Magento2: How to avoid fake registration?
https://magento.stackexchange.com/questions/304451
-
09-04-2021 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianВопрос
How to avoid fake registration?
I have added google ReCaptcha. But getting the same issue.
Please help me
Решение
I think there is some leakage in your Magento instance.
So, you have identified from which URL this fake registration and then apply your fixation.
let's create plugins on below classes and add the debugger to every plugin and check $_REQUEST value for tracking from URLs this issue happen.
Magento\Customer\Model\AccountManagementMagento\Customer\Model\ResourceModel\CustomerRepository
Create di.xml at app/code/{Vendor}/{Modulename}/etc/ and declare plugin on this files:
Code
<?xml version="1.0" ?>
<config xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="urn:magento:framework:ObjectManager/etc/config.xsd">
<type name="Magento\Customer\Model\AccountManagement">
<plugin disabled="false" name="StackExchanges_Magento_Plugin_Magento_Customer_Model_AccountManagement"
sortOrder="10" type="{Vendor}\{Modulename}\Plugin\Magento\Customer\Model\AccountManagement"/>
</type>
<type name="Magento\Customer\Model\ResourceModel\CustomerRepository">
<plugin disabled="false" name="StackExchanges_Magento_Plugin_Magento_Customer_Model_ResourceModel_CustomerRepository"
sortOrder="10" type="{Vendor}\{Modulename}\Plugin\Magento\Customer\Model\ResourceModel\CustomerRepository"/>
</type>
</config>
Plugin Class:
First plugin class
app/code/{Vendor}/{Modulename}/Plugin/Magento/Customer/Model/ResourceModel/CustomerRepository.php
Code
<?php
namespace {Vendor}\{Modulename}\Plugin\Magento\Customer\Model\ResourceModel;
/**
* Class CustomerRepository
*
*/
class CustomerRepository
{
private $logger;
public function __construct(
\Psr\Log\LoggerInterface $logger
) {
$this->logger = $logger;
}
public function beforeSave(
\Magento\Customer\Model\ResourceModel\CustomerRepository $subject,
$customer,
$passwordHash = null
) {
$this->logger->log(100,print_r($_REQUEST,true));
return [$customer, $passwordHash];
}
}
Second plugin class
Path: app/code/{Vendor}/{Modulename}/Plugin/Magento/Customer/Model/AccountManagement.phpp
Code
<?php
namespace {Vendor}\{Modulename}\Plugin\Magento\Customer\Model;
/**
* Class AccountManagement
*
* @package StackExchanges\Magento\Plugin\Magento\Customer\Model
*/
class AccountManagement
{
private $logger;
public function __construct(
\Psr\Log\LoggerInterface $logger
) {
$this->logger = $logger;
}
public function beforeCreateAccount(
\Magento\Customer\Model\AccountManagement $subject,
$redirectUrl = '',
$password = null,
$customer
) {
$this->logger->log(100,print_r($_REQUEST,true));
return [$redirectUrl, $password, $customer];
}
}
See at every plugin I have added logger $this->logger->log(100,print_r($_REQUEST,true)) to track check what is post when trying to create customer or save customer.
and the logs will print on var/log/debug.log files.
From these log files, you can find from which URLs(like customer/account/create) the data is posting and the customer is creating and you can analyze the data.
If you will find that url from where the wrong customer register, then you reverify why google captcha is not working or if not working you can fix that also. Implement the fixation accordingly.
Apply some solution to stop the fake user to register
Suppose, if the email like mail.ru, you want to stop register, then add below code before $this->logger->log(100,print_r($_REQUEST,true)); at this two plugin.
if (strpos($email, 'mail.ru') !== false) {
throw new \Magento\Framework\Exception\InputException(__('Invalid Customer register.'));
}
Example
<?php
namespace StackExchanges\Magento\Plugin\Magento\Customer\Model;
/**
* Class AccountManagement
*
* @package StackExchanges\Magento\Plugin\Magento\Customer\Model
*/
class AccountManagement
{
private $logger;
public function __construct(
\Psr\Log\LoggerInterface $logger
) {
$this->logger = $logger;
}
public function beforeCreateAccount(
\Magento\Customer\Model\AccountManagement $subject,
$redirectUrl = '',
$password = null,
$customer
) {
$email = $customer->getEmail();
// match and throw error for stop registraion
if (strpos($email, 'mail.ru') !== false) {
throw new \Magento\Framework\Exception\InputException(__('Invalid Customer register.'));
}
$this->logger->log(100,print_r($_REQUEST,true));
return [$redirectUrl, $password, $customer];
}
}
Другие советы
Custom Captcha (with some complex algorithm) is best option for you as you don't want to integrate OTP functionality in registration page.
There is also one option if you know the email domains which are registered as a fake customer as per your screenshot is mail.ru, for this you need to add some custom code in your customer create controller class, for reference please check below sample code :
if($postrequest['email']) {
$rejectList = array('mailinator','mail.ru','yopmail'); //you can mention as many email domains as per your need
$str = explode('@',$postrequest['email'],2);
$domain = explode('.',$str[1],2);
if(in_array($domain[0],$rejectList)) {
$this->messageManager->addException($e, __('Enter valid domain name in Email.'));
return $resultRedirect->setUrl($this->_redirect->error($defaultUrl));
}
}
Please let me know this solution is working for you or not?
If you want to avoid fake registration.
- Put OTP verification by mobile or email.
That is the best way, because who is genuine that user only verifies their number.
We're using MSP ReCaptcha which allows you to use Google ReCaptcha v3 API and invisble Captcha. It is much more effective against bots. For us this has made a huge difference in the amount of Russian spam account.
there is a paid and unpaid solution if you want to go with paid use SMS Authentication for new sign-up if you want to go with free option use Google Recaptcha & email verification required for new signup!
