Hello
For the past three months, I've had problems with fake users signing up for the waitlist through the "Notify Me" function. This only affects two out of about 90 products. These two products are not sold out, and the "Notify Me" button does not appear on the page. They are probably just using the URL link to the "Notify Me" product page. Every day I have to manually delete users from the waitlist directly in the database. I've tried searching the forum to see if anyone is experiencing something similar. Without success. What can I do to fix this?
This is what it looks like in the server's error log:
192.42.116.195 - - [16/Jan/2025:21:22:56 +0100] "GET /index.php/shop/product-detail?layout=notify HTTP/1.1" 200 40995 "https://mysite.com/index.php/shop/product-detail?layout=notify" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:29.0) Gecko/20100101 Firefox/29.0"
192.42.116.195 - - [16/Jan/2025:21:22:57 +0100] "POST /index.php/shop/b-w-photopaper/product-detail HTTP/1.1" 303 - "https://mysite.com/index.php/shop/product-detail?layout=notify" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:29.0) Gecko/20100101 Firefox/29.0"
Joomla 5.2.3
Virtuemart 4.4.4
PHP 8.2
Best Slavomir
What about?
"
Allow guests to send a recommendation, ask a question, ask a price
Yes
No
only customers
"
in the config. Only customers should stop this. do you use captcha?
One of the main issues is that bots or malicious users can directly access the "Notify Me" URL without going through the product page. You can block this behavior using .htaccess rules:
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTP_REFERER} !^https://mysite.com/index.php/shop/product-detail [NC]
RewriteRule ^index.php/shop/product-detail\?layout=notify$ - [F,L]
</IfModule>
Thank you but your code didn`t worked. It didn`t blocked /index.php/shop/product-detail?layout=notify. Is it other way to block it?
It would be nice to be able to use captcha on "notify" me form. I use Aimy Captcha-Less Form Guard. Works fine on other forms. Not on notify me.
Open - administrator/components/com_virtuemart/virtuemart.cfg
Scroll to the bottom of the file and add the following to the end.
notify_captcha=1
Next, go to VirtueMart Configuration and click the save button to update the configuration.
Now, the captcha should work.
Yes, it worked. Thank you Jumbo.
Best
Slavomir
I had to put
<?php echo shopfunctionsF::renderCaptcha('notify_captcha'); ?>
i notify.php to make it work.
Quote from: Slavomir on January 19, 2025, 00:21:02 AMThank you but your code didn`t worked. It didn`t blocked /index.php/shop/product-detail?layout=notify. Is it other way to block it?
It's obvious that the code couldn't work if you copied it - the code is an example and you need to adapt it to your website
Reminder: If you implement Google reCAPTCHA on your website, be aware that it tracks your visitors by collecting behavioral data, IP addresses, and browser details. Under privacy regulations like GDPR and CCPA, this means you must display a consent banner informing users about tracking and data collection before reCAPTCHA is activated. If you want a privacy-friendly alternative, consider hCaptcha or Cloudflare Turnstile instead.
Aimy Captcha-Less Form Guard
I wonder, what is the idea to add emails to this list? How can this be misused? Current new fixes are
if(VmConfig::get('stockhandle', 'none') != 'disableadd') return; on top of the notifycustomer function
and I replaced the "notify_captcha" against "ask_captcha". So it should work if you enable the captcha in the vm config per gui for "ask a question", "recommend product"
and I added this to adduser function
if(empty($data['virtuemart_product_id'])) {
vmdebug('model Waitinglist adduser no product id given');
return false;
}
$pModel = VmModel::getModel('product');
$product = $pModel->getProduct($data['virtuemart_product_id']);
if( ($product->product_in_stock - $product->product_ordered) >0) {
vmdebug('model Waitinglist adduser product available');
return false;
}
It helped to use CAPTCHA on "Notify Me." Before, I had many fake users on the waiting list. CAPTCHA put an end to this as soon as it appeared on the page. I assume Milbo's fix will appear in the next release of VirtueMart.