Magento – Getting many Fake Customers and Newsletter Subscribers
customer-accountmagento-1magento1.9.3.1newsletter
I have been getting around 10 to 20 Fake customers in my magento 1.9.3.
Does anyone know how to block them?
Best Answer
There are few things are need for this.
1. Add form key in newsletter form
First,you need to add form_key in newsletter form for preventing against Cross Site Request and validated at form_key at post controller .Form Key Value in template and controller
Add a fake field, with a cool name, like name or url, make it invisible with JS or CSS (something the bot can't interpret), then the bot fill this field but a human does not and then check whether the field is filed, if it is, it is a bot.
For your luck, we already did something like this, but I just saw, newsletter registration is missing. But you can only register for newsletter (in core magento) if you are registered. So I can only inspire you: https://github.com/magento-hackathon/HoneySpam/
The second thing you can do (but there is NO REASON IN THE WORLD TO DO SO(!!)) is using a captcha. Bad idea, bad technique, bad behavier, a lot of problems for your customers willing to register for the newsletter. So this is more a plan Y. Shortly before plan Z disable the form.
What you could do is listen to the event for customer save before customer_save_before, check to see if they are subscribing to the newsletter, If they are then you can update the group assigned to the customer and they will be saved into this new group.
The attribute for newsletter subscription is is_subscribed and you can call setCustomerGroupId on the customer object to update the group.
Best Answer
There are few things are need for this.
1. Add form key in newsletter form
First,you need to add form_key in newsletter form for preventing against Cross Site Request and validated at form_key at post controller .Form Key Value in template and controller
2. Add Captcha to newsletter
Add captcha to newsletter form Add Captcha to subscribe.phml