Author Topic: [SOLVED] block SPAM registrations. . .  (Read 44964 times)

HelloMcFly

  • Beginner
  • *
  • Posts: 25
[SOLVED] block SPAM registrations. . .
« on: February 24, 2009, 06:59:41 am »
I am trying to cut down on the number of SPAM registrations in Virtuemart.  I noticed that non-human registrants usually enter the same FIRST and LAST names (i.e. Mybobshoes Mybobshoes)

Is there a change I could make somewhere to compare the form fields for First and Last names, and if they are equal block the registration?

for example: if($_POST['firstname'] == $_POST['lastname']) $spam=true;

taken from here: http://webaim.org/blog/spam_free_accessible_forms/

I am using J! 1.5.9 and VM 1.1.3 and I am already running security images as a first line defense.  (Doesn't seem to help.)

I appreciate any thoughts you might have.

Warm regards,
Dan Yager
www.quickheads.com

Bruce Morgan

  • Sr. Member
  • ****
  • Posts: 672
Re: block SPAM registrations. . .
« Reply #1 on: February 24, 2009, 16:13:07 pm »
I have had the same problem and it seems to be increasing lately.  I think this should be addressesbefore it gets out of control.

Bruce
www.pepper-passion.com

HelloMcFly

  • Beginner
  • *
  • Posts: 25
Re: block SPAM registrations. . .
« Reply #2 on: March 01, 2009, 13:15:21 pm »
OK . . . So I get some sympathy but no help!  LOL!  ???

Can someone at least tell me what files are involved in the VM registration process?  I tried searching for these, but I was just shooting in the dark.

If someone could tell me where to find this information, I would be willing to try and write the code myself and share it with everyone.

Thanks for looking,
Dan Yager
www.quickheads.com

Nirm

  • Contributing Developer
  • Sr. Member
  • *
  • Posts: 919
    • Me, My Work and I
Re: block SPAM registrations. . .
« Reply #3 on: March 01, 2009, 15:16:30 pm »
Why not install a CAPTCHA on VM registration - VM supports Security Images component.
A lot of questions are answered in the VM 1.1 User Manual please read it before asking questions.
-------------------------------------
http://www.nirmoysomaia.com

HelloMcFly

  • Beginner
  • *
  • Posts: 25
Re: block SPAM registrations. . .
« Reply #4 on: March 01, 2009, 16:42:55 pm »
Nirm. . . Uh. . . I already did that.  Please read the first post I made.

Either, the bots have figured out a way around this, or a human spammer is registering.  I could cut down on about 95% of the spam registrations if I could just block registrations where the firts name equals the last.

There is a javascript "submitregistration" that I can see when I view the VM registration page source.  This error checks the form before submission.  I could add a simple check to that javascript, if I could figure out where it's being called from.

Any thoughts?

I appreciate the response Nirm.

Thanks,
Dan Yager
www.quickheads.com

HelloMcFly

  • Beginner
  • *
  • Posts: 25
SOLVED: block SPAM registrations. . .
« Reply #5 on: March 03, 2009, 14:19:25 pm »
I found where the submitregistration javascript was being called here:

http://forum.virtuemart.net/index.php?topic=47168.msg157987#msg157987

so I wrote the following addition to check if the first name equals the last:

Code: [Select]
        // Added by Dan Yager to reduce SPAM registrations.
        if( isset($required_fields['first_name']) ) {
             echo '
             if (form.first_name.value == form.last_name.value) {
                    alert( "Your registration cannot be accepted at this time. We are Performing maintenance." );
                    return false;
             }';
        }

It's perhaps a little oversimplified, but I don't want to give the SPAMMERS too much help in figuring out what they did wrong!  ::)

Hope this helps someone else.

Cheers,
Dan Yager
www.quickheads.com

Bruce Morgan

  • Sr. Member
  • ****
  • Posts: 672
Re: [SOLVED] block SPAM registrations. . .
« Reply #6 on: March 03, 2009, 18:18:11 pm »
Can you advise where you inseted these lines and whether it appears to be working?

Bruce

HelloMcFly

  • Beginner
  • *
  • Posts: 25
Re: [SOLVED] block SPAM registrations. . .
« Reply #7 on: March 04, 2009, 15:41:48 pm »
Sheesh, I left a link to it.   ???

I'll spell it out for you.  I changed the ps_userfield.php file located here:

administrator\components\com_virtuemart\classes\ps_userfield.php

This checks the registration form for errors before submitting the registration.  The script works fine and is tested.  The VM registration will not be submitted if the FIRST NAME field is equal to the LAST NAME field.

So I consider that issues solved.

However, after installing this HACK I am still getting SPAM registrations where the FIRST NAME equals the LAST NAME.  This leads me to believe that SPAMMERS are using some other method to register on my site besides the VM registration page.  (This would explain how they are getting around the SECURITY IMAGES.)  :-\

I assume then that they are using the JOOMLA "mod_login" module somehow, even though it is unpublished, and set for "special" access.  Does anyone know how they are circumventing this?  Are there other modules that would allow SPAMMERS to register on my website?

Please let me know.

I am NOT using Community Builder or any other registration modules that I can think of.  So is there a backdoor link to the Joomla registration page?

I appreciate your help.

Warm regards,
Dan Yager
www.quickheads.com

Bruce Morgan

  • Sr. Member
  • ****
  • Posts: 672
Re: [SOLVED] block SPAM registrations. . .
« Reply #8 on: March 04, 2009, 18:19:10 pm »
I hope this gets some serious attention from the guys in the trenches doing the coding.  It would be helpful to know if the vulnerability is in Joomla or VM.  I have a sneaking suspicion it might be VM.  I had a related problems with the same type of spammmer requesting information on various products even though I had commented out the code on the plypage template.  It took some additional editing to solve the problem.  This is over my head as far as coding is concerned but I would like to help with testing if you make any more progress on a solution.

Bruce
www.pepper-passion.com

HelloMcFly

  • Beginner
  • *
  • Posts: 25
Re: [NOT QUITE SOLVED] block SPAM registrations. . .
« Reply #9 on: March 05, 2009, 06:56:18 am »
Hmmm?  It's really quite frustrating.  I'm still getting a lot of SPAM registrations.  Is there a way to log where they are coming from?  Is there a way to know what form they used to register?  I would really like to know.

This is really starting to SUCK!

Thanks,
Dan Yager
www.quickheads.com

HelloMcFly

  • Beginner
  • *
  • Posts: 25
Re: [NOT QUITE SOLVED] block SPAM registrations. . .
« Reply #10 on: March 05, 2009, 15:47:22 pm »
So I did a Google search for "backdoor registrations joomla" and this led me to a backdoor link that would allow SPAMMERs to register on my website and bypass the Virtuemart registration.

If you add /index.php?option=com_registration&task=register to the end of your site's URL you may see the registration page I'm talking about.  This appears even though I unpublished the Joomla Log-in module in the back end.

I am running sh404SEF on my site, so I simply created a SEF URL to redirect people from the address above to the VM registration page.

It remains to be seen if this is the only back door registration possible on my website, but I will report back on my results.  I received 7 SPAM registrations in the last 24 hours, anything less than that in the next 24 hours would be a blessing.   :P

Wish me luck!

Dan Yager
www.quickheads.com

Bruce Morgan

  • Sr. Member
  • ****
  • Posts: 672
Re: [NOT QUITE SOLVED] block SPAM registrations. . .
« Reply #11 on: March 05, 2009, 17:54:29 pm »
For those of us who do not use SEF would it also be possible to delete the Joomla registration php file or disable it by changinf its name?  I have no use for the standard Joomla registration.

Bruce

HelloMcFly

  • Beginner
  • *
  • Posts: 25
Re: [NOT QUITE SOLVED] block SPAM registrations. . .
« Reply #12 on: March 05, 2009, 22:14:10 pm »
I don't know.  Could you try it and report back here?  If something goes horribly wrong you could replace it from the install files.  (Or better yet back up before you begin.)  ;)

I have had no SPAM registrations since this morning when I installed the fix above.  I'm still keeping my fingers crossed.

Cheers,
Dan Yager
www.quickheads.com

HelloMcFly

  • Beginner
  • *
  • Posts: 25
Re: [NOT QUITE SOLVED] block SPAM registrations. . .
« Reply #13 on: March 06, 2009, 14:54:05 pm »
In the last 24 hours I had two SPAM registrations, so at least it's an improvement.  Still need to figure out how they're getting in though.

I'll keep looking.

-Dan Yager
www.quickheads.com

Bruce Morgan

  • Sr. Member
  • ****
  • Posts: 672
Re: [NOT QUITE SOLVED] block SPAM registrations. . .
« Reply #14 on: March 06, 2009, 18:35:27 pm »
I did some exploring in the various folders on my serfver and was unable to find out where the basic Joomla registration is located.  I dio remember following instruction form this forum to make the VM registration the default one or maybe that beacme a standard feature with the latest version.  In any case I find the standatd Joomla registration worthless and would just as soon delete it if it will not cause any problems.  Any suggestions where to look?

Bruce