Remove and avoid spam registrations (bot accounts / user account flooding)

Shopkeepers and online businesses of all sizes are exposed to attacks from third parties more and more - be it through hackers trying to gain access to the systems, spam senders who want to send masses of (advertising or other) emails or even unfair competitors. Shopware already offers important functions that make their efforts more dificult, e.g. captchas or honeypot precautions that you can easily activate in the Shopware settings. However, there are further weaknesses that cannot be addressed completely within the default configuration, and, as a result, for which further steps are necessary.

Enormous numbers of registrations for customer accounts with nonsense personal data entered can be observed in both larger and smaller shops. The email addresses that are used for this are often real mailboxes, but do not belong to the attackers but to uninvolved third parties. The goal of the attackers in these cases is to not just generate database garbage and higher loads on the server. They use the registration and "forgot password" functions to generate mass e-mails which are sent from your shop. As soon as the third party recipients of these emails mark them as spam messages, large email providers can block emails from you as well as your shop server could be entered on global spam block lists. This leads to legitimate emails from your shop no longer getting through to you and your customers. You and the customers will then no longer receive any information about new orders as well as order confirmations or newsletters.

Once such a problem has been identified, unfortunately it's not enough to prevent future registrations. Because of the spam accounts that have already been created, unwanted emails can still be generated in large quantities using the 'forgot password' function in your shop. This is why we recommend not only to exclude future registrations from spam bots, but to also identify the existing spam accounts in your database and get rid of them.

Our plugin covers both of these functionalities. You can exclude spam registrations as far as possible by using the filter rules you have defined for the first and last name as well as the email address. With a convenient overview window in the Shopware backend, you can identify existing spam customer accounts and delete them easily with only two clicks by batch processing. Using a whitelist, i.e. a list of permitted terms and patterns, you can prevent "false positives" from being hit, that is, legitimate customers being prevented from registering. Since the plugin not only extends the registration form, but also the internal customer account validation of Shopware, you will be able prevent spam registrations even if customer accounts are imported from third-party systems via the Shopware REST API.

The filters for blacklists and whitelists are configured in the form of regular expressions. After installation, you will automatically find a small sample configuration which you may expand to meet your requirements. If you would like, we would be happy to provide you with further information on what the supplied blacklist configuration is for and which entries in the whitelist prevent, for example, improperly entered company names and certain names from the Scottish, Arabic, Italian and Spanish areas from being rejected. Simply contact us by opening a support ticket in your Shopware account or by writing an email to info@stuttgartmedia.de. Please understand that we do not offer a comprehensive set-up service beyond the usual support regarding bugs, technical errors and questions.