Customer registration not using Joomla's email domain blocking

-- HikaShop version -- : 4.7.1
-- Joomla version -- : 4.2.9
-- PHP version -- : 8.0.28

We have a long-standing Hikashop site which constantly fights automated user registrations which use the .ru and .fr domains (they don't do business internationally). We have Joomla configured to disallow users from registering with emails that use those domains - which seems to block Joomla registrations using Joomla forms, but user registrations via the HikaShop Checkout page don't seem to enforce this feature. None of these accounts have attempted or succeeded to complete orders, but they are cluttering up both the Joomla Users table and Hikashop's Customer table.

Does HikaShop enforce this registration restriction? or do I manually need to identify and remove all of these fake accounts from both systems - as I did about two years ago? (there are currently over 200 of these accounts, only a few of which have ever logged in after the fake checkout.)

Thanks. I really appreciate this.

Just an update: we are literally receiving over a hundred of these fake registrations a day now. Is there a quick way to modify the regex used to validate email addresses to exclude the Russian alphabet?

Good start, though I haven't found where the RegEx test is being performed yet.

In the meantime, It appears that I've successfully blocked the ".ru" registrants by blocking the email domain using Akeeba Admin Tools Pro's email blocking. Joomla's tools to do the same weren't working with Hikashop, but Akeeba's firewall hardening seems to do that trick.

There's still a lot of fake registrants using valid but obviously stolen email addresses, but these are identifiable because they are including a URL within the submitted register_name field. I am attempting to add a small onChange script to the Name field that checks to see if the Name value includes "http" or ".ru". If it finds it, it simply wipes the value of the field immediately. Hopefully this will be enough to discourage a keystroke driven script. If not, I'll have to keep working on finding and tightening the data validation routines.

I do appreciate your help.

With all the registration forms hardened via javascript and the default Joomla registration forms completely overridden and disabled, it appears that the only solution is to improve the server-side data validation. Maybe with a custom plugin that runs first. That will be a serious challenge for tomorrow.

I'll check it out. Thanks.

Thank you VERY much for your suggestion of OSpam-A-Not. It has blocked the fake registrations successfully since the moment it was installed - about 1 fake a minute. This is definitely part of my toolbox now.

To help clean up my dataset, I plan to build an admin interface which flags all HikaShop Users who have NOT made a Purchase and haven't returned to the site since they registered, and will display their correlating Joomla User. That should make it easy to identify any accounts which seem suspicious ( e.g.: gibberish user names, even though their email addresses seem legit) and give me a single delete button to export or get rid of them.

Again, thanks for your help!