Skip to content

How to stop attackers to execute script and run 100 requests to create account?

On client magento website has enabled google captcha version 2 on create account page.

exception.log file has following errors

(Magento\Framework\Stdlib\Cookie\CookieSizeLimitReachedException(code: 0): Unable to send the cookie. Size of 'mage-messages' is 4131 bytes with error message “Invalid google captcha”

Above error happening because attacker try to create account using script 100 times and every time it invalidate google captcha and throw error message, and Magento messages associated with cookies, because of lot of error messages store in cookie, cookies become full in memory and run above exception.

Can I handle without request limit access concept? what should I do?