case-study

Today’s technology-driven world we all need to get security and protect the site against future attacks. We all love spambots, don’t we? They really support us to improve our sites. Sometimes there was a situation with one of our clients being hit by a spam bot that generated dozens of customers’ accounts daily. Let us show with the help of Website Development Company, how to get rid out of them.

How the Problem Started

Here, one person asks: “Why there wasn’t any validation on the registration form? ”. Well, in past things were functioning smoothly for a couple of years, so there wasn’t a need for one. The problem has occurred a few times ago until it was recognized. Here initiate individually in the situation where spam customer account has to recognized, deleted, and prevented from registering again.

Complete Examination

When it’s time for the detailed examination of the customer grid, it was instantly clear this wasn’t going to be easy. Any store there are many accounts with different names, emails, and addresses. Assumes that at the time, nearly 30000 accounts were registered. Going through the list and delete them manually was not an option. It would take more time to open each account, examine it, and decide whether it’s a spam account or real customers. It has to be complete with the script.

Identity Possible Patterns

No straightforward way of properly recognizing spam customer accounts. In order to delete them programmatically, you have to take care that you’re not going to delete a real customer. Because it would be a very unpleasant situation for a customer to be unhappy, but every connection to his/her orders would be lost.

So, constructing a way to recognize only spam customer account would be in a few steps.

  1. Flow-through a reasonable number of spam accounts and write down the most repeating equivalence between them.

Account Example:

maksim.sakevich@yandex.ua, DouglasPhem DouglasPhemDU

meme123@ccxpnthu2.pw, Ronaldtrek RonaldtrekWI

lesha.gorodnitsyn@mail.ru, VladimirCrOp VladimirCrOpAN

ra.um@mail.ru, Somfum Димас

Magento code is as follows:

$customers = Mage::getModel(‘customer/customer’)
    ->getCollection()
    ->addAttributeToSelect(‘*’)
    ->addAttributeToFilter(
        array(
            array(‘attribute’ => ’email’, ‘like’ => ‘%.ru’),
            array(‘attribute’ => ‘lastname’, ‘regexp’ => ‘[a-z][A-Z]{2}’),
            array(‘attribute’ => ‘firstname’, ‘regexp’ => ‘[0-9]’),
            array(‘attribute’ => ‘lastname’, ‘regexp’ => ‘[0-9]’)
        )
);

  1. Attempt to load addresses for each account

Here, the first phase should do the trick. But to be sure that no original data will be lost from Magento, this additional step will be applied. This specific spambot was unable to register and login to the site. It only created the number of accounts. So, all of those accounts didn’t have any address associated. If any account with address, it shall be skipped from deleting.

foreach ($customers as $customer) {
    $customerAddresses = $customer->getAddresses();
        if ($customerAddresses) {
            continue;
        }
}

  1. Make sure that if there any orders for each account.

Most probably the real account when there is an order associated with a customer account it shall also be skipped from deleting.

foreach ($customers as $customer) {
    $customerOrders = Mage::getModel(‘sales/order’)
        ->getCollection()
   ->addAttributeToFilter(‘customer_id’, $customer->getId())
   ->load();
  if ($customerOrders->count()) {
            continue;
        }
}

Some specific case, the filter had to be very carefully set because there are real customers on the site whose names are written in capital letters. Before removing customer account, it is pure to written in the log file. After all the criteria check spam customer accounts can be deleted simply by calling $customer->delete() function in a loop.

Conclusion:
In any websites, there are numbers of different spambots out there, so there is no easy and certain way of deleting accounts from the website once they are registered. With the help of Custom Web Development team, you must be examined manually, and pattern shall be defined accordingly. So, the rest of the spam accounts are not so difficult to delete manually.