Posting in the Magento forums has been disabled pending the implementation of a new and improved forum solution which should better serve the community.

For new questions please post at magento.stackexchange.com, the community-run support site for the Magento community. We will be providing updates on the new forum solution soon. For questions or concerns please email community@magento.com.

Magento Forum

SPAM problem with review form
 
Martin
Guru
 
Avatar
Total Posts:  445
Joined:  2007-08-31
Brno | London | Los Angeles
 

Today while backing up my database I’ve found out, that some spam bot from Romania targeted my site with regular every day spam attack through review form of my two products. There were some 1800 pending reviews full of spam trash ... Here are just three random lines from apache log:

193.200.50.225 - - [31/Aug/2008:00:58:35 +0200] "POST /review/product/post/id/253/ HTTP/1.1" 302 "http://www.anothercaffeinatedday.com/blog/default/moblog/2008/07/20/14-550-2359.html, http://www.cooldoc.ch/printable/gaestebuch/index.php?action=form, http://www.d-c-m.cz/review/product/list/id/253/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; MyIE2; Maxthon)" www.d-c-m.cz 80 - - 
193.200.50.225 - - [31/Aug/2008:01:40:00 +0200] "POST /review/product/post/id/252/ HTTP/1.1" 302 "http://igrzyska.blox.pl/2008/07/Wspomnienia-Monachium-1972.html, http://hotrose.web-log.nl/family_hotrose/2008/05/museum-kranen-3.html, http://hotrose.web-log.nl/family_hotrose/2008/05/museum-kranen-5.html, http://www.d-c-m.cz/review/product/list/id/252/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; MyIE2; Maxthon)" www.d-c-m.cz 80 - -
193.200.50.225 - - [31/Aug/2008:01:56:49 +0200] "POST /review/product/post/id/252/ HTTP/1.1" 302 "http://mainokai.com/cgi-bin/guest/aska.cgi?, http://www.xszart.com/mx/board/index.asp?action=Add_New, http://gavrila.blogonline.ru/1321.html?replyto=3369, http://1jukujo.4.dtiblog.com/blog-entry-1316.html, http://www.d-c-m.cz/review/product/list/id/252/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; MyIE2; Maxthon)" www.d-c-m.cz 80 - -

I have banned this IP in my .htaccess file, but it would be really nice if Magento had some better security measures, like:

1. possibility to enable / disable reviews for guest users,
2. CAPTCHA implementation,
3. AKISMET integration.

And the same applies also to the contact form. Is there any serverside validation available while processing data sent by contact form? Or only javascript does the job? Javascript is not enough as it’s easy to bypass, there should be serverside validation of every input that any visitor try to send through Magento out ...

 
Magento Community Magento Community
Magento Community
Magento Community
 
Darren E
Member
 
Avatar
Total Posts:  54
Joined:  2008-05-23
The Woodlands, Texas
 

I’m experiencing the same issue(s) - I don’t have the time to constantly check logs so I can block IP addresses and my client is complaining of lots of SPAM e-mails coming through her contact form.

Is there a fix for this? I’m curious to know!

 
Magento Community Magento Community
Magento Community
Magento Community
 
brianpat
Member
 
Total Posts:  44
Joined:  2008-04-05
 

Hi,
Look at http://www.magentocommerce.com/boards/viewthread/11022/ for captcha integration

 
Magento Community Magento Community
Magento Community
Magento Community
 
J_T_
Mentor
 
Avatar
Total Posts:  1961
Joined:  2008-08-07
London-ish, UK
 

Perhaps it’s time for Akismet for Magento. Works wonders for blog comments and as a forum plugin.

 
Magento Community Magento Community
Magento Community
Magento Community
 
Alouette
Jr. Member
 
Total Posts:  24
Joined:  2008-05-23
 

I have banned this IP in my .htaccess file, but it would be really nice if Magento had some better security measures, like:

1. possibility to enable / disable reviews for guest users,

I know this is a bit old, but this is actually now already in the newest version of magento…

 
Magento Community Magento Community
Magento Community
Magento Community
 
reaktion
Member
 
Total Posts:  48
Joined:  2009-02-16
 

Hi guys,
I have just started to experience this problem too. Thankfully I moderate all the reviews, i would hate to think what would happen if i didn’t!
I’m running Magento 1.3.1 should they automatically be removed?
cheers

 
Magento Community Magento Community
Magento Community
Magento Community
 
centerax
Sr. Member
 
Avatar
Total Posts:  90
Joined:  2008-09-10
Montevideo, Uruguay
 

Hi,

I have developed an extension that uses the Akismet API to filter SPAM at the Contact US form and product reviews.

You can check it here

Your feedback is very welcome!

Thanks!

 
Magento Community Magento Community
Magento Community
Magento Community
 
gpcola
Sr. Member
 
Total Posts:  97
Joined:  2009-10-05
 
centerax - 30 October 2009 12:48 PM

Hi,

I have developed an extension that uses the Akismet API to filter SPAM at the Contact US form and product reviews.

You can check it here

Your feedback is very welcome!

Thanks!

Working perfectly with 1.5.1.0 wink Thank you

 
Magento Community Magento Community
Magento Community
Magento Community
 
Miller1975
Jr. Member
 
Total Posts:  2
Joined:  2012-09-18
 

Hi,

after some research i found a nice free extension which works with Akismet, so no CAPTCHA is needed!

take a look at: Magento spam protection

Its free and works like a charm!

 
Magento Community Magento Community
Magento Community
Magento Community
 
AshleyMac
Jr. Member
 
Total Posts:  1
Joined:  2013-03-07
 

How do you set it up to manage reviews?

 
Magento Community Magento Community
Magento Community
Magento Community
 
jasonyohon
Jr. Member
 
Total Posts:  3
Joined:  2012-12-23
 

Here’s a little php script that will delete pretty much all the spam reviews in your shop. This took me a while to figure out so I am sharing it. It is really helpful in cleaning out piles of spammy reviews. Use at your own risk. It will delete all reviews with a URL (specifically “http” in the title or detail of the review.)

Use at your own risk.  If you aren’t familiar with mysql then this probably isn’t for you.

Test the output first to see what it will select:

select t1.* from review t1 join review_detail t2 on t1.review_id t2.review_id where t2.`detailLIKE '&#xht;tp%'
select t1.* from review t1 join review_detail t2 on t1.review_id t2.review_id where t2.`titleLIKE '&#xht;tp%'

If everything is cool, run delete them:

delete t1.* from review t1 join review_detail t2 on t1.review_id t2.review_id where t2.`detailLIKE '&#xht;tp%'
delete t1.* from review t1 join review_detail t2 on t1.review_id t2.review_id where t2.`titleLIKE '&#xht;tp%'
 
Magento Community Magento Community
Magento Community
Magento Community
 
moomoo
Sr. Member
 
Avatar
Total Posts:  192
Joined:  2009-07-10
 

I made an extension which so far is working well to stop all contact form and product review spam in Magento.

It’s free, check it out smile

 
Magento Community Magento Community
Magento Community
Magento Community
Magento Community
Magento Community
Back to top