We are getting every day between 5-10 spam signups. For each signup the login, first and last are identical and then some made up email address: For example: Login: gaiscuiduatet, Name: GAISCUIDUATET GAISCUIDUATET, Email: darttdietze@hotmail.com Login: lemalypestose, Name: LemaLypestose LemaLypestose, Email: osleselegpr@hotmail.com The signup is for a paid product, so they don't finish it and the order shows as pending, but still we have to delete them manually. We were using ReCaptcha brick to stop them but it didn't help. When I asked support about it they said we should enable Random Question brick which we did but it is still happening. When asked again they said it's because we do have some custom forms without the Captcha/Question brick. However, that answer doesn't make sense, since the spammer are always trying to signup for only that one product, which DOES have that brick activated. Any ideas how to stop those fake signups? Anynone else has this problem? This started happening right after we switched from Amember v3 to v4.
I think a lot of us get those. I had the same problems trying to stop them. I still get them occasionally, but what stopped most of them was banning email addresses with a .ru or .pl extension from being able to sign up. It won't help with the hotmails or gmails, but it did stop the majority that I was getting. It would be nice if we could block anyone who signed up with an identical first and last name.
Hi Menspsy, I've created a spambot blocker plugin to handle this which you might find useful. Cheers Rob
Hi Robw, Purchased a copy of the Spam Blocker plugin yesterday. Its working great. I'm just using the honeypot and double name settings, and they're doing the trick.
@stuartcindy - thanks for feeding back, really appreciate that. Those are the two settings I use on my sites too. Kills the vast majority, doesn't it @hilary - No, sorry, it doesn't do any cleanup - it's preventative only!
My question is... WHY are these people or bots creating these spam accounts???? They always choose the authorize-cim payment option, never try to make a payment by entering a credit card, and I end up with a pending invoice. Why do you even call them spam signups? It doesn't even seem like they are trying to sell me anything. I think they are looking for some kind of vulnerability in the system. Or maybe they figured out a way to use my authorize-cim API to run their stolen credit cards using a different authorize.net account? What do you think?
Maybe they're contact form spam bots, and end up submitting a few thousand non-contact forms along the way? Or trying to join a forum?
I'm still trying to figure out why so many years later there is no option in Amember that allows us to make sure a payment is made before a user account gets created. No payment no user created would be much easier.
@onadeathstar some of payment systems support option "Payment system upfront of aMember" https://docs.amember.com/docs/How_It_Works#payment-system-upfront-of-amember