I have customized NopCommerce site on 2.6 v. I found that someone is spamming bots on my site. They are registering fake customers with company name with "google". First name and last name is meaningless. I had deleted all those earlier but some how they had registered again.
Even I had set recaptcha on register page and login page . My customer register method is "Email Validation". I don't know why this is happening? Lots of fake customers had been registered as company name google.
Daily i get hundreds of customers
I tried the following code which i got from https://www.nopcommerce.com/boards/t/20176/urgent-regarding-fake-customers-registration.aspx
They are using "honeypot" technique and found it to be pretty effective.
I Add a string property to register and login model
public string Honeypot { get; set; }
and a hidden input field in login and register views.
@Html.TextBox("Honeypot", null, new { style = "display:none" })
Then in your controller validate it with something like this:
bool botAttack = Request.Params.AllKeys.Contains("Honeypot") && !String.IsNullOrEmpty(Request.Params["Honeypot"]);
if (botAttack)
{
ModelState.AddModelError("HoneyPot", "You are a robot spammer. Get Lost.");
return View(model);
}
Above code is not working...
How can I stop this?
Also they are using different IP address and their last visited page is register page. And their Email address starts with caps
Please help me to solve this problem...!