[FREE MODULE] User Verification - Block Spam Accounts

[endriu107]

This is very first version of the module, it will be developed and new verification options will be added. Currently, the module only checks two things, it compares name and surname. If both are identical, it does not allow you to create an account in the store. Module aslo check letters in firstname and lastname, if it's unusual it will also block spammer to create account.

 

Accounts like below will not be created in store.

 

***New version 1.0.1***

in version 1.0.1 there is new option checking letters, lowercase and uppercase.

Firstname or Lastname like: mcdonald, Mcdonald, McDonald, MCDONALD, mCDONALD, mCdONALD are valid and allow to create account, but Firstname or Lastname like: McDoNald, mCdOnALD, MCDonald, McDonalD etc. aren't valid and user can't create account.

It also should block account like that:

 

***New version 1.0.2***

In this version was added verifictaion for firstname and lastname that their are same even then some letters are lowercase or uppercase in fistname and not in lastname.

Before user with first and last name like: Andrew andreW was able to create account, now he will be blocked.

 

If you have any suggestions for validating a customer account, please post below. All suggestions will be considered and the best ones implemented into the module.

It should work with prestashop 8.X and lower like 1.7.8 not tested with lower version then 1.7.7

***New version 1.1.1***

Added configuration page to module.

 

wfeuserverification1.0.0.zip

wfeuserverification1.0.1.zip

wfeuserverification1.0.2.zip

Version 1.1.0 and newest was not tested, you install it on your own risk!

wfeuserverification-1.1.0.zip

wfeuserverification-1.1.1.zip

[endriu107]

***New version available 1.0.1***

in version 1.0.1 there is new option checking letters, lowercase and uppercase.

Firstname or Lastname like: mcdonald, Mcdonald, McDonald, MCDONALD, mCDONALD, mCdONALD are valid and allow to create account, but Firstname or Lastname like: McDoNald, mCdOnALD, MCDonald, McDonalD etc. aren't valid and user can't create account.

It also should block account like that:

 

 

Module available for download in first post.

[Jontee]

Hi!

Many thanks for this free module!

Does it work with the latest PS 8.1.2?

I am having some issues with receiving several emails per day to the shops email inbox, they all have the subject:

Undeliverable: [PRESTASHOP WEBSITE NAME] Email verification

It seems that bots are trying to register or "something" but their email addresses are not valid, so they cannot verify. Maybe it has to do with the newsletter module?

Best regards,

[endriu107]

Yest it should work on prestashop 8.1.2.

In Log tab you can check what controller try sent those emails.

[metacreo]

Have fun with bots I defeated them a month ago with small controller override. I feel sorry for people who can't do anything about it. I advise you to check for a bot and not for your first and last name. At first, check $_SERVER variables, USER_AGENT... etc... then make table with IP/email deny. Good luck.

[endriu107]

Probably in next release will be added DB logger with firstname, lastname, email address and IP address. I consider to add two buttons one with add IP to blacklist and second button with create account action, that in case when validation will block real user for some reason.

Using USER_AGENT can help but it is not perfect solution, spammer can easli manipulate it.

[metacreo]

Most of bots never use user_agent and headers like Accept-Language, no referrer, no PHPSESSID in cookies etc... Based on headers and $_SERVER vars and cookies you can filter up to 99 percent of bots... Just create script-logger on production who logs headers, server and cookies and analyze logs...

I write bots myself and also successfully escape from them))) and believe my many years of experience: it is completely impossible to completely protect yourself with a module, if no hooks for this. All that remains is to use overrides. But of course, the module can weed out most bots.

[endriu107]

***New version 1.0.2***

In this version was added verifictaion for firstname and lastname that their are same even then some letters are lowercase or uppercase in fistname and not in lastname.

Before user with first and last name like: Andrew andreW was able to create account, now he will be blocked.

 

Module available for download in first post.

[Prestafan1234]

One of my shops is receiving a lot of fake newsletter subscriptions where I get bounce mails with errors such as this:

[email protected]>: host gmail-smtp-in.l.google.com[142.250.107.26]
    said: 550 5.2.1 [ERN] Recipient is receiving email too quickly. (in reply
    to RCPT TO command)

(I have replaced text before @gmail.com). The module does not prevent this, as all email addresses are legit i.e. different gmail.com accounts.

So this is just to inform poster Jontee that the module will not resolve this.

[endriu107]

My module only protect customer account create form. For protecting newsletter you need other solution.

[ChillMan]

Thanks for sharing! So far works as expected in PS 8.1.3 🙂

[Altsat]

It do'nt work, I have PS 1.7.4.3

[endriu107]

Module use hook that is available since prestashop 1.7.1 so it should work. Can you provide more information about it, is there any information when you try create account using incorrect data?

[Altsat]

I'm still getting bot created account and orders in cart.

[40hertz]

Thanks for the module, it did help us too.

Edit: unfortunately there seem to get some names trough:

Edited April 11, 2024 by 40hertz
new development of issue (see edit history)

[templeofdesign]

I just wanted to check if this module was still available anywhere? Looks to be exactly what I'm after, as our website has recently started to get hit daily with spam users using this kind of configuration with upper and lower case first names and surnames.

Would be great to get a copy of the module though, as it currently says it's now seems unavailable sadly!

[endriu107]

@templeofdesign only active user can download attachments on forum.

[templeofdesign]

Ahh awesome! Of course, I've just seen that now that I'm finally a user on here that the download is available! Thank you for that and apologies for the amateur question!

Hopefully this should do exactly what we need in terms of stopping those bots... thank you for the effort in this!

[tomdebeyer]

great! thanks for your work -> seems to work for me 🙏

[templeofdesign]

I can also confirm this is working very nicely on my 1.7.8.10 install.. Pretty much completely stopped the latest incarnation of bot nonsense! Thank you for the efforts on this module so far!

[Antracit]

Many thanks for the module, it really works. Last time it was a big problem with a spam boot registration.

[vincent duchene]

Merci beaucoup pour ce module. Je subit depuis quelques jours ce genre de choses et même après avoir payé un module à presque 80€, le problème persiste. Je viens donc de l'installer et en voulant faire un faux compte ça semble bien le bloquer. Reste à voir dans le temps si ça continue à faire son effet. En tout cas merci beaucoup.

[gnassia laetitia]

Bonjour je viens d'installer ce module mais je ne sais pas encore si cela va régler mon problème, j'ai eu 54 fausses inscriptions hier (avant installation).

En attendant merci pour ce développement et partage. 

[vincent duchene]

43 minutes ago, gnassia laetitia said:

Bonjour je viens d'installer ce module mais je ne sais pas encore si cela va régler mon problème, j'ai eu 54 fausses inscriptions hier (avant installation).

En attendant merci pour ce développement et partage. 

Bonjour Laetitia, perso depuis je n'ai plus du tout de fausses inscription et je suis avec la version 1.7.8. Visiblement j'ai encore des tentatives car j'ai toutes les alertes via mon hébergeur de mail, mais aucunes inscriptions ne passe et ça fait du bien

[zanpo]

Thanks for this module, really appreciate it. Helped my store and working fine on PS 8.1.7

[Don Cappello]

Thank you for this nice modul.
It works nice with Presta 8.1..7

Domenico

[rachel01]

Hello

 

Have you an idea why it's not working on my website ?

https://maeva-nice.com/

Thanks

[endriu107]

What prestashop version you have?

[rachel01]

4 hours ago, endriu107 said:

What prestashop version you have?

1.7.6.5

[gnassia laetitia]

Hello, 1.7.8.8

[endriu107]

16 hours ago, rachel01 said:

1.7.6.5

Module was not tested on prestashop version lower then 1.7.7 and there could be some issues on prestashop side.

 

4 hours ago, gnassia laetitia said:

Hello, 1.7.8.8

On this prestashop version module should work fine, did you have any issue?

[rachel01]

19 hours ago, endriu107 said:

Module was not tested on prestashop version lower then 1.7.7 and there could be some issues on prestashop side.

 

On this prestashop version module should work fine, did you have any issue?

Thank you, so there is no solution for my version ?

[Thierry L]

Le 10/01/2025 à 9h50, rachel01 a dit :

Thank you, so there's no solution for my version?

Hello,

Yes, there is a solution — and it’s highly recommended: update your old version of PrestaShop.

Why should you update PrestaShop 1.7.6.5?

If your store is still running on PrestaShop 1.7.6.5, it’s time to upgrade to the latest 1.7 version — or better yet, to PrestaShop 8. Here’s why:

Security: Outdated versions no longer receive updates, making your site vulnerable.

Performance: Newer versions are faster, more stable, and better suited for large catalogs.

Compatibility: Modules and themes evolve. Without updates, you risk bugs or incompatibilities.

New features: Modern tools to boost your sales and attract more customers.

Compliance: Stay aligned with legal requirements, such as GDPR.

Updating ensures your store remains secure, high-performing, and future-proof.
Don’t wait — waiting will only make the process more complicated!

Edited June 13 by Thierry L
translate (see edit history)

[endriu107]

@Thierry L this topic is in english forum section, please write in english.

[endriu107]

@rachel01 I will not see any reason to free support this module for old prestashop version. You better should update your store at least to 1.7.8 there was few security updates

[alienrat]

Is this compatible with PS 8.2.0? Should I get the latest version from your website? Thanks

Edited January 15 by alienrat
typo (see edit history)

[endriu107]

Yest it is compatible with 8.2.0 in first post is newest version.

[alienrat]

8 minutes ago, endriu107 said:

Yest it is compatible with 8.2.0 in first post is newest version.

Thank you, I'll give it a try, the fake accounts are getting a little bit much today!

 

[alienrat]

1 hour ago, endriu107 said:

Yest it is compatible with 8.2.0 in first post is newest version.

Hi, I've installed it and tried to create a fake account and I was able to. Is there anything I need to do after I install it? In my module manager it looks like this, so it looks like it's already set up and running:

 

[endriu107]

Can you show what firstname and lastname you use?

Also can you check is module in actionSubmitAccountBefore hook?

[alienrat]

1 hour ago, endriu107 said:

Can you show what firstname and lastname you use?

Also can you check is module in actionSubmitAccountBefore hook?

I just typed random letters and I've deleted the account afterwards, but i don't seem to have had new spammy emails or fake accounts since I installed it.

"Also can you check is module in actionSubmitAccountBefore hook?"
I don't know how to do this sorry

Anyway I think it is working, time will tell. Thank you for the module

[DARKF3D3]

Hi @endriu107, first of all thanks for this module.

I think it could be usefull a simple configuration page where you can decide which restriction enable.
This because for example on my shop sometime customers register with same firstname and lastname, but they're not bot.

So something like:
[checkbox] Check for abnormal use of upper and lower case letters (for example MdAVsEs)
[checkbox] Check for same firstname and lastname
[checkbox] Something else...

Seeing spam subscription I'm receiving it could be useful also a check for name that contains 3 or more consonants in a row.

[endriu107]

Hi @DARKF3D3 I will consider to add this option in next update.

[DARKF3D3]

Thank you

[DARKF3D3]

Just an example of spam customer just registered today:
   firstname: CAAEwAXYZNLU
   lastname: kozZYtjxr

 

Only an example of when it could be useful a filter for names that contains 3 or more consonants in a row.

 

 

 

Edited January 20 by DARKF3D3 (see edit history)

[alienrat]

10 hours ago, DARKF3D3 said:

Just an example of spam customer just registered today:
   firstname: CAAEwAXYZNLU
   lastname: kozZYtjxr

Only an example of when it could be useful a filter for names that contains 3 or more consonants in a row.

 

 

 

That might cause a problem if you have customers with names like McKenna, McCormick, McMahon, Archer etc Maybe 4 or more?

[DARKF3D3]

Yes, I hadn't thought of that because in Italy (I'm Italian) there are no names with three consonants in a row.
So probably 4 will be better than 3 because prevent to block legit names like the one you wrote.

 

 

 

[endriu107]

@DARKF3D3 what prestashop version you have?

[DARKF3D3]

@endriu107 8.1

[endriu107]

In first post I added newest version 1.1.0, this version was not tested at all. It should add configuration page, and there is also few small changes in code.

[DARKF3D3]

@endriu107 Thank you, I just installed in on a test website.

A couple of questions... "Firstname and lastname capital letters count MAX" consider consecutive or total consonant letters?
What it is supposed to do if you leave this 2 fields empy? It ignore that check?

[endriu107]

It count all capital letters in firstname or lastname. If you want ignore to check this just switch to NO option "Check how many capital letters".

[DARKF3D3]

Thank you, I had read it wrong... I thought the last 2 fields were for consonants and not for capital letters. Now it is clear.
What value did you use in the previous version of the module? 4 capital letters or more?

 

 

 

[endriu107]

There also was 2 letters but there was some useless code that might have some incorrect behaviour.

[DARKF3D3]

I think there could be a problem with this last version.
Enabling "Check how many capital letters" break the feature of the previous version of the module where a name like MCDONALD was considered valid.

For example: If you set max 4 capital letters, the module no longer distinguishes between MCDONALD and mCdOnALD, and block both them.

[endriu107]

Just added newest version 1.1.1 that should fix it.

[DARKF3D3]

Just tested it, I confirm that now works correctly. Thank you so much!
I don't want to take advantage of this, but for future updates you might consider adding the possibility to translate error messages from the back office.
Actually from translation page you can find only the B.O. text of the module.

[alienrat]

I've just installed 1.1.1 thank you

Before installing it, I had 1.0.2 and I had a couple slip past, including one with mostly lowercase names ddvmwBXv dqbxglrC - how can this be got round? Did you add 4+ consonants in a row in v1.1.1?

 

 

[skijump]

@endriu107 appreciate the module! Worked right away on PS 8.2 :)

[skijump]

One possible improvement? In the module config, allow the user to change the "error" that results on registration if too many capitals are used. "Change your lastname" isn't a descriptive error for a human but chances are a lastname won't have more than 2 capital letters so not a huge deal.

[zanpo]

I am using v1.1.1 of the module, on PS 8.1.7, and still getting spam accounts, any idea why?
Using only 1 capital letters doesn't help.
Also they now are tricky and use "Hello", "MyName", or "TestUser" to pass.

[Thierry L]

Hello,

Possible improvement?

I’m using this module to prevent the overuse of uppercase letters in the “first name” and “last name” fields on the registration page.
Currently, the module doesn’t block entries where the entire name is in uppercase, like DUPONT or MARTINE. It would be really helpful if it only allowed one uppercase letter at the beginning, like Dupont or Martine.

Do you think this would be a relevant improvement? Enforcing proper casing improves readability, aesthetics, and adherence to web standards.

Thank you in advance for your feedback !

[DARKF3D3]

I think this way you risk blocking legit users. On my store it happens that some customers register by writing everything in capital letters.
However, if it is an additional option that can be switched off, it can also be implemented.

[Thierry L]

il y a 15 minutes, DARKF3D3 a dit :

I think this way you risk blocking legit users. On my store it happens that some customers register by writing everything in capital letters.
However, if it is an additional option that can be switched off, it can also be implemented.

Yes, I’ve actually thought about that. On my clients’ stores, there’s already a warning asking users not to write everything in capital letters. That said, having the option to automatically prevent all-uppercase input, with a warning message explaining not to do so would be useful. Of course, this feature could be optional and disabled if needed, to avoid blocking legitimate users.

[alienrat]

@endriu107 The module worked really well until recently, there seems to be a change in the names, maybe they are catching on to the blocking rules, but it seems like all the ones I got in the past few days - and there were a lot of them - most have both names containing 8 or 9 consonants and 1 or 2 vowels, all lowercase. So the uppercase rule no longer blocks them. Is there a way to maybe set a ratio of vowels per consonants?

The names I am getting at the moment are like
foqrlysumg ntzlnnsqkg
fxmsjjlmhy gtrujmjstp
oqrlysumg ntzlnnsqkg
osrgffgpjn uyoxwihnpk

 

[endriu107]

This is from your case:

foqrlysumg - 10 sign, 3 vowels
ntzlnnsqkg  - 10 sign, 0 vowels
fxmsjjlmhy - 10 sign, 1 vowels
gtrujmjstp - 10 sign, 1 vowels
oqrlysumg - 9 sign, 3 vowels 
ntzlnnsqkg - 10 sign, 0 vowels
osrgffgpjn - 10 sign, 1 vowels
uyoxwihnpk - 10 sign, 3 vowels

 

This are real firstname and lastname that user have:

Strzbrnyk  -  9 sign, 1  vowels  
Trzciński  -  9  sign, 2 vowels
Brzostryk -  9  sign, 2 vowels
Krzyżanek  -  9  sign, 3 vowels 
Tschrnsky  -  9  sign,  1 vowels
Krzysztof -   9 sign, 2  vowels
Brtislav  -  9 sign, 2 vowels
Schrnkopf  -  10 sign, 1 vowels
Thrnblstk  -  10 sign, 0 vowels
Blytzkrag  -  9 sign, 2  vowels
Grbndsson  -  10 sign, 1 vowels 
Wrzstynyk  -  10 sign, 1  vowels

 

As you can see, there's no difference between false and true names in the number of vowels or consonants.

What you're asking is possible, but I don't see how anyone could implement and use it without compromising the registration process.

[alienrat]

32 minutes ago, endriu107 said:

This is from your case:

foqrlysumg - 10 sign, 3 vowels
ntzlnnsqkg  - 10 sign, 0 vowels
fxmsjjlmhy - 10 sign, 1 vowels
gtrujmjstp - 10 sign, 1 vowels
oqrlysumg - 9 sign, 3 vowels 
ntzlnnsqkg - 10 sign, 0 vowels
osrgffgpjn - 10 sign, 1 vowels
uyoxwihnpk - 10 sign, 3 vowels

 

This are real firstname and lastname that user have:

Strzbrnyk  -  9 sign, 1  vowels  
Trzciński  -  9  sign, 2 vowels
Brzostryk -  9  sign, 2 vowels
Krzyżanek  -  9  sign, 3 vowels 
Tschrnsky  -  9  sign,  1 vowels
Krzysztof -   9 sign, 2  vowels
Brtislav  -  9 sign, 2 vowels
Schrnkopf  -  10 sign, 1 vowels
Thrnblstk  -  10 sign, 0 vowels
Blytzkrag  -  9 sign, 2  vowels
Grbndsson  -  10 sign, 1 vowels 
Wrzstynyk  -  10 sign, 1  vowels

 

As you can see, there's no difference between false and true names in the number of vowels or consonants.

What you're asking is possible, but I don't see how anyone could implement and use it without compromising the registration process.

Ah I see, I didn't know, I guess in certain countries it would be ok, for example, I only trade in one country and most my customers have english, french or hispanic names, so I suppose that explains why I have not encountered names with so few vowels. I guess I will have to look into captcha or something because for now I had to turn off email confirmations as I have too many and I don't want to end up with my shop being blacklisted for sending out spam. 

Thank you for your reply tho!