I am getting massive amounts of fake newsletter subscriptions – mostly a randomly generated Yahoo email address. I've looked through the logs and there are 50+ IP addresses, seems like it's from a botnet. Anyway, does anyone have any ideas how I could stop this? Should it be done on a server level or at a codebase level?
Magento 1.7 – Blocking Bots and Hackers from Accessing Newsletter Subscription
magento-1.7newsletterSecurity
Best Answer
I know two options you have:
Add a fake field, with a cool name, like name or url, make it invisible with JS or CSS (something the bot can't interpret), then the bot fill this field but a human does not and then check whether the field is filed, if it is, it is a bot.
For your luck, we already did something like this, but I just saw, newsletter registration is missing. But you can only register for newsletter (in core magento) if you are registered. So I can only inspire you: https://github.com/magento-hackathon/HoneySpam/
The second thing you can do (but there is NO REASON IN THE WORLD TO DO SO(!!)) is using a captcha. Bad idea, bad technique, bad behavier, a lot of problems for your customers willing to register for the newsletter. So this is more a plan Y. Shortly before plan Z disable the form.