Our v2 csc website is experiencing the same, but only a few each day.
Ive taken to blocking the IPaddress range in "Store Access" which seems to have helped.
Also, when a Bot registers, I dont delete the user, but instead disable it, thus any bot trying to register/sign in using the same email/username should get the "account disabled" message, and no email notification to the fake email address is sent.
I also change the password as an extra step, but theres always a new IPA to block the next day, so its quite time consuming.
We will at some point update to v4, but it would be great if CSC had some addition protection against Bots rather than just the stupid Goggle reCature.
Like an automated system that detected certain patterns:
- List of company blocked names,
- Test for duplicate text in firstname lastname, address, etc
- Different levels of blocking. some requiring approval by admin, some automatic.
Eventually a semi-automated system would pretty much filter out the common IPAs and known email address and field text patterns that bots are using.
Also include some body text pattern detection in the Testimonials pages. We do approve all Testimonials but its time consuming to delete each spam as it comes in.
Wonder if theres already an addon that does something similar?