Thousands of spam customers

[gl636474]

The Manage Customers table is full of entries like:

ID	Name	Email	Group
17337	Jessie and Maria are waiting for you http:// redacted .ru/away.php?to=https:// redacted .webself.net	yuri_ redacted _maciel@hotmail.com	General

Actual links/emails redacted to avoid giving the spammer the credit by linking to his/her site.

See attached image:

[gl636474]

These were created by a bot using the frontend "Register" buttons/links. Need to activate a CAPTCHA or similar.

[gl636474]

To enable CAPTCHAs:

1. System -> Configuration -> Customers / Customer Configuration -> CAPTCHA
2. Enable CAPTCHA on Frontend = Yes
3. Select (highlight) the following:
   • Create user (the button on the login or create user page)
   • Forgot password (page reached by clicking any of the Forgotten Password links)
   • Register during checkout (last item of personal details if this cart checkout method chosen)
   • Share wishlist
   • Email product to a friend
4. Display mode always
5. Symbols Used in CAPTCHA = [ different to default ]
6. Case Sensitive = Yes

The following options are deselected so are unprotected by CAPTCHA:

• Login - this function requires valid username and password so not so susceptible to spammers. Also the login form looks confusing with the CAPTCHA field as well.
• Checkout as Guest - this function ultimately requires a credit card payment so is protected that way. Any future bank transfer/cheque method must be protected by some method (e.g. only shown to trusted users).

[gl636474]

Will have to use SQL to delete the 17,000+ spam users. This is too many for a single Magento transaction.

[gl636474]

See 2 mass customer delete methods: https://community.magento.com/t5/Magento-1-x-Admin-Configuration/How-do-i-delete-6000-customers/td-p/43592

[gl636474]

The following SQL cascaded the delete to the EAV attribute tables etc:

DELETE FROM customer_entity WHERE ...