After migrating a Magento webshop to a new host, there suddenly these 2 last days appears hundreds of fake user registration users. They have name like nzyaffmrtk , lrdrbzcuca and weird emails.. Does anyone know why? What can I do to stop this? With out adding an extension that will rewrite the core files.
Magento – Spammed with fake user registration
magento-1.6user
Related Solutions
Go to http://www.silksoftware.com/magento-module-creator/#.VG-SJ_nF9Zo and using its Module Creator to create a new module called "YourCustomerAttribute".
Set "Add Customer Attribute" to YES Make proper inputs and selections as you needed. Make sure to select the forms you needed the new attributes to be used. Generate the module. Upload the module to your Magento folder.
Modify located at app/design/frontend/base/default/template/persistent/customer/form/register.phtml and add:
<div class="input-box">
<label for="YourAttributeName"><?php echo $this->__('YourAttributeName') ?><span class="required">*</span></label><br />
<textarea rows="4" cols="50" name="YourAttributeName" id="YourAttributeID" value="<?php echo $this->htmlEscape($this->getFormData()->getYourAttributeName()) ?>" title="<?php echo $this->__('YourAttributeName') ?>" class="required-entry input-text" ></textarea>
</div>
If you want customer to be able to modify the attribute in customer panel, then modify app/design/frontend/base/default/template/customer/form/edit.phtm and add:
<li>
<label for="YourAttributeName" class="required"><em>*</em><?php echo $this->__('YourAttributeName') ?></label>
<div class="input-box">
<textarea rows="4" cols="50" name="YourAttributeName" id="YourAttributeID" value="<?php echo $this->htmlEscape($this->getFormData()->getYourAttributeName()) ?>" title="<?php echo $this->__('YourAttributeName') ?>" class="required-entry input-text" ></textarea>
</div>
</li>
clear all caches.
There's little point quoting peak figures, Magento will handle as much traffic as you have the budget and expertise to facilitate.
At larger scales, as the bottleneck shifts, you often find that Magento looks less and less like Magento as some functionality is stripped/replaced.
Instead, I'll quote what the demands of typical stores from a hardware perspective.
- A standard Magento demo store is capable of delivering roughly 230 uniques per GHz, per hour.
- A typical web store, with admin user activity, development activity, product addition/deletion can see this degrade by around 100%, to 115 uniques per GHz, per hour.
- A store with a poorly built/heavy template can further reduce the figure by another 100-200%, to 50 uniques per GHz, per hour.
The above is assuming a traditional ecommerce store with balanced distribution of window shoppers, engagers and converters.
Safe to say, you can happily see millions of visitors per day - given you're asking on Stack Exchange, I'd assume you are well under this threshold.
Best Answer
You could possibly add what one would call a 'bot trap' into your registration page. You see, bots don't have eyes. And without eyes the only way to fill out a form is via field automation. Therefore, they must 'feel' for the fields within a form. So, how do you trick a blind robot? You create an invisible field called something official sounding like 'nickname' and then filter your applications thusly.
How does this play out in the real world? A person, being non-mechanical and (hopefully) having at least one optical field searching mechanism will never find (nor click, nor type into) this invisible field. However, robots, being very much the opposite will happily fill out every single field on the page.
In the backend just reject all applications with this field filled in.
:D