So, one day, I noticed one of my servers was sending a ton of emails out to dodgy looking ….@mail.ru or ….@list.ru addresses. UH OH!
At first I thought the mail server on my webserver had been compromised. On further investigation I managed to see to that the contents of these mails were account registration validation emails. Looking in the Magento admin (Customers>Manage Customers) I saw them…thousands of new customer registrations – with Russian copy in the name fields and, on the whole [something]@mail.ru or [something]@list.ru addresses but also some with [something]@gmail.com.
Gmail can jump on sending servers/accounts when it detects a large number of similar emails being sent in a short space of time, or when a lot of emails are sent to duff gmail.com addresses. This can mean either be greylisted, blacklisted, or at best having a load of mails delayed (sitting your mail queue) and generally rejected. This could mean customers with valid gmail addresses do not receive their order emails, password reset emails, or whatever.
Stopping New Spam Registrations in Magento
So. The first thing to do is to switch on the customer registration captcha if it is not already. Go to
Configuration>Customers>Customer Configuration>CAPTCHA and turn it on.
You will need to clear your config and html caches…basically just clear them all.
Hopefully you will see one of those hard-to-read annoying type the characters images on your new account form. If you see something like this
then the captcha code is now running but you probably have to go and change the permissions for the captcha folder on the server. Navigate to your website root and then run:
# chown -R apache:apache media/captcha/
instead of apache:apache you might need to substitute the user and group which your web service runs under. Look at some of the other folders, such as the var/log folder to see what they are set as. You can see the permissions by extending the ls command such as
# ls -lh
(list with details with human readable figures)
The media/captcha folder also needs to be writable by the user and group so, if the doodad still doesn’t appear try doing a
# chmod -R 775 media/captcha/
After all this you should be able to see one of these hateful hard-to-read captcha boxes:
You can look into adding a Google Recaptcha or other solution at a later date, but this should stop bot registrations for now.
Removing Spam Registrations in Magento
Before you delete anything – back up your database! Just in case you delete your top customers’ details.
So…unless you do a lot of dealings with the Russians you could probably safely remove all emails with a mail.ru or list.ru address. However, in my spam list, all the messages had an http link in. Why the hell URLs are allowed in a name field on a form is puzzling (….Magento devs…?) but this is quite handy for finding and deleting them.
Make a note of the total number of all customer records you have.
Type http (or @mail.ru for example) into the search field and hit the search button. Hopefully you will now have a number of records lower than the original total number. Hit “select all”. Check that the number selected equals that in the new list and NOT the original grand total.
Hit delete…..and wait…..it might be your server times out before finishing…so you might have to log in and start again.
There may well be some odds and sods left so manually go in and check for any odd looking names or what-have-you.
Save your DB backup away – just in case Mr Important from Moneybags.com can’t log in. You could always recreate him however from an order (which are untouched).
Happy spam killing