"city": "Purchase",
"firstname": "Jane",
"lastname": "Doe",
"default_shipping": true,
"default_billing": true
],
"disable_auto_group_change": 0,
"extension_attributes":
"is_subscribed": false
answered Jun 9 at 11:50
MagenXMagenX
2,2921027
in magento 2.3.1 you can simply create user with direct API access, using POSTMAN request with Content-Type:application/json
and this raw body:
"customer":
"email": "jdoe@example.com",
"firstname": "Jane",
"lastname": "Doe",
"addresses": [
"defaultShipping": true,
"defaultBilling": true,
"firstname": "Jane",
"lastname": "Doe",
"region":
"regionCode": "NY",
"region": "New York",
"regionId": 43
,
"postcode": "10755",
"street": [
"123 Oak Ave"
],
"city": "Purchase",
"telephone": "512-555-1111",
"countryId": "US"
]
,
"password": "Password1"
response:
"id": 22,
"group_id": 1,
"default_billing": "16",
"default_shipping": "16",
"created_at": "2019-06-09 11:48:19",
"updated_at": "2019-06-09 11:48:19",
"created_in": "Default Store View",
"email": "jdoe@example.com",
"firstname": "Jane",
"lastname": "Doe",
"store_id": 1,
"website_id": 1,
"addresses": [
"id": 16,
"customer_id": 22,
"region":
"region_code": "NY",
"region": "New York",
"region_id": 43
,
"region_id": 43,
"country_id": "US",
"street": [
"123 Oak Ave"
],
"telephone": "512-555-1111",
"postcode": "10755",
"city": "Purchase",
"firstname": "Jane",
"lastname": "Doe",
"default_shipping": true,
"default_billing": true
],
"disable_auto_group_change": 0,
"extension_attributes":
"is_subscribed": false
answered Jun 9 at 11:50
MagenXMagenX
2,2921027
answered Jun 9 at 11:50
MagenXMagenX
2,2921027
answered Jun 9 at 11:50
MagenXMagenX
2,2921027
answered Jun 9 at 11:50
MagenXMagenX
2,2921027
2,2921027
Is API access on by default? Do you not need an API user and / or role configured? Or is this on by default too?
– Dominic Xigen
Jun 9 at 14:09
magento 2 api is always open, some parts required access token, but mostly not.
– MagenX
Jun 9 at 16:22
I'm checking for creating a customer in the docs. Found this devdocs.magento.com/guides/v2.3/rest/tutorials/orders/… but that says you need token. Can you create customer without token? I'm trying to figure out whether we need to start locking down api. Also found this. devdocs.magento.com/guides/v2.3/rest/…. that would suggest yes it is open. But as you say a lot of stuff is open. That has surprised me.
– Dominic Xigen
Jun 9 at 18:53
wow. how do i lock down the create account api in this case?
– Kris Wen
Jun 10 at 16:22
you can deny access by IP or create some security rule, to check access with some logic
– MagenX
Jun 10 at 17:48
add a comment |
Is API access on by default? Do you not need an API user and / or role configured? Or is this on by default too?
– Dominic Xigen
Jun 9 at 14:09
magento 2 api is always open, some parts required access token, but mostly not.
– MagenX
Jun 9 at 16:22
I'm checking for creating a customer in the docs. Found this devdocs.magento.com/guides/v2.3/rest/tutorials/orders/… but that says you need token. Can you create customer without token? I'm trying to figure out whether we need to start locking down api. Also found this. devdocs.magento.com/guides/v2.3/rest/…. that would suggest yes it is open. But as you say a lot of stuff is open. That has surprised me.
– Dominic Xigen
Jun 9 at 18:53
wow. how do i lock down the create account api in this case?
– Kris Wen
Jun 10 at 16:22
you can deny access by IP or create some security rule, to check access with some logic
– MagenX
Jun 10 at 17:48
Is API access on by default? Do you not need an API user and / or role configured? Or is this on by default too?
– Dominic Xigen
Jun 9 at 14:09
Is API access on by default? Do you not need an API user and / or role configured? Or is this on by default too?
– Dominic Xigen
Jun 9 at 14:09
magento 2 api is always open, some parts required access token, but mostly not.
– MagenX
Jun 9 at 16:22
magento 2 api is always open, some parts required access token, but mostly not.
– MagenX
Jun 9 at 16:22
I'm checking for creating a customer in the docs. Found this devdocs.magento.com/guides/v2.3/rest/tutorials/orders/… but that says you need token. Can you create customer without token? I'm trying to figure out whether we need to start locking down api. Also found this. devdocs.magento.com/guides/v2.3/rest/…. that would suggest yes it is open. But as you say a lot of stuff is open. That has surprised me.
– Dominic Xigen
Jun 9 at 18:53
I'm checking for creating a customer in the docs. Found this devdocs.magento.com/guides/v2.3/rest/tutorials/orders/… but that says you need token. Can you create customer without token? I'm trying to figure out whether we need to start locking down api. Also found this. devdocs.magento.com/guides/v2.3/rest/…. that would suggest yes it is open. But as you say a lot of stuff is open. That has surprised me.
– Dominic Xigen
Jun 9 at 18:53
wow. how do i lock down the create account api in this case?
– Kris Wen
Jun 10 at 16:22
wow. how do i lock down the create account api in this case?
– Kris Wen
Jun 10 at 16:22
you can deny access by IP or create some security rule, to check access with some logic
– MagenX
Jun 10 at 17:48
you can deny access by IP or create some security rule, to check access with some logic
– MagenX
Jun 10 at 17:48
add a comment |
Enable Captcha From
Admin -> Store -> Configuration - > Customer -> Customer Configuration
- > Captcha , Choose Create User
option
answered Mar 19 at 16:57
PravinPravin
403521
I already enable the magento reCAPTCHA but they're bypassing it. thanks
– Kris Wen
Mar 19 at 16:59
Have you tried setting up more strict rules for captcha from admin, or try with third party google recaptcha
– Pravin
Mar 19 at 17:14
add a comment |
Enable Captcha From
Admin -> Store -> Configuration - > Customer -> Customer Configuration
- > Captcha , Choose Create User
option
answered Mar 19 at 16:57
PravinPravin
403521
I already enable the magento reCAPTCHA but they're bypassing it. thanks
– Kris Wen
Mar 19 at 16:59
Have you tried setting up more strict rules for captcha from admin, or try with third party google recaptcha
– Pravin
Mar 19 at 17:14
add a comment |
Enable Captcha From
Admin -> Store -> Configuration - > Customer -> Customer Configuration
- > Captcha , Choose Create User
option
answered Mar 19 at 16:57
PravinPravin
403521
Enable Captcha From
Admin -> Store -> Configuration - > Customer -> Customer Configuration
- > Captcha , Choose Create User
option
answered Mar 19 at 16:57
PravinPravin
403521
answered Mar 19 at 16:57
PravinPravin
403521
answered Mar 19 at 16:57
PravinPravin
403521
answered Mar 19 at 16:57
PravinPravin
403521
403521
I already enable the magento reCAPTCHA but they're bypassing it. thanks
– Kris Wen
Mar 19 at 16:59
Have you tried setting up more strict rules for captcha from admin, or try with third party google recaptcha
– Pravin
Mar 19 at 17:14
add a comment |
I already enable the magento reCAPTCHA but they're bypassing it. thanks
– Kris Wen
Mar 19 at 16:59
Have you tried setting up more strict rules for captcha from admin, or try with third party google recaptcha
– Pravin
Mar 19 at 17:14
I already enable the magento reCAPTCHA but they're bypassing it. thanks
– Kris Wen
Mar 19 at 16:59
I already enable the magento reCAPTCHA but they're bypassing it. thanks
– Kris Wen
Mar 19 at 16:59
Have you tried setting up more strict rules for captcha from admin, or try with third party google recaptcha
– Pravin
Mar 19 at 17:14
Have you tried setting up more strict rules for captcha from admin, or try with third party google recaptcha
– Pravin
Mar 19 at 17:14
add a comment |
Thanks for contributing an answer to Magento Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fmagento.stackexchange.com%2fquestions%2f266564%2fmagento-2-2-6-how-to-prevent-spam-account-registration%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
spam registration is coming from unprotected API access. see my answer below. you can generate accounts registration all day long with customized data
– MagenX
Jun 9 at 11:54