registration spam

  • Posts: 31
  • Thank you received: 0
6 years 1 month ago #287030

-- url of the page with the problem -- : www.bjdiscount.com
-- HikaShop version -- : 3.2.2
-- Joomla version -- : 3.8.4
-- PHP version -- : 5.6.32
-- Browser(s) name and version -- : Chrome

I'm getting dozens of new users from .ru, .pl, and yandex email addresses.

How do I stop user registration spam?


^jasonhoblin

Please Log in or Create an account to join the conversation.

  • Posts: 25994
  • Thank you received: 4004
  • MODERATOR
6 years 1 month ago #287034

Hello,

It's not possible like that to know from where the accounts are created since Joomla also have a registration system.
So I would suggest you to add captcha also in HikaShop, but if it's coming from the Joomla registration (if it's bots, it's more likely), unfortunately we can't be helpful.

Regards,


Jerome - Obsidev.com
HikaMarket & HikaSerial developer / HikaShop core dev team.

Also helping the HikaShop support team when having some time or couldn't sleep.
By the way, do not send me private message, use the "contact us" form instead.

Please Log in or Create an account to join the conversation.

  • Posts: 27
  • Thank you received: 3
5 years 5 months ago #298685

Came across this post while looking for solution to a similar issue.
Not only did we implement recaptcha but also installed joomla addon "spambotcheck"

Works well for us as we have eliminated spam registrations.

Please Log in or Create an account to join the conversation.

  • Posts: 31
  • Thank you received: 0
5 years 5 months ago #299019

yesh. adding recaptach worked.


^jasonhoblin

Please Log in or Create an account to join the conversation.

  • Posts: 148
  • Thank you received: 21
  • Hikashop Business
1 year 5 months ago #345966

Hi,

Since yesterday only, we have a lot of new user registrations that are the result of spam bots.

I have the ReCaptcha plugin up to date and I don't have the problem on my contact forms, just at registration. I had this problem before I installed this plugin, but it was a while ago and it was fixed when we installed it.
I don't understand why since yesterday it doesn't seem to work as well.

Do you have any idea what I could do to avoid this?
Because with the Hikashop plugin I can just choose between the invisible captcha or the checkbox (with the same problem), but I don't know if it's possible to do otherwise (Force the display of images, Captcha V3, Honey Pot, etc.).

At the moment I'm just trying to block some IP addresses, but it's not a permanent solution.

Thanks in advance for your help.

Please Log in or Create an account to join the conversation.

  • Posts: 81361
  • Thank you received: 13037
  • MODERATOR
1 year 5 months ago #345967

Hi,

Captcha is becoming more and more obsolete:
www.kasada.io/captcha-is-obsolete/
We also have the ReCaptcha plugin on our website and had to put in place other measures to prevent spam registrations (and even then, we still have some).

A solution like this is probably more effective and can complement the recaptcha plugin:
www.joomlashack.com/joomla-extensions/ospam-a-not/
This plugin works for both Joomla and HikaShop and is free.
Finally, another solution is this : extensions.joomla.org/extension/access-a.../easycalccheck-plus/
This integrate with 3rd party services to check if the email address being used has already been flagged as fake and if so, it directly cancel the registration. This works for Joomla, HikaShop, etc, any extension with registration on a Joomla website.

The following user(s) said Thank You: FDBI

Please Log in or Create an account to join the conversation.

  • Posts: 148
  • Thank you received: 21
  • Hikashop Business
1 year 5 months ago #345994

Hi,

Thanks for your answer.

1)
Yes I had seen on another post that 'ospam a not' was recommended.
Does it work well with the Hikashop plugin?
Because I'm using Hikashop customers' Joomla registration and I was afraid it wouldn't work with it.

I would like everything to happen here: www.imprimante3dfrance.com/fr/hikashop-m...gistration/user/form

At the very beginning I had just put the Captcha v2, but without the Hikashop plugin it didn't appear there. I also wanted to put a 'Honey Pot', but it didn't show up here either.
And if it was the same for the other 'ospam a not', etc.; it might not work.

2)
At the moment, the unwanted registrations seem to follow a certain pattern.
Is it possible to add rules to the registration? Rather a server check after registration that would cancel the registration if the 'last name = first name' for example.
I think this requires more of a modification on the Joomla side, I'll have to look into it but if you have any ideas I'd love to hear them.

Thank you.

Please Log in or Create an account to join the conversation.

  • Posts: 148
  • Thank you received: 21
  • Hikashop Business
1 year 5 months ago #346004

3)
So I tried to create a plugin to handle this, but I can't get it to work.
It installs fine, but I don't think it's taken into account:
I'm just trying to block all account creations for the moment.

This message contains confidential information

Last edit: 1 year 5 months ago by FDBI.

Please Log in or Create an account to join the conversation.

  • Posts: 4486
  • Thank you received: 609
  • MODERATOR
1 year 5 months ago #346000

Hello,

1. I've never tried it myself but no one reported it didn't work with HikaShop. And I don't see a reason why it wouldn't.

2.For the last name, you could use a regular expression:



3. $do = false needs to be uncommented.
Also, the plugin needs to be enabled in the Joomla plugins manager.
Also, by the time onAfterUserCreate is called, the Joomla user account is already created. Your plugin will prevent HikaShop from adding the corresponding entry in hikashop_user but you'll already have the entry in the joomla users table and that's normal since we need the id from Joomla to store it in the user_cms_id column of hikashop_user.
What you should do is a joomla user plugin and use the Joomla event to cancel the registration:
docs.joomla.org/Plugin/Events/User#onUserBeforeSave
Since HikaShop uses the Joomla library to create the user account, the normal Joomla event will be called. And if the Joomla user fails, HikaShop will cancel the whole registration.

Hope this will help you to achieve your needs
Regards

Last edit: 1 year 5 months ago by nicolas.
The following user(s) said Thank You: FDBI

Please Log in or Create an account to join the conversation.

  • Posts: 148
  • Thank you received: 21
  • Hikashop Business
1 year 5 months ago #346019

Thanks a lot, I'm going to look at this.

For the 2) point, I explained it wrong, I meant that these registrations had a name identical to the first name.
Example: firstname = 'CesarFeago' and lastname = 'CesarFeago'

Please Log in or Create an account to join the conversation.

  • Posts: 148
  • Thank you received: 21
  • Hikashop Business
1 year 5 months ago #346058

Hi,

I am coming back to you, to get your opinion on the best method (and the most durable) to apply in my case:

Situation :
- I need to apply specific rules to determine whether a person can register or not.
- I want to use fields that is used on Hikashop (e.g. address_street, address_vat, etc.)
Example : I want to block the registration if user use the same value in 'address_street', 'address_telephone' and 'adress_vat'

Problems (correct me if I am wrong) :
If I use a custom Joomla plugin, I do not have access to these fields (address_street, address_vat, etc.)
If I use a custom Hikashop plugin, I can't block the Joomla registration which is done before.

What I have done:
I use an override here: [...]\templates\{MYTEMPLATE}\html\com_hikashop\administrator\classes\user.override.php
In which I changed the 'register' function by adding my rules and a 'return false;' before the position corresponding to line 722 of the original file here:

// MY RULES - BEGIN
// [...] Return false if match
// MY RULES - END
                        if( !$user->save() ) {
				$ret['status'] = false;
				$ret['messages'][] = array(JText::_( $user->getError() ), '');
				return $ret;
			}

Is this the right way?
Is it possible (and better) to create a plugin rather than use an override in my case?

Thank you.

Please Log in or Create an account to join the conversation.

  • Posts: 81361
  • Thank you received: 13037
  • MODERATOR
1 year 5 months ago #346059

Hi,

If I use a custom Joomla plugin, I do not have access to these fields (address_street, address_vat, etc.)

That's incorrect. In a Joomla user plugin using the onUserBeforeSave event, you have the data of the address available in $_POST. In
$_POST['data']['address']['xxx']
where xxx is the column name of the custom field.

If I use a custom Hikashop plugin, I can't block the Joomla registration which is done before.

That's also incorrect. That's true if you use the event onAfterUserCreate but not if you use the event onBeforeHikaUserRegistration(&$ret, $input_data, $mode) for which you have the address data in
$ret['addressData']->xxx
where xxx is the column name of the custom field. And you can cancel the registration with such line:
$ret['status'] = false;

An override is fine too, but it's better to do a plugin. With an override of the class, you won't have the modifications we make in the core file in the future. And for class.user we usually always have a modification here and there as it's one of the main files of HikaShop.
Also, in your override instead of returning false, you should return $ret with
$ret['status']
set to false like whan the save call fails

Last edit: 1 year 5 months ago by nicolas.
The following user(s) said Thank You: FDBI

Please Log in or Create an account to join the conversation.

  • Posts: 148
  • Thank you received: 21
  • Hikashop Business
1 year 5 months ago #346080

Hi,

Sorry, I was far from understanding.
Thank you for all these very clear informations that will allow me to progress.

I think that with all these, I should be able to set up a plugin.

Thanks again for your help!

Please Log in or Create an account to join the conversation.

Time to create page: 0.100 seconds
Powered by Kunena Forum