VirtueMart Forum

VirtueMart 2 + 3 + 4 => Security (https) / Performance / SEO, SEF, URLs => Topic started by: florihana on August 23, 2017, 08:58:34 AM

Title: virtuemart register form hanker
Post by: florihana on August 23, 2017, 08:58:34 AM
Hi experts,

VirtueMart 3.0.18
Joomla 3.6
php 5.6

Recently our web site had hankered attack, he could register form without passe those required input ( like last name, first name, country etc) and just enter email/user name for successful registration,
see attached photo

After is our other user will receive those attack registratios to her emailbox, do someone has the same experience?

How could I resolve this problem?

thank you
Title: Re: virtuemart register form hanker
Post by: GJC Web Design on August 23, 2017, 16:51:28 PM
Doubt this has anything to do with VM
They have access your your JOOMLA registration form and this is how they are registering

try  https://www.florihana.com/en/?option=com_users&view=registration & https://www.florihana-usa.com/index.php?option=com_users&view=registration

I always redirect the joomla reg form to the VM form
Title: Re: virtuemart register form hanker
Post by: Milbo on August 23, 2017, 19:18:21 PM
Quote from: GJC Web Design on August 23, 2017, 16:51:28 PM
I always redirect the joomla reg form to the VM form

Interesting, how you do that?
Title: Re: virtuemart register form hanker
Post by: GJC Web Design on August 24, 2017, 13:14:16 PM
quick and dirty way in over ride the templates\xxxx\html\com_users\registration\default.php

and add at the top

defined('_JEXEC') or die;
header("Location: https://www.xxxxx.com.au/{vm-reg-page}");
die();

could be done nicer with JRoute etc
Title: Re: virtuemart register form hanker
Post by: florihana on August 24, 2017, 16:50:08 PM
 :) :) :)
thank you  GJC Web Design

So anybody could be easily register from Joomla Form through this URL: https://www.florihana-usa.com/index.php?option=com_users&view=registration

But I just wonder how it does happen for normal user to find this url to register cause the correct url should be:https://www.florihana-usa.com/create-customer-account.html



Title: Re: virtuemart register form hanker
Post by: florihana on August 24, 2017, 17:09:21 PM
I means this should be still hanker case right?

or this could be real user go to registre case?  ??? ???