News:

Looking for documentation? Take a look on our wiki

Main Menu

virtuemart register form hanker

Started by florihana, August 23, 2017, 08:58:34 AM

Previous topic - Next topic

florihana

Hi experts,

VirtueMart 3.0.18
Joomla 3.6
php 5.6

Recently our web site had hankered attack, he could register form without passe those required input ( like last name, first name, country etc) and just enter email/user name for successful registration,
see attached photo

After is our other user will receive those attack registratios to her emailbox, do someone has the same experience?

How could I resolve this problem?

thank you

GJC Web Design

Doubt this has anything to do with VM
They have access your your JOOMLA registration form and this is how they are registering

try  https://www.florihana.com/en/?option=com_users&view=registration & https://www.florihana-usa.com/index.php?option=com_users&view=registration

I always redirect the joomla reg form to the VM form
GJC Web Design
VirtueMart and Joomla Developers - php developers https://www.gjcwebdesign.com
VM4 AusPost Shipping Plugin - e-go Shipping Plugin - VM4 Postcode Shipping Plugin - Radius Shipping Plugin - VM4 NZ Post Shipping Plugin - AusPost Estimator
Samport Payment Plugin - EcomMerchant Payment Plugin - ccBill payment Plugin
VM2 Product Lock Extension - VM2 Preconfig Adresses Extension - TaxCloud USA Taxes Plugin - Virtuemart  Product Review Component
https://extensions.joomla.org/profile/profile/details/67210
Contact for any VirtueMart or Joomla development & customisation

Milbo

Quote from: GJC Web Design on August 23, 2017, 16:51:28 PM
I always redirect the joomla reg form to the VM form

Interesting, how you do that?
Should I fix your bug, please support the VirtueMart project and become a member
______________________________________
Extensions approved by the core team: http://extensions.virtuemart.net/

GJC Web Design

quick and dirty way in over ride the templates\xxxx\html\com_users\registration\default.php

and add at the top

defined('_JEXEC') or die;
header("Location: https://www.xxxxx.com.au/{vm-reg-page}");
die();

could be done nicer with JRoute etc
GJC Web Design
VirtueMart and Joomla Developers - php developers https://www.gjcwebdesign.com
VM4 AusPost Shipping Plugin - e-go Shipping Plugin - VM4 Postcode Shipping Plugin - Radius Shipping Plugin - VM4 NZ Post Shipping Plugin - AusPost Estimator
Samport Payment Plugin - EcomMerchant Payment Plugin - ccBill payment Plugin
VM2 Product Lock Extension - VM2 Preconfig Adresses Extension - TaxCloud USA Taxes Plugin - Virtuemart  Product Review Component
https://extensions.joomla.org/profile/profile/details/67210
Contact for any VirtueMart or Joomla development & customisation

florihana

 :) :) :)
thank you  GJC Web Design

So anybody could be easily register from Joomla Form through this URL: https://www.florihana-usa.com/index.php?option=com_users&view=registration

But I just wonder how it does happen for normal user to find this url to register cause the correct url should be:https://www.florihana-usa.com/create-customer-account.html




florihana

I means this should be still hanker case right?

or this could be real user go to registre case?  ??? ???