Hello! Every day, our site gets 20-30 fake/spam user registrations. I have put a reCaptcha on the user registration form. I have put a honeypot field on that form as well. These measures had zero effect.
I then put a postHook on the registration snippet which logs all submissions to the Modx error log. To my surprise, the only
things logged are the legitimate
registrations. The fake/spam registrations do not get logged. How are they bypassing my registration form?
The spam users usually have a matching "name" and "fullname". Also, their email often ends in “.ru” or contains “yandex”
I’m running Modx 2.7.0.
Has anyone else seen this kind of thing? How are they doing this and how can I stop it?