Prevent Spam Account Registration

We went through the same problem, the front maxlength limitation was bypassed easily (try it yourself by removing the maximum-length-25 class from html).

So here are what I found :

  • Solution 1 : Blocking via IP : each account subscription use a different IP from Colombia to Vietnam...

  • Solution 2: Blocking via User agent : it can be faked... It works if you want to limit crawlers blots.

  • Solution 3: Use HoneyPot : may works, but if the bot already focused you, I think it surely knows which fields to post (see: https://magento.stackexchange.com/a/104261/50635)

  • Solution 4: Captcha (Magento or Google) : may works but some people said it was overpassed

  • Solution 5: Edit email template and Add the confirmation email :

    • Removing input data such as {{var customer.name}}, {{var customer.firstname}} from the /app/locale/[locale]/template/email/account_new.html template can prevent a bit being marked as spam.
    • Add the email confirmation : System > Configuration > Customer Configuration > Require Emails Confirmation > Yes
  • Solution 6: Update fields limitation rules from database : directly in the customer_eav_attribute table, update rows with attribute_id=5 [firstname] and attribute_id=7 [lastname] and replace 255 by 25 :

    • a:2:{s:15:"max_text_length";i:255;s:15:"min_text_length";i:1;}
    • by : a:2:{s:15:"max_text_length";i:25;s:15:"min_text_length";i:1;}

Solution 6 seems the fastest and the more effective way to prevent spambots, as they are using more than 25 characters.

Since then, NO MORE FAKE ACCOUNT were created! Problem solved.


If they try with less, it will at least restrict them in their phishing attempt.

You can check how many users already have a firstname or lastname over 25 characters, in our case, really minor :

SELECT ce.entity_id, ce.email, cev2.value AS firstname, cev3.value AS lastname
FROM customer_entity ce
-- first name
INNER JOIN customer_entity_varchar cev2 ON (ce.entity_id = cev2.entity_id AND cev2.attribute_id = 5)
-- last name
INNER JOIN customer_entity_varchar cev3 ON (ce.entity_id = cev3.entity_id AND cev3.attribute_id = 7)
WHERE CHAR_LENGTH(cev2.value)>25 or CHAR_LENGTH(cev3.value)>25

For more information why these fake accounts are registered, read here : https://magento.stackexchange.com/a/240710/50635