For some time my clients started receiving weird customer registrations. Since I have setup outgoing emails to bounce to my email account I also started receiving Magento Welcome emails for each new customer registrations email address that was outdated (closed email account for eg.).
Zeroth step for protection
I had captcha enabled on all forms (customer registration, guest checkout) but that did’t stop them.
Please check that you have captcha enabled: Admin > System > Configuration > Customers > Customer Configuration > CAPTCHA
- Change Enable CAPTCHA on Frontend to Yes
- Multiple select all items on Forms (maybe except Login?)
- Set Displaying Mode to Always
- Make sure captcha is displayed on all forms to not break legit customer actions (you can miss captcha in your customer templates if you did’t update templates manually)
How they did it
- they used Tor to scrape
/customer/account/create/content every 1min and 1sec
- they forwarded captcha image url to their server (always same IP fetching only captcha image)
- server would fetch captcha image and do OCR to extract captcha text
- then they would use Tor again to submit form with their spam message added in
How I stopped them (at least for now)
I have noticed in access logs that when they are downloading captcha image they do not send HTTP Referrer header because they are too lazy. So with that information in mind I have created new NGINX rule.
This is how it loked in Admin > Customer
This is a example of spam email send as Welcome email