News:

You may pay someone to create your store, or you visit our seminar and become a professional yourself with the silver certification

Main Menu

Notify me spam

Started by Slavomir, January 17, 2025, 17:59:17 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions

Slavomir

January 17, 2025, 17:59:17 PM Last Edit: January 17, 2025, 18:36:35 PM by Slavomir
Hello

For the past three months, I've had problems with fake users signing up for the waitlist through the "Notify Me" function. This only affects two out of about 90 products. These two products are not sold out, and the "Notify Me" button does not appear on the page. They are probably just using the URL link to the "Notify Me" product page. Every day I have to manually delete users from the waitlist directly in the database. I've tried searching the forum to see if anyone is experiencing something similar. Without success. What can I do to fix this?

This is what it looks like in the server's error log:

192.42.116.195 - - [16/Jan/2025:21:22:56 +0100] "GET /index.php/shop/product-detail?layout=notify HTTP/1.1" 200 40995 "https://mysite.com/index.php/shop/product-detail?layout=notify" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:29.0) Gecko/20100101 Firefox/29.0"

192.42.116.195 - - [16/Jan/2025:21:22:57 +0100] "POST /index.php/shop/b-w-photopaper/product-detail HTTP/1.1" 303 - "https://mysite.com/index.php/shop/product-detail?layout=notify" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:29.0) Gecko/20100101 Firefox/29.0"

Joomla 5.2.3
Virtuemart 4.4.4
PHP 8.2

Best Slavomir

Milbo

#1
January 18, 2025, 21:12:48 PM
What about?
"
Allow guests to send a recommendation, ask a question, ask a price
Yes
No
only customers
"

in the config. Only customers should stop this. do you use captcha?
Should I fix your bug, please support the VirtueMart project and become a member
______________________________________
Extensions approved by the core team: http://extensions.virtuemart.net/

hazael

#2
January 18, 2025, 22:23:56 PM
One of the main issues is that bots or malicious users can directly access the "Notify Me" URL without going through the product page. You can block this behavior using .htaccess rules:

Code Select
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTP_REFERER} !^https://mysite.com/index.php/shop/product-detail [NC]
RewriteRule ^index.php/shop/product-detail\?layout=notify$ - [F,L]
</IfModule>

Slavomir

#3
January 19, 2025, 00:21:02 AM
Thank you but your code didn`t worked. It didn`t blocked /index.php/shop/product-detail?layout=notify. Is it other way to block it?

It would be nice to be able to use captcha on "notify" me form. I use Aimy Captcha-Less Form Guard. Works fine on other forms. Not on notify me.

Jumbo!

#4
January 19, 2025, 15:16:51 PM
Open - administrator/components/com_virtuemart/virtuemart.cfg

Scroll to the bottom of the file and add the following to the end.

Code Select
notify_captcha=1
Next, go to VirtueMart Configuration and click the save button to update the configuration.

Now, the captcha should work.

Slavomir

#5
January 19, 2025, 22:26:16 PM
Yes, it worked. Thank you Jumbo.

Best
Slavomir

Slavomir

#6
January 19, 2025, 22:40:00 PM
I had to put
<?php echo shopfunctionsF::renderCaptcha('notify_captcha'); ?>
i notify.php to make it work.

hazael

#7
January 20, 2025, 00:53:51 AM Last Edit: January 20, 2025, 01:00:41 AM by hazael
Quote from: Slavomir on January 19, 2025, 00:21:02 AMThank you but your code didn`t worked. It didn`t blocked /index.php/shop/product-detail?layout=notify. Is it other way to block it?
It's obvious that the code couldn't work if you copied it - the code is an example and you need to adapt it to your website



Reminder: If you implement Google reCAPTCHA on your website, be aware that it tracks your visitors by collecting behavioral data, IP addresses, and browser details. Under privacy regulations like GDPR and CCPA, this means you must display a consent banner informing users about tracking and data collection before reCAPTCHA is activated. If you want a privacy-friendly alternative, consider hCaptcha or Cloudflare Turnstile instead.

Slavomir

#8
January 20, 2025, 01:45:27 AM
Aimy Captcha-Less Form Guard

Milbo

#9
January 20, 2025, 14:01:26 PM
I wonder, what is the idea to add emails to this list? How can this be misused? Current new fixes are

Code Select
if(VmConfig::get('stockhandle', 'none') != 'disableadd') return; on top of the notifycustomer function

and I replaced the "notify_captcha" against "ask_captcha". So it should work if you enable the captcha in the vm config per gui for "ask a question", "recommend product"

and I added this to adduser function

Code Select
if(empty($data['virtuemart_product_id'])) {
vmdebug('model Waitinglist adduser no product id given');
return false;
}

$pModel = VmModel::getModel('product');
$product = $pModel->getProduct($data['virtuemart_product_id']);
if( ($product->product_in_stock - $product->product_ordered) >0) {
vmdebug('model Waitinglist adduser product available');
return false;
}
Should I fix your bug, please support the VirtueMart project and become a member
______________________________________
Extensions approved by the core team: http://extensions.virtuemart.net/

Slavomir

#10
Yesterday at 10:02:04 AM
It helped to use CAPTCHA on "Notify Me." Before, I had many fake users on the waiting list. CAPTCHA put an end to this as soon as it appeared on the page. I assume Milbo's fix will appear in the next release of VirtueMart.
Print
Go Up Pages1
User actions