Same issue here, over 2 weeks just spent ages deleting over 500 fake accounts. Shopify keeps pointing me towards overpriced 3rd party apps (bit suss?). The program is at their end, they need to protect it not us. starting to wonder if this is on just an upselling ploy. Promoted as a safe and secure site, yet cannot protect against sign up bots? Please keep this thread going until Shopify fixes it at their end once and for all.
The bots found my website about a week ago, so I guess I should be thankful they stayed away this long. I was about to hire a Shopify Expert to implement a Captia widget but, reading this thread, it seems that solution does not work.
Curious if there has been a permanent solution? Third-party or not. Or, are we still waiting on Shopify to own the problem.?
I agree it can be very frustrating to deal with bots creating fake accounts and/or submitting bogus contact or newsletter signup form requests on your store. Have you tried the Shop Protector app yet? Hundreds of users have had great success with this app and it doesn't use Captcha or any other type of Turing test so it's invisible to your users. We have a 14-day free trial if you're interested: https://apps.shopify.com/ellipsis-human-presence-technology
Best of luck.
Have been onto Shopify Support for the third time in as many weeks. Each time I am pushed to paying for third party apps. Today I asked why external developers are able to create simple apps which claim to prevent these bots, but Shopify’s Experts cannot. Was told that Shopify ‘focuses on making you successful and making it easier for you to sell your products’. Asked why Shopify does not think that protection from external threats such as bots, viruses and trojans would be seen by as a serious issue that directly impacts on our ‘success’. Then given the answer that ‘So you see, ecommerce is a fast paced changing world. Our developers make sure that we prevent those bots from signing up. But as time goes by these bots change as well allowing them to sign up.’ Yet the external developers are able to do this (for a fee!). I am very concerned if Shopify cannot protect stores from Signup bots, how can it protect our customer’s data and personal details (including banking) from external threats which have a more sinister aim rather than just being ‘annoying’?
Has anyone else received emails from these fake customers, I deleted about 5 today?
I hope everyone who is having this issue is onto Shopify Support on a daily basis until they fix this issue.
Jason, what is your suggestion then?
Apps and custom code won't stop spam bot registrations. They certainly may help, but it's important to have proper expectations set.
For those getting hit with small time bot attacks these can be approaches worth looking into:
Why apps or custom code is not a 100% bulletproof approach is that the endpoints for registration/contact are public. This means you can post code to those urls directly skipping any code/tool you have in place.
For apps processing the form elsewhere they can be skipped entirely. More sophisticated bot attacks will not use the actual form for data posting, and they will also have a series of detection processes in place - like IP cycling.
The approach for those here would vary based on the issue you're facing.
Any ideas what we can do?
Is it possible to let them setup the account then automatically delete it if it has the credentials i mentioned above?
alternatively is there a way to say that the account can only be setup if the request came from my stores register url?