Magento 1.7 – Blocking Bots and Hackers from Accessing Newsletter Subscription

magento-1.7newsletterSecurity

I am getting massive amounts of fake newsletter subscriptions – mostly a randomly generated Yahoo email address. I've looked through the logs and there are 50+ IP addresses, seems like it's from a botnet. Anyway, does anyone have any ideas how I could stop this? Should it be done on a server level or at a codebase level?

Best Answer

I know two options you have:

Add a fake field, with a cool name, like name or url, make it invisible with JS or CSS (something the bot can't interpret), then the bot fill this field but a human does not and then check whether the field is filed, if it is, it is a bot.

For your luck, we already did something like this, but I just saw, newsletter registration is missing. But you can only register for newsletter (in core magento) if you are registered. So I can only inspire you: https://github.com/magento-hackathon/HoneySpam/
The second thing you can do (but there is NO REASON IN THE WORLD TO DO SO(!!)) is using a captcha. Bad idea, bad technique, bad behavier, a lot of problems for your customers willing to register for the newsletter. So this is more a plan Y. Shortly before plan Z disable the form.

Best Answer

Related Solutions

Magento – Magento Newsletter Subscription Confirmation NOT sent

Magento 1.9.1.1 Newsletter – Newsletter Subscription Email in Magento

This is a default functionality of Magento.

Related Topic