My magento site has been spam attacked with sign ups mainly Russian, due to the fact as far as I can tell that I didnt set my Newsletter to “Need to confirm” i’ve also turned off Allow Guest Subscription, and for the moment i have also Disabled newsletter altogether just to see if this has an effect. I have now dropped fromm 90-180 spam subscriptions a day to 5 (im hoping this just ones that are just stuck on loop with their email client) before I re-enable Newsletter is there anything else I need to add or extension I can download to make this less likely to this spam attack? I was looking for captcha but I can’t see it anywhere. Also what is the point of this attack? apart from being really annoying!
Many people have been subject to this issue over the years - including Magento 1 days. I have no idea what the reason behind the attack is.
Magento 2.3+
On Magento 2.3+ you should enable Google reCaptcha for Frontend. You’ll find the settings under:
Stores > Configuration > Security > Google reCaptcha
I recommend reCaptcha Type: Invisible reCpatcha v3. This will only challenge suspicious form submissions and not legitimate customers. This works a treat for me.