Spam in the inbox. Bots.
Our client recently had a sudden email attack sent from a store built in the Magento 1.9 technology. The number of approximately 5 mails per minute caused a lot of confusion in his shop, so he needed an urgent response from our side.
Bots built in various corners of the world attack all websites that contain forms for sending emails. For what they do this, it remains a mystery to me, but let’s leave this philosophical aspect of the programmers activity, and let’s focus on ways to solve the problem.
Forms in Magento
Magento 1 has no built-in control of shipments from forms. When I write a “form”, I mean all those places where the user can enter an email address to get something for it. This way, you can subscribe to the newsletter, can make purchases and give your contact details, or maybe just send your own inquiry to the store.
The talented programmer
Imagine that in a small village on the northern edge of the globe, some capable programmer writes a program that will automatically enter such forms and use them to send emails with content that persuades to vote for Donald Trump (this is my personal statement). Recipient of e-mails, which in our case is a contact cell in a large online store, does not feel like exploring the political situation in the US or anywhere else. The shop wants to sell the products, and a massively littered box makes it very difficult. Then what?
Captcha and reCaptcha?
The most popular and effective solution to protect the mailbox from mass mailing remains the Captcha. It has many forms, the most annoying for me is to recognize road signs or storefronts in the photo. Fortunately, the invisible Captcha modules are becoming more and more popular. In those modules you can see the square sign just at the moment you submit the form. You don’t have to recognize anything anymore 🙂 The module itself recognized whether the message is sent by a robot or a legitimate user. Were there any doubts – the Captcha will return questions about road signs, because these – for now – can only be recognized by a human 🙂
(By the way: Did you know, that these photos and work of millions of people searching for specific landscape elements supports the program of automatic cars? By clicking on the photo “we teach” cars – including those designed and tested by Google – the proper recognition between, for example, pedestrian crossings from other horizontal signs. In this way, the robot chases the robot… Protecting ourselves against spam sent by a robot built in the northern end of the world, we teach other robots how to safely drive a car. Those Captchta tools are called reCaptchta, as they are used to digitalise the real world.).
Looking for the reason of spam sending
As I mentioned, our client had a problem with the mass of e-mails, but … The forms in this customer’s store were secured! CAPTCHA worked properly, and this gave us food for thought. The client’s mailbox grew several hundred e-mails every hour, and for a few moments we did not know how did it happen, that they were sent…
Since you’ve looked at the Pandagroup blog dedicated to Magento issues, you’re probably a committed Magento user. If so, you probably use Mandrill and Mailchimp. Our Mandrill screen showed a long series of such rows:
What can be seen from this? That the robot of a talented programmer from the northern edge of the globe entered the page with the wishlist repeatedly and shared it every 8 seconds.
Captcha modules does not include the wishlist by default. Therefore, we had to enter the magento admin and insert a new rule:
Magento → System → Configuration → Google Invisible Captcha → Advanced Settings
The plug-in worked immediately, and the sudden soft murmur on the inbox was a marvelous silence from the scream of a crazy programmer from the northern edge of the globe.
We recommend using Captcha to control the sent correspondence and monitor user involvement by the Mandrill and Mailchimp modules. These are useful tools, and in the event of an attack – necessary for the store to function properly.
The far northern part of the globe
We have nothing against the far-north programmers, directly opposite: we like them! We wrote the post including such an anonymous person, to remind ourselves that the internet world is really a global village…