News:

Looking for documentation? Take a look on our wiki

Main Menu

All of Sudden Getting Lots of Bot Registrations

Started by MAD King, August 01, 2024, 15:20:48 PM

Previous topic - Next topic

MAD King

it since I updated to Joomla version 4.4.6 and VM 4.2.16 11030, I am getting lots of bot registrations.
I have recaptcha on and it worked before updating. No bot registrations then.
Joomla! 4.4.5
VirtueMart 4.2.12 11012

Roderic


iWim

;D
Anyway...

Is reCaptcha displayed at all?
Does it work in other places, like Contact form?
Do you see errors in Console of your browsers dev tools?


MAD King

Is reCaptcha displayed at all? No I do not see any reCaptcha, but it is enabled.
Does it work in other places, like Contact form? Yes.
Do you see errors in Console of your browsers dev tools? No
Joomla! 4.4.5
VirtueMart 4.2.12 11012

iWim

Quote from: MAD King on August 02, 2024, 17:46:48 PMIs reCaptcha displayed at all? No I do not see any reCaptcha, but it is enabled.
Is it also enabled in VM configuration?
Components > VirtueMart / Configuration / tab:Shop

Use ReCaptcha for Registration? Yes/No

hazael

#5
It is worth completely abandoning Google products such as reCaptcha or Analytics. These scripts significantly slow down page generation and additionally require consent to confirm cookies from companies outside the European Union

I don't use any reCaptcha script and I don't have any spam. Robots do not create accounts themselves - someone simply has the address to your form in their database and thus registers new accounts remotely.
You can register a new user directly in the cart, which will be activated only after selecting the products. If you don't want to do this, you can make the registration public under a custom-generated SEO link, which can be changed from time to time.

You can also find the IP addresses from which spam is sent in the server logs. Check the time of account registration and in the logs with the same time you will certainly find an IP that you can block. Alternatively, create a hidden field in the form to collect IP addresses, which you can easily block ;-)

They spam this forum in the same way using an application that has access to this place. The spammer has thousands of addresses collected for such forums and forms. All you need to do is change the links and the spam will disappear, because no one really wants to update it all on a regular basis - it's too much work

fotonio

#6
I dont think that this will work because it doesnt matter what menu link you make the registration is always accessible through domain/index.php?option=com_users&view=registration

Blocking ip's also is not an option because they change all the time. Spammers dont use static ips.

I have the same problem in two sites in two different servers.

hazael

#7
Blocking a single IP address makes no sense, but you can block an entire class or the entire server from which this spam comes to you. If you are concerned about blocking potential customers, block IP only for POST connections.

No one spams me, even though they i don't use any captchas. Just look at the server logs, catch the spam IP address and effectively block the entire server from which spam is sent. You only block POST connections.

<Limit POST>
   Order Allow,Deny
   Allow from all
   Deny from xxx.xxx.xxx.
</Limit>

practically this way you can cut off the entire shitty Soviet Union and not worry about anything