Signup Spam Attack

Hello,

My magento site has been spam attacked with sign ups mainly Russian, due to the fact as far as I can tell that I didnt set my Newsletter to “Need to confirm” :unamused: i’ve also turned off Allow Guest Subscription, and for the moment i have also Disabled newsletter altogether just to see if this has an effect. I have now dropped fromm 90-180 spam subscriptions a day to 5 (im hoping this just ones that are just stuck on loop with their email client) before I re-enable Newsletter is there anything else I need to add or extension I can download to make this less likely to this spam attack? I was looking for captcha but I can’t see it anywhere. Also what is the point of this attack? apart from being really annoying!

Many thanks

Hey,

Many people have been subject to this issue over the years - including Magento 1 days. I have no idea what the reason behind the attack is.

Magento 2.3+

On Magento 2.3+ you should enable Google reCaptcha for Frontend. You’ll find the settings under:

Stores > Configuration > Security > Google reCaptcha

I recommend reCaptcha Type: Invisible reCpatcha v3. This will only challenge suspicious form submissions and not legitimate customers. This works a treat for me.

Magento 2.2.x (only)

For Magento 2.2, you have to install the module manually by following the Official Magento Documentation.

Brilliant thank you

Seems a really odd attack to me. I can’t think why it would do it other than just to be annoying? - odd, the world is a mystery.