OpenCart Community

I am running a website using opencart 2.3.0.2 and I've recently had an issue with hundreds of testimonials being sent to my website that need to be approved. These consist of random letters, numbers and symbols and my son has suggested they might be some sort of sql injection attempt.

After the first batch were received about a week ago , I disabled the ability to add testimonials and thought that this would resolve the problem. Despite this change, I have another batch of several hundred appear today in my admin panel as needing to be approved.

I would appreciate any advice on how I can stop these from being submitted, and if it is possible to delete them from the backend of the site, as there are over 600 showing as waiting to be approved, and there doesn't seem to be any option to delete them.

Are you talking about the built in OpenCart reviews or an extension that adds testimonials?

Have you tried enabling a CAPTCHA?

ADD Creative wrote: ↑

Mon Nov 04, 2024 5:25 pm

Are you talking about the built in OpenCart reviews or an extension that adds testimonials?

Have you tried enabling a CAPTCHA?

Try installing these two scripts as they will help:

Ninja Firewall
https://nintechnet.com/ninjafirewall/pro-edition

The free version of Ninja Firewall is fine.

Cidram
https://github.com/CIDRAM/CIDRAM

Not perfect but gives valuable extra protection.

I disabled the built in reviews option which had CAPCHA enabled after the first incident, but I've just realised that I also had a separate testimonials extension on the site, that I've now also disabled. It's probably this extension that has been used to add the testimonials.

Hopefully this will stop any further problems, but it would have been good to have this still enabled and somehow block malicious fake testimonials from being submitted. I suppose I'll just have to wait and see if I get any further problems, but I would still like to delete the ones I have already received if this is possible.

Contact the extension developer - It sounds odd to have a reviews/testimonial extension without the ability for captcha.
As for deleting them just go into the backend and delete them (top right corner)
You can multiple delete by pressing the top checkbox on the left.
You can edit the number on the page in admin => system => settings => options tab I think => number of items on admin page.

westie99 wrote: ↑

Mon Nov 04, 2024 5:46 pm

Hopefully this will stop any further problems, but it would have been good to have this still enabled and somehow block malicious fake testimonials from being submitted.

Generally, when an attacker or spammer discovers your URL and receives a successful response, they’re likely to continue spamming. I recommend addressing the issue with the extension. If you can’t resolve it on your own, consider hiring a professional like myself to assist.

You might consider the SpamBot Buster which we can also modify for a small extra charge to cover your testimonials page, too.

Thank you for all the advice and help. I've managed to get the google recapcha sorted out and I will look at some of the other spam prevention suggestions.