Author |
Topic |
|
Mark Priest
VP-CART Expert
United Kingdom
580 Posts |
Posted - January 19 2007 : 09:40:34
|
Hi There,
We are seeing an increasing ammount of SPAM posts being posted for reviews of product accross all our stores.
I think something needs to be done to stop or reduce this immediately.
Firstly.
Do not allow the posting of HTML in reviews STRIP the code out. Secondly, only allow registered users to review products. This makes sense anyway really.
Anyone else got any comments on this.
Regards,
Mark |
|
elammers
VP-CART Super User
USA
256 Posts |
Posted - January 19 2007 : 10:33:13
|
I think there are many possible solutions to this and probably none are a global solution for everyone. So maybe we can all list various ideas here for different situations. I have seen weird spam type emails that look like they are attacking one of our carts' reviews system too.
SOLUTION #1 - block by IP For that particular cart, the merchant only sold to US and Canada, and when I check the web logs, it looked like the attack was coming from various Asian countries like China and Taiwan. Therefore I simply edited the .HTACCESS file to deny access by IP of those specific areas. Helpful site to decipher IP locations: http://www.ip2location.com/free.asp
Regards,
Eric in Maine |
|
|
support
Administrator
4679 Posts |
Posted - January 21 2007 : 03:39:58
|
Hi Mark,
In version 650 we have included a check to see if it is a bot adding the post or not. The user needs to type in the letters from the image to prove it a real person making the post.
Thanks Cam
VP-ASP Support |
|
|
Mark Priest
VP-CART Expert
United Kingdom
580 Posts |
Posted - January 21 2007 : 18:48:23
|
Hi Cam.
Thats great, but I don't thin kits just bots, its actual people too, so other prevention measures would be good.
Eliminating HTML straight away would stop 99% of these posts, they only do it to link to other sites. and i dont see any reason to need to post HTML in reviews.
Regards,
Mark |
|
|
BILLCAT
Starting Member
USA
40 Posts |
Posted - January 22 2007 : 12:52:11
|
Cam
How do we activate the image encryption you mentioned above?
your said"The user needs to type in the letters from the image to prove it a real person making the post."
Thanks Bill |
|
|
support
Administrator
4679 Posts |
Posted - January 22 2007 : 16:39:48
|
We are working on making this a module currently for version 6093.
It will not unfortunately be available for earlier versions as it involves changes to too many core files as it affects not just reviews but also contact pages and really anywhere submissions can be made.
It will be available out of the box in version 650.
Thanks Cam
VP-ASP Support |
|
|
Mark Priest
VP-CART Expert
United Kingdom
580 Posts |
Posted - January 22 2007 : 17:00:43
|
Hi Cam,
Thats great news.
Can anyone shed any light on the code to strip HTML from the posts, im sure this would be very easy to impliment.
Regards,
Mark |
|
|
BILLCAT
Starting Member
USA
40 Posts |
Posted - February 01 2007 : 22:03:26
|
I have added image verification to the reviews section of vpasp 6.093 and it seems to have stopped the spam reviews
see link below http://www.essentialsbycatalina.com/shop/shopsreviewadd.asp?id=25
vpasp used captcha for the verification script and is available from their download area if you have a purchased copy of vpasp.
Note: That it only works with version 6.093 and will be part of the up and coming v6.50.
Also note : that the instructions from vpasp on istall is missing soem instruction, in additionif you have modified yoru original files you are best to manually copy the new code into your files instead of just replacing them with the update files you get viw the vpasp email.
Let me know if you have questions. |
|
|
Mark Priest
VP-CART Expert
United Kingdom
580 Posts |
Posted - February 09 2007 : 09:37:02
|
Can someone point me in the direction of the download, i cant find it.
Regards,
Mark http://www.fireworkcrazy.com |
|
|
extremeskillz
VP-CART New User
USA
94 Posts |
Posted - February 09 2007 : 11:44:10
|
me neither. |
|
|
BILLCAT
Starting Member
USA
40 Posts |
Posted - February 09 2007 : 22:53:39
|
GOTO THE FOLLOWING LINK
http://www.vpasp.com/sales/addons600.asp
AND SELECT "CAPTCHA email form validation"
Enter your order # and email and they will send it to you via email within minutes, instructions are included. Remember if you have customized your cart and is now different from the original then it would be best to use a program like winmerge and migrate the changes from the captcha files you get from vpasp to your own files. I mean customized like you have changed the code inside the asp files, not talking about setting features in admin. If you have not customized the code then just copy the files vpasp send you over yours. Always a good idea to backup everything first.
In addition If you only want to add captcha to the reviews area then all you need to update is the shopreviewadd.asp file and the shop$db.asp . Ofcoarse you also need to upload the captcha folder vpasp sends you to your shop folder on the server. If you want captcha to work for all areas like contact us, tell a friend, etc then just do all the files they give you.
** The most important thing to remember is that the captcha will only work with vpasp version 6.093. If you want to wait for version 6.50, VPASP tells me it should be out in a couple of months and Captcha is already built in.
P.S. I am working on the extra code for captcha that will allow a customer to hear the code from their speakers, that way it will allow visually impaired persons to hear the code. That should also satisfy the other users out here that think captcha is wrong for us to use, just because they don't have a spamming problem and have the time to bring it up. The rest of us suffer with endless manual deleted of spam in our reciews. I have had no more spam reviews since i put in captcha.
Bill |
|
|
anathanson
Starting Member
31 Posts |
Posted - November 10 2008 : 17:59:58
|
Sadly, I'm noticing spam reviews coming in, even though we have 6.5 with captcha on. Anyone else experiencing this? I'm thinking that the spammers have either cracked the simple captcha in use, or it's a live spammer going in and posting. Seems automated though, always on the same product and usually the same time of day.
Any thoughts? |
|
|
|
Topic |
|