[SOLVED] block SPAM registrations. . .

[HelloMcFly]

Awe Crap! 

I just discovered one minor flaw to my "first_name = last_name" script and about 10 SPAM registrations in my inbox!

I woke up in the middle of the night, thinking that I might have figured out how the SPAMmers wer getting around my little check.  Unfortunately, the script I added above is written in Javascript, so all a SPAMmer needs to do to circumvent it, is. . . well, turn off Javascript in their browser to get around it.

So I'm back to the drawing board.  I will need to write the form verification in PHP. 

Dang! I guess my day with only 2 SPAM registrations was just a flukey coincidence!

I'll keep trying though!

-Dan Yager
www.quickheads.com

[filterit]

How do you confirgure sh404sef to do this

Have a redirect:

index.php?option=com_virtuemart&Itemid=99&lang=en&page=shop.registration
going to

Create-customer-account.html
do I just add this to the aliase list?


index.php?option=com_registration&task=register

[HelloMcFly]

I haven't taken the time to try and get sh404sef to work with Virtuemart.  I tried it once and the checkout process didn't work.  (So I'll deal with that later.)  For right now, sh404SEF is turned off for the Virtuemart component.

However, you can add "index.php?option=com_virtuemart&Itemid=99&lang=en&page=shop.registration" into the SEF URL block instead of the alias, and that will in turn, redirect to the "Create-customer-account" URL.

Sounds a little convoluted I realize, but it worked for me.

Please give it a try and report your results back here.

Thanks,
Dan Yager
www.quickheads.com

[HelloMcFly]

Just FYI: I spent some time working on the php scripts in the file "ps_shopper.php" to try and do the form authentication in PHP instead of Javascript.  I got it working, but when I turned of Javascripting to test the PHP further it stopped working.

So that seems like a dead end right now.  I'll do some more research and report my findings back here.

Stay tuned!

Of course, I would appreciate some help, if anyone knows how all of this works!  Sheesh!

Dan Yager
www.quickheads.com

[vjtemplates]

Simply remove the "Register" link and let your buyers add products to cart first before creating a new account.

[HelloMcFly]

That would be great, except I want them to register to use the forums, and access other "members only" areas of the site, before they buy..

Nice thought though.

Dan Yager
www.quickheads.com

[HelloMcFly]

OK, I'm trying a new HACK of the file ps_shopper.php located here:

administrator\components\com_virtuemart\classes\ps_shopper.php

I added a few lines in the PHP code to check if FIRST NAME = LAST NAME

right below the following code:

Code: [Select]


/**
* Function to add a new Shopper into the Shop and Joomla
*
* @param array $d
* @return boolean
*/
function add( &$d ) {
global $my, $auth, $mainframe, $mosConfig_absolute_path, $sess,
$VM_LANG, $vmLogger, $database, $mosConfig_useractivation;

$ps_vendor_id = $_SESSION["ps_vendor_id"];
$hash_secret = "VirtueMartIsCool";
$db = new ps_DB;
$timestamp = time();

if (!$this->validate_add($d)) {
return False;
}



I added:

Code: [Select]

//Added By Dan Yager to prevent SPAM
                   // www.quickheads.com

if (vmGet($d,'first_name','First Name' ) == vmGet($d,'last_name','Last Name' )) {
return False;
}

I did some testing and this doesn't seem to be affected if I turn javascript off in my browser.  It will return the registrant back to the registration page without adding them.  This will allow a human to correct the First of Last name, but doesn't give a SPAMMER too much information.

This doesn't affect normal human users that are trying to register though.  I'll give another 24 hours and see if it cuts down on the SPAM registrations.

I'll report back here with the results.

Cheers,
Dan Yager
www.quickheads.com

[HelloMcFly]

I received a grand total of 1 SPAM registration yesterday, and that no longer had the first and last names equal.  So I think I've got them on the run!  (Fingers crossed.)   

My hope is that SPAMMERS won't take the time to figure out what's wrong with the registration form and will simply move on to an easier target.  So far this seems to be working.

If at some point this scheme stops working, I'll add a few more lines of code to check some of the other fields.  (Like Address1 = Adress2)  But for now I'm very pleased.  Time will tell though.

I hope others find this thread useful.

Cheers,
Dan Yager
www.quickheads.com

[Scar]

Have you tried the VM registration redirector plugin? If you have a captcha on your VM registration this thing might do the trick without hacking. This says it redirects all registration requests to VM registration. Haven't tried it myself yet but I'm sure going to.

http://extensions.joomla.org/extensions/access-&-security/authentication/7170/details

[HelloMcFly]

The SPAM registrations were coming from the VM registration page.  So simply redirecting all registrations to it wasn't the answer. 

You'll see that in one of previous posts that I was redirecting all registrations to VM using sh404sef and was still getting SPAM.

My specific requirement was that it wouldn't allow registrations where the first and last names were equal.  And only the hack seemed to help.

I haven't gotten any SPAM since I installed it, but normal human beings are able to register just fine.  Hope this makes sense.

Please let me know.

Cheers,
Dan Yager
www.quickheads.com

[msit]

Hello McFly,

that's really a good hint, and I hope, that it will also solve the same problem at my site!

Any idea, how to get and save the IP-address of those, who want to register?

Often the spammer come from special countries, and it may be an additional possibility to block them by .htaccess.
Or compare the IP-address with country-lists? This might make it possible to check, if the post-address is real.

Or does anyone know, how to block the registration by the used email (.ru,.cn...)?

It's really necessary to improve the security of Joomla and VM! A few weeks ago a hacker destroyed 5 of my Domains on 1und1-host by posting a well-known virus to the server using Joomla or VM. The hosters do not check servers for viruses. So prevention is the only way..

Have a nice day
msit

[korb]

I found a nice captcha and I just implemented in my website.

Please try it for yourself.

For me it is PERFECT!

Yeah... LINK HERE

Danny

[brainz]

Thank you....

Sometimes simple solutions are often the best...

regards
brainz

[Bruce Morgan]

I also installed a re-captcha plug-in and Spam registrations were still geting through.  I also instslled the block disosable addresses plug in and it reduced ther number further but I get get an occasional spam registration and I am wondering where the hole is in the safety net.  Al of the Spam registrations are the same type with identical first and last names.

I have the Vituemart registration set up as the default and protected with re-captcha. The Spam registration are coming via the Joomla registration as they contain only the user name and email.  Is there a way to diable the joomlas registration if you are not using it?

Bruce
ww.pepper-passion.com

[brainz]

Regardless of it being a joomla registration or a virtuemart registration this hack works on the premise that the Firstname and the Lastname are the same if they are the same then it simply shows the user/bot the registration page again.

If the Firstname and the Lastname are different it allows registration of the user.

its a very simple hack:

open this file..

administrator\components\com_virtuemart\classes\ps_shopper.php

Around line 276 add this code:

Code: [Select]

//Added By Dan Yager to prevent SPAM
                   // www.quickheads.com

if (vmGet($d,'first_name','First Name' ) == vmGet($d,'last_name','Last Name' )) {
return False;
}
Save the file and replace it with the original one... Making sure you have a backup of the original file offcourse.

That simple...

Once the file has been updated on users with a different firstname and lastname will be able to register.

Done...  Thanks Dan Yager or should i say HelloMcFly

Regards
Brainz