I got bots registering as shoppers. There should be a captcha on the registeration page. Am I overlooking something?
Also got spam via the 'ask a question about this product' form. Would be nice to have captcha there too.
Easy Calc Check Plus
Thank you. I will check that out.
I got Google ReCaptcha installed in the Joomla core. Would it not be easyer for VM to make the Joomla captcha alaivable in VM?
Captcha is only one way for hackers to attack a website. Unfortunately there are a lot more, like old or unpatched versions of joomla or virtuemart, vulnerable extensions other than virtuemart core files, bad configured web server, predictable passwords for the admin user.
Good point dennis
There are many generic joomla security threads available on the joomla site http://docs.joomla.org/Security_Checklist (http://docs.joomla.org/Security_Checklist)
carsten is specifically interested in registration and the prevention of bot registration through use of captcha.
If you can address that specific point then I am sure we would all be more than thankful.
That's the point. Only the attacker can tell us what he did. If you have security holes in the system, like the ones I mentioned before, a hacker may be able to upload files. When he uploads files he can do anything. Creating a user is a common way these people go. A common idea is to create hundreds of users so that the administrator can have no clue as to who made what in the system.
A friendly advice to carsten, make sure you always keep backups and your website up to date to the latest software releases. Also, do have a look at Hutson's link, there is a lot of must-read information in there.
Spammers are not hackers.
Quote from: carsten888 on September 30, 2013, 08:15:19 AM
I got Google ReCaptcha installed in the Joomla core. Would it not be easyer for VM to make the Joomla captcha alaivable in VM?
Some captchas doesn't look friendly for customers and shop owners.
In addition 3rd party developer could make a more quality solution for this specific not so e-commerce related task.
I have disabled user registration and Easy Calc Check Plus does not work in "Add / Edit billing address information" (Botton: saveCartUser).
It does not work when I access the user registration by www.mypage.com / storename / user. (Botton: SaveUser). :-\
Just struggled with this.
My experience:
1. Keycaptcha currently doesn't support latest VM. Also paid version is more friendly to shoppers. Possible issues with shoppers privacy?
2. Paid recaptcha plugin remained untested. Recaptcha became more friendly nowadays?
3. ECC became paid - Dev version 2.5-8. Probably work - I saw support on its forum.
Conclusion:
Just turn off system messages for VM Vendor/Superadmin
OR
Use email filters for your email client to store Registration emails in separate folder out of Incoming email folder.
Elaboration:
Make life of your shoppers easy - Don't use Captcha.
Use your web shop resources for what they were created - For applying as much registrations as possible. For registrations by spambots, why not? Who cares?
Spam bots wouldn't buy your stuff, howdayyouthink?