next »

[mckayc]

I have noticed that there are many posts of people wanting to use captcha in VirtueMart, specifically using the "Ask a Question" feature for product inquiry.  I was looking for this as well as I have been getting about 4 Spam inquiries a day.  After many, many hours of reading and tweaking, I have finally figured out a fairly straightforward and easy way to add captcha to this.  Since it was so hard for me to find and figure out how to do, I thought I would share with everyone how I got this accomplished.

This tutorial involves three basic steps:
1. Signing up for reCaptcha so you can use their wonderful service
2. Downloading and configuring the JEZ reCAPTCHA Integrator plugin
3. Adding a single word of code to the file - joomla\components\com_virtuemart\themes\default\templates\pages\shop.ask.tpl.php

Step 1
Go to the http://recaptcha.net/ website.  Here you will sign up for an account where you can get a public and private key to use reCaptcha.  Make sure that you have these keys readily available for the next step.

Step 2
Go to the website http://www.joomlaez.com/ and download the Joomla reCAPTCHA Integrator Plugin.  After you have this installed, go to your plugin manager and open the settings for this plugin and do the following:

• Enable the plugin
• Enter the public and private keys where indicated
• Set Inclusion Syntax to YES
• Set Auto-verify to YES
• Apply or save the settings

Step 3
Open the file - joomla\components\com_virtuemart\themes\default\templates\pages\shop.ask.tpl.php
Once you have this opened, browse to around line 35. Look for the line that says <input type="button" name="send".....  Right above this line, add the text {captcha}

Save the file and you are done.  Now when you go to a product page and click the link "Ask a question about this product" you should have reCAPTCHA at the bottom of the page.

Hope this helps someone!

I made these changes this morning and have not received any spam yet, but obviously it has not really been long enough to know how well this works. Hopefully it will get you started in the right direction though.

[milan.vacula]

McKay,

thank you for your share with us. It helps a lot. Now, i blocked all ask.html spammers. Your solution is very clean and it works like a charm.

[milan.vacula]

mm.. ok really dont know why , but I still got spam from ask.html. reCaptcha is there without problem. I tried captcha and it works without problem.. There are two ways how it is possible - some script is using good otr modul to read image or there is some bug in ask.html page accepting of sending data bypassing captcha ... any hints where should be problem ? Is there any way to make recaptcha more difficult?

[hadassah]

Human spammers are the culprit.

[mckayc]

Since I put this up a week ago, I have not had any spam.  Certainly, like hadassah pointed out, there can still be human spam.  If it is a problem beyond that though, I don't really know what to say.

[Ratman2050]

I have a problem guys, I have a website using virtumart at techtwurl.com and the email I am using is webmaster "@" techtwurl.com. I keep getting these annoying spam emails recently that look like this http://gs156.photobucket.com/groups/t26/NHV7NVANH6/ScreenHunter_01Feb222200.gif but the problem is I do not know what these spammers are using to contact me. I have checked my Contact Us page and it uses a captcha, and then there is also a page at the top called "Can't find your item here? Why not add it?" but this option is custom made and it doesn't send emails. So what area of the website could spammers be getting my email or finding a form to send me an email from that I don't know of? thanks!

[mckayc]

Not really sure what the problem would be.  I wonder if there is a cache of your old pages.  Have you cleared your website cache?  Have you done a Google search for the pages you are getting spam from?

[punz]

Thanks for this. Hopefully it stops the annoying mail.ru spammers

[Ratman2050]

Not really sure what the problem would be.  I wonder if there is a cache of your old pages.  Have you cleared your website cache?  Have you done a Google search for the pages you are getting spam from?

Thanks for the advice, I google searched my web pages and found out where the leak was coming from. Then I changed it so you have to register or log in to post a question using this website: http://www.lunarhotel.co.uk/joomla/dealing-with-spam-on-the-virtuemart-ask-a-question-about-this-product-page/2.html . Next I will continue to add a captcha for registration, thanks!

[fedster]

Hey thanks for the tutorial pretty clean.

I do have a question, if I don't write anything on the captcha field or if a write the letters wrong, it works in the sense that it doesn't send me the email, but it doesn't show any error, sends me back to the contact page, blank. So I tried to see if is sending back the POST, but it doesn't so I have no way to autopopluate the message, in case of errror, and tell the customer there is an error with teh captcha.

Do you guys know how can this be accesed / solved?

[mckayc]

I noticed the same thing fedster.  You should be getting the error:
"The captcha wasn't entered correctly. reCAPTCHA said: incorrect-captcha-sol" if the captcha is blank or incorrect.  It does unfortunately bring you back to a blank page which is quite annoying if you wrote a lot of text.

I have looked into it a bit but unfortunately have not had any luck so far.  I will keep looking and post the solution if I figure it out.  Hopefully someone on this forum can figure out a way to solve this.

[kotuha]

Just a quick reply to those who still receive spam after implementing the captcha code: this solution is not entirely correct.
A spambot will most likely inject data directly to the script, and not go to the form page first to fill it in, like a human would do.

The JEZ reCAPTCHA plugin only validates the captcha if it notices the challenge inside the request variables. If this variable is not passed, it will never be validated!!

You still have to put in the validation yourself, which only requires a couple of lines extra :

Open up the file /administrator/components/com_virtuemart/classes/ps_communication.php
and look for these lines (around 130)

Code:

function mail_question(&$d)
{
global $vmLogger,  $Itemid, $_SESSION, $VM_LANG,$mosConfig_live_site,$mosConfig_lang, $sess;

Underneath them, insert this;

Code:

// Check if a captcha challenge has been made. If not, we know things are not right, so
// force the challenge anyway so it will be verified (and fail).
$challenge = JRequest::getCmd("recaptcha_challenge_field", null, 'POST');
if(!isset($challenge) || !$challenge) {
JRequest::setVar('recaptcha_challenge_field', 1, 'POST');
}

// Verify the captcha code.
$plugin = &JPluginHelper::getPlugin('system', 'jezReCaptcha');
$params = new JParameter($plugin->params);
plgSystemJezReCaptchaHelper::verifyCaptcha($params);

That should solve your spam problems with the "Ask a question about this product" form!

In order for a human-submitted form to work, you need to disable auto-verify in the JEZ reCAPTCHA plugin. (Otherwise, the captcha is checked twice, and by the second time it will not be valid anymore!)

[salbini]

McKay,

thank you for your share with us. It helps a lot. Now, i blocked all ask.html spammers. Your solution is very clean and it works like a charm.

Thanks alot, I applied this solution to my website www.fesal.info

Great !!!

I was getting pounded by tons of spam mails everyday

[scarradice]

wonderful easy work round!! works perfectly!

[salbini]

I can't believe it.

After have installed everything, there is still a a word meaning manure coming through.
I've received three e-mails from a strange address that I've googled and seen taht is one of the known bots, from russia.

How is it possible that it goes through even with the captcha ?