Organizational Research By

Surprising Reserch Topic

how to prevent spam reviews in magento


how to prevent spam reviews in magento  using -'php,forms,magento,recaptcha,spam'

We have been seeing a number of spam product reviews in our Magento store.  I recently installed the Fontis reCaptcha extension to add a reCaptcha form to the reviews form.  In all my testing, this works great.  A "real" user can't submit the form without filling out the reCaptcha portion.  However, this hasn't fixed the problem.  We are still getting spam reviews.  Interestingly, these spam reviews also don't have a star rating.  Somehow, these spam bots are able to submit a review without all the required information and completely circumventing the reCaptcha code.  Any thoughts on how I can fix this?

I also tried creating a simple script that would submit the form fields for a review to the form's action URL in an attempt to bypass the logic (see below).  I am either unable to get it to work or it simply can't be done, but I always get redirected to a "Please enable cookies" page.

Review Form Submission Test

<?php
$curl_connection = curl_init('http://my.domain.com/review/product/post/id/2587/');

curl_setopt($curl_connection, CURLOPT_CONNECTTIMEOUT, 30);
curl_setopt($curl_connection, CURLOPT_USERAGENT, "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)");
curl_setopt($curl_connection, CURLOPT_RETURNTRANSFER, true);
curl_setopt($curl_connection, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($curl_connection, CURLOPT_FOLLOWLOCATION, 1);

$post_data = array();
$post_data['ratings[5]'] = '21';
$post_data['nickname'] = 'mynick';
$post_data['title'] = 'my title';
$post_data['detail'] = 'My Review Content';

$post_items = array();

foreach ( $post_data as $key => $value)
{
    $post_items[] = $key . '=' . $value;
}
$post_string = implode ('&', $post_items);

curl_setopt($curl_connection, CURLOPT_POSTFIELDS, $post_string);

$result = curl_exec($curl_connection);

echo "Curl Info:<br><pre>";
print_r(curl_getinfo($curl_connection), true);


curl_close($curl_connection);

echo "<br>Result:<br>" . htmlentities($result) . "</pre><br>";
?>

    
asked Oct 13, 2015 by gauravg.gwl
0 votes
4 views



Related Hot Questions



Government Jobs Opening


...