Geek Answers Handbook

How to Prevent Spam Reviews in Magento

In our Magento store, we watch a series of reviews of spam products. I recently installed the Fontis reCaptcha extension to add the reCaptcha form to the feedback form. In all my tests, this works great. A โ€œrealโ€ user cannot submit a form without filling in the reCaptcha part. However, this did not fix the problem. We still get spam reviews. Interestingly, these spam reviews also do not have a star rating. One way or another, these spam bots can provide an overview without any necessary information and completely bypass the reCaptcha code. Any thoughts on how I can fix this?

I also tried to create a simple script that would send form fields to view the form URL in an attempt to bypass the logic (see below). I either canโ€™t make it work, or it just canโ€™t be done, but I am always redirected to the "Please enable cookies" page.

Verification of the submission of the verification form

<?php $curl_connection = curl_init('http://my.domain.com/review/product/post/id/2587/'); curl_setopt($curl_connection, CURLOPT_CONNECTTIMEOUT, 30); curl_setopt($curl_connection, CURLOPT_USERAGENT, "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"); curl_setopt($curl_connection, CURLOPT_RETURNTRANSFER, true); curl_setopt($curl_connection, CURLOPT_SSL_VERIFYPEER, false); curl_setopt($curl_connection, CURLOPT_FOLLOWLOCATION, 1); $post_data = array(); $post_data['ratings[5]'] = '21'; $post_data['nickname'] = 'mynick'; $post_data['title'] = 'my title'; $post_data['detail'] = 'My Review Content'; $post_items = array(); foreach ( $post_data as $key => $value) { $post_items[] = $key . '=' . $value; } $post_string = implode ('&', $post_items); curl_setopt($curl_connection, CURLOPT_POSTFIELDS, $post_string); $result = curl_exec($curl_connection); echo "Curl Info:<br><pre>"; print_r(curl_getinfo($curl_connection), true); curl_close($curl_connection); echo "<br>Result:<br>" . htmlentities($result) . "</pre><br>"; ?>
+4
source share
4 answers

Testing Review Submit is easier with Varien_Http_Client (Zend_Http_Client)

 include 'app/Mage.php'; Mage::app(); //for autoloading:) $client = new Varien_Http_Client('http://your-url.com/review/product/post/id/2/'); $client->setMethod(Varien_Http_Client::POST); $client->setParameterPost('nickname', 'test'); $client->setParameterPost('detail', 'detail'); $client->setParameterPost('title', 'test'); $client->setCookie('test'); $client->setCookieJar(true); /** @var $response Zend_Http_Response */ $response = $client->request(); echo $response;

Without reCaptcha, it adds a review.

Now that you have loaded the reCaptcha fontis module (version 2.3.1), it returns an error with the wrong reCaptcha.

If you are using the same version of this module and the same version of Magento (1.6.2.0), I would think of looking in the server log for the "evil" POST request and examining the entry point.

0
source

I ended up implementing Akismet anti-spam code in the Fontis reCaptcha extension, and this seems to have eliminated all spam reviews. One way or another, bots can bypass the reCaptcha check. I still do not understand how, but I think that what separates hackers from guys like me is just trying to save the site and work ...

0
source

Try our free ET_Reviewnotify module. It has a function that refuses spam bots without capcha.

-one
source

I developed an extension using the default form in Magento to submit a review. He then submits the content to Mollom, which is similar to Akismet. Then the content is analyzed, and if the content is interpreted as spam, I then force the user to enter a password in the next step to allow the "real" user to verify their reality. This approach may allow spam, although if the service does not detect it correctly, itโ€™s easier for users in practice. I did not pack the code together, but I can offer it on Magento Connect if I find sufficient demand for such a product.

-one
source

More articles:


All Articles