Fake customers registering to the website.....!!!

I have customized NopCommerce site on 2.6 v. I found that someone is spamming bots on my site. They are registering fake customers with company name with "google". First name and last name is meaningless. I had deleted all those earlier but some how they had registered again.

Even I had set recaptcha on register page and login page . My customer register method is "Email Validation". I don't know why this is happening? Lots of fake customers had been registered as company name google.

Daily i get hundreds of customers

I tried the following code which i got from https://www.nopcommerce.com/boards/t/20176/urgent-regarding-fake-customers-registration.aspx

They are using "honeypot" technique and found it to be pretty effective.

I Add a string property to register and login model

public string Honeypot { get; set; }

and a hidden input field in login and register views.
@Html.TextBox("Honeypot", null, new { style = "display:none" })

Then in your controller validate it with something like this:

bool botAttack = Request.Params.AllKeys.Contains("Honeypot") && !String.IsNullOrEmpty(Request.Params["Honeypot"]);
            if (botAttack)
            {
                ModelState.AddModelError("HoneyPot", "You are a robot spammer.  Get Lost.");
                return View(model);
            }

Above code is not working...

How can I stop this?

Also they are using different IP address and their last visited page is register page. And their Email address starts with caps

Please help me to solve this problem...!

hi this will help you to make your user registration more secure.

http://www.elaamart.com/boards/topic/15/how-to-avoid-fake-customer-registration-on-a-website

Have you enabled CAPTCHA?

CAPTCHA is only send captchavalid as true or false to the server. so the user hack it very easily.

http://www.elaamart.com

rajysh wrote:

Can you be more specific?  What exactly is not working?

Also, it is unnecessary to look up the key value.  Just use the model value.  Finally, try naming your property "Phone" or "Email2".  Bot's scan for these types of field labels and autofill them.

t

elaa1979 wrote:
I don't think it's possible. Have a look at \Presentation\Nop.Web.Framework\UI\Captcha\CaptchaValidatorAttribute.cs file. It makes all required validation to reCAPTCHA site to validate entered picture value

i have the same problem.
in a day more than 100 fake registration.

is possible use a form control in file registration.cshtml for read the thelephone number ( normally for fake reg is 123456 ) or company name is google

if telephone number =123456 or company = google
immediately redirect at another web site.

plese help me !

potyno wrote:
think that the "honeypot" technique described above and in the given link should be much more effective than what you propose.

I'm having the same issue.  Why do you think people are registering if there is nothing they can really do?

Why don't you enable CAPTCHA? It should prevent fake customer registrations. Note I mean fake customer registrations and not creating of guest customer records.