How To Stop Spam Bot Registration??

New Member
3 0 0

@Tim - has this serious issue been resolved?

After reading all the posts, it appears that it hasn't and that is a serious issue to leave unattended.

@SHOPIFY - please confirm if this has been rectified and there are no more serious breeches in code.

 

thank you.

0 Likes
Shopify Partner
25 0 4

@DaffCollins I just tested the PHP I speak of early in the thread. Still works (with one minor change).

0 Likes
New Member
1 0 0
Anyone know what reason they are opting in for? Any why Shopify doesn’t respond? My assumption is they have themselves unleashed these bots so that customers building new stores think they are getting traffic when they’re not so they stay onboard? If not why no response, and why do they say you need a certain amount of visits before your first purchase?

Seriously why would someone build a bot to register for no reason?
0 Likes
Tourist
7 0 1

So, I've had a store for a few years. Not doing much with it just yet, but I just recently got found by the spambots. Yes to useless customer accounts and spam email. Very annoying. I refuse to spend an additional $5 on an app for a store that isn't generating income. 
 
Possible solution...
Within the Customers tab, if you 'select all' on the customers and then select Delete. A shopify warning comes up to say that it will only delete customers with no orders. That works for me - unless you all can think of a reason, that that is not worthy. Thoughts?

And yes, this is really annoying to have to do this when Shopify is being paid to do this for us. grrr.

0 Likes
Shopify Partner
1 0 0

I am really surprised a topic open for 2 years is not solved by Shopify. They could partner up with companies who have spam apis to check the accounts. I reported that to shopify a few weeks ago as well. we have a new shop and 50 fakes already. We all know how important clean emails are. Those wo wants to run their list through a database have a look here: https://cleantalk.org/price-database-api I bought it to run 5 stores through them. up to 3k at the same time you can copy and paste into their website for check and its pretty cheap ($3 for 10k requests). that helps for onetime cleanup. But for daily i still dont have a solution for that :(

0 Likes
Excursionist
30 2 19

A reCaptcha on the page is the easiest solution:

 

You will need to edit the code on the "templates/customer/register.liquid" page

 

First if you don't already have a reCaptcha account you can sign up here:

https://www.google.com/recaptcha/intro/v3.html

 

Add your site in reCaptcha and get a SITE KEY, and insert it in the code below, and add these to the top of the registration page.

<script>
  var actCallback = function (response) {
    $('#customerSubmit').prop("disabled", false);
    $('#re-captcha').remove();
  };
  var expCallback = function() {
    $('#customerSubmit').prop("disabled", true);
  };

  var onloadCallback = function () {
    var widget = grecaptcha.render(document.getElementById("re-captcha"), {
      'sitekey' : "123456789ABCDEFG", // Add Sitekey Here from reCaptcha
      'theme': "light",
      'callback' : actCallback,
      'expired-callback': expCallback,
    });
  }
</script>

And Google Recaptcha Tag:

<script src="https://www.google.com/recaptcha/api.js?onload=onloadCallback&render=explicit" async defer></script>

Remove or modify the current submit button on the registration page:

<div id="re-captcha"></div>
<input type="submit" id="customerSubmit" value="Create an Account" class="btn" disabled>

If added properly, you will not be able to click the submit form button until the reCaptcha criteria has been met.

 

This solved the bot spamming for all my sites.

 

 

4 Likes
Tourist
3 0 0

This isn't working for me - it's saying invalid site key.

0 Likes
Highlighted
Excursionist
30 2 19
Make sure when you set up the site within Captcha that you enter it without https or www. If it still doesn’t work make a new property all together.
0 Likes
Excursionist
30 2 19
Also Make sure you set it up with reCaptcha v2
1 Like
Tourist
3 0 0

Boom! That was the problem. I was using V3 - thanks so much. Working perfectly now.

0 Likes