Over the last few days we have been getting spam customer registrations, every 90mins about 20 "accounts" are created in a few mins, with the first name being eg Рассадина Зинаида Пантелеймоновна, мы определили победителей совместного конкурса с помощью Google и Random.Org: https://www.google.com/#btnI=RandomOrg-%32&q=b%54%63%320%31%38rU
Its seems the idea is to spam using our welcome email with the link in the first name field going to a targets email ( we got a reported spam warning from hotmail)
We already have captcha running as suggested in this answer:
https://stackoverflow.com/questions/47144150/preventing-spam-direct-post-request-customer-registrations-in-magento
and we have changed the maxlength on the create account page for the first and second name from 255 to 50 thinking at least we can stop the there goal of posting the long url link in the first name. But that is being bypassed and they are still able to post first names with 200+ characters.
Is there a way to enforce the 50 character limit?
Best Answer
I had the same problem and solved it as follows.
Go with phpmyadmin to the database table
customer_eav_attribute
and edit the record 5 (attribute_id 5).Edit content table column
validate_rules -> max_text_length "; i: 255" to "-> max_text_length"; i: 65
.attribute_id 5
is the first name and the values in the validate_rules are checked before the update to the database.Because the bot almost always enters 155 characters. Should it only be rejected from now on.