Author Topic: virtuemart register form hanker  (Read 284 times)

florihana

  • Beginner
  • *
  • Posts: 21
  • A beginner
virtuemart register form hanker
« on: August 23, 2017, 08:58:34 am »
Hi experts,

VirtueMart 3.0.18
Joomla 3.6
php 5.6

Recently our web site had hankered attack, he could register form without passe those required input ( like last name, first name, country etc) and just enter email/user name for successful registration,
see attached photo

After is our other user will receive those attack registratios to her emailbox, do someone has the same experience?

How could I resolve this problem?

thank you

GJC Web Design

  • 3rd party VirtueMart Developer
  • Super Hero
  • *
  • Posts: 7519
  • Virtuemart, Joomla & php developer
    • GJC Web Design
  • VirtueMart Version: 2.6.22 & 3.2.2
Re: virtuemart register form hanker
« Reply #1 on: August 23, 2017, 16:51:28 pm »
Doubt this has anything to do with VM
They have access your your JOOMLA registration form and this is how they are registering

try  https://www.florihana.com/en/?option=com_users&view=registration & https://www.florihana-usa.com/index.php?option=com_users&view=registration

I always redirect the joomla reg form to the VM form
GJC Web Design
VirtueMart and Joomla Developers - php developers http://www.gjcwebdesign.com
VM3 AusPost Shipping Plugin - e-go Shipping Plugin - VM3 Postcode Shipping Plugin - Radius Shipping Plugin - VM3 NZ Post Shipping Plugin - AusPost Estimator
Samport Payment Plugin - EcomMerchant Payment Plugin - ccBill payment Plugin
VM2 Product Lock Extension - VM2 Preconfig Adresses Extension - TaxCloud USA Taxes Plugin - Virtuemart  Product Review Component
http://extensions.joomla.org/profile/profile/details/67210
Contact for any VirtueMart or Joomla development & customisation

Milbo

  • Virtuemart Projectleader
  • Administrator
  • Super Hero
  • *
  • Posts: 9327
  • VM3.2 Cached and Optimized
    • VM3 Extensions
  • VirtueMart Version: VirtueMart 3 on joomla 3
Re: virtuemart register form hanker
« Reply #2 on: August 23, 2017, 19:18:21 pm »
I always redirect the joomla reg form to the VM form

Interesting, how you do that?
I should fix your bug, please support the VirtueMart project and become a member
______________________________________
Extensions approved by the core team: http://extensions.virtuemart.net/

GJC Web Design

  • 3rd party VirtueMart Developer
  • Super Hero
  • *
  • Posts: 7519
  • Virtuemart, Joomla & php developer
    • GJC Web Design
  • VirtueMart Version: 2.6.22 & 3.2.2
Re: virtuemart register form hanker
« Reply #3 on: August 24, 2017, 13:14:16 pm »
quick and dirty way in over ride the templates\xxxx\html\com_users\registration\default.php

and add at the top

defined('_JEXEC') or die;
header("Location: https://www.xxxxx.com.au/{vm-reg-page}");
die();

could be done nicer with JRoute etc
GJC Web Design
VirtueMart and Joomla Developers - php developers http://www.gjcwebdesign.com
VM3 AusPost Shipping Plugin - e-go Shipping Plugin - VM3 Postcode Shipping Plugin - Radius Shipping Plugin - VM3 NZ Post Shipping Plugin - AusPost Estimator
Samport Payment Plugin - EcomMerchant Payment Plugin - ccBill payment Plugin
VM2 Product Lock Extension - VM2 Preconfig Adresses Extension - TaxCloud USA Taxes Plugin - Virtuemart  Product Review Component
http://extensions.joomla.org/profile/profile/details/67210
Contact for any VirtueMart or Joomla development & customisation

florihana

  • Beginner
  • *
  • Posts: 21
  • A beginner
Re: virtuemart register form hanker
« Reply #4 on: August 24, 2017, 16:50:08 pm »
 :) :) :)
thank you  GJC Web Design

So anybody could be easily register from Joomla Form through this URL: https://www.florihana-usa.com/index.php?option=com_users&view=registration

But I just wonder how it does happen for normal user to find this url to register cause the correct url should be:https://www.florihana-usa.com/create-customer-account.html




florihana

  • Beginner
  • *
  • Posts: 21
  • A beginner
Re: virtuemart register form hanker
« Reply #5 on: August 24, 2017, 17:09:21 pm »
I means this should be still hanker case right?

or this could be real user go to registre case?  ??? ???