Hello,
I'm not sure if this is a problem or not, but I've noticed that some users are accessing the VM Shopper Registration Page Directly instead of using a Joomla Login. The users are able to register additional shoppers and also attempt code injection attacks. Is there a way to prevent this? I can reproduce the issue with the VirtueMart demo site. Thanks for your help.
Joomla: 2.5.14
VirtueMart: 2.0.24
:'(
This has been an issue even in VM1
Many people created their own unique hacks to try and prevent the bots doing this.
Can any dev comment on preventing bot registrations and then attempts to do an SQL injection after registration?
For bots - Easy Calc Check Plus, for injection attempts - ignoring them or using some antihack stuff from JED.
Thanks Maxim
Captcha easycalc has been mentioned before
JED for may might help them fend of injection.
I like the idea of ignoring sql attempts :o
I modified com_virtuemart/views/user/tmpl/edit.php to disable the direct registration. It looks like VM uses another page to register users on checkout so I didn't see any negative side effects. Is there any functionality that I'm losing by commenting out the direct VM registration?
--- components/com_virtuemart/views/user/tmpl/edit.php.orig 2013-10-04 12:48:33.000000000 -0500
+++ components/com_virtuemart/views/user/tmpl/edit.php 2013-10-04 08:49:10.000000000 -0500
@@ -54,7 +54,7 @@
<?php echo shopFunctionsF::getLoginForm(false); ?>
<h2><?php if($this->userDetails->virtuemart_user_id==0) {
- echo JText::_('COM_VIRTUEMART_YOUR_ACCOUNT_REG');
+ //echo JText::_('COM_VIRTUEMART_YOUR_ACCOUNT_REG');
}?></h2>
<form method="post" id="adminForm" name="userForm" action="<?php echo JRoute::_('index.php?view=user',$this->useXHTML,$this->useSSL) ?>" class="form-validate">
<?php if($this->userDetails->user_is_vendor){ ?>
@@ -84,7 +84,7 @@
shopFunctionsF::buildTabs ( $this, $tabarray);
} else {
- echo $this->loadTemplate ( 'shopper' );
+ //echo $this->loadTemplate ( 'shopper' );
}
/*