Preventing direct access to the VirtueMart Shopper Registration Page

Started by ellisvelo, October 02, 2013, 19:47:21 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions

ellisvelo

October 02, 2013, 19:47:21 PM
Hello,

I'm not sure if this is a problem or not, but I've noticed that some users are accessing the VM Shopper Registration Page Directly instead of using a Joomla Login. The users are able to register additional shoppers and also attempt code injection attacks. Is there a way to prevent this? I can reproduce the issue with the VirtueMart demo site. Thanks for your help.

Joomla: 2.5.14
VirtueMart: 2.0.24

AH

#1
October 03, 2013, 09:40:08 AM
 :'(

This has been an issue even in VM1

Many people created their own unique hacks to try and prevent the bots doing this.

Can any dev comment on preventing bot registrations and then attempts to do an SQL injection after registration?
Regards
A

Joomla 4.4.5
php 8.1

Maxim Pishnyak

#2
October 03, 2013, 17:32:26 PM
For bots - Easy Calc Check Plus, for injection attempts - ignoring them or using some antihack stuff from JED.
You can support Community by voting for Project on the JED
https://extensions.joomla.org/extension/virtuemart/#reviews
Join us at
https://twitter.com/virtuemart

AH

#3
October 03, 2013, 18:11:28 PM
Thanks Maxim

Captcha easycalc has been mentioned before
JED for may might help them fend of injection.

I like the idea of ignoring sql attempts  :o
Regards
A

Joomla 4.4.5
php 8.1

ellisvelo

#4
October 05, 2013, 16:51:24 PM
I modified com_virtuemart/views/user/tmpl/edit.php to disable the direct registration. It looks like VM uses another page to register users on checkout so I didn't see any negative side effects. Is there any functionality that I'm losing by commenting out the direct VM registration?

--- components/com_virtuemart/views/user/tmpl/edit.php.orig   2013-10-04 12:48:33.000000000 -0500
+++ components/com_virtuemart/views/user/tmpl/edit.php   2013-10-04 08:49:10.000000000 -0500
@@ -54,7 +54,7 @@
<?php echo shopFunctionsF::getLoginForm(false); ?>

<h2><?php if($this->userDetails->virtuemart_user_id==0) {
-   echo JText::_('COM_VIRTUEMART_YOUR_ACCOUNT_REG');
+        //echo JText::_('COM_VIRTUEMART_YOUR_ACCOUNT_REG');
}?></h2>
<form method="post" id="adminForm" name="userForm" action="<?php echo JRoute::_('index.php?view=user',$this->useXHTML,$this->useSSL) ?>" class="form-validate">
<?php if($this->userDetails->user_is_vendor){ ?>
@@ -84,7 +84,7 @@
     shopFunctionsF::buildTabs ( $this, $tabarray);

  } else {
-    echo $this->loadTemplate ( 'shopper' );
+      //echo $this->loadTemplate ( 'shopper' );
  }

/*
Print
Go Up Pages1
User actions