You are viewing this forum as a guest. Login to an existing account, or create a new account, to reply to topics and to create new topics.
Pages: 1
Hi
The email a friend script is still being attacked even though disabled
in the admin section of version 8 and version 6 carts.
How do I actually disable the script
(not just hide it from showing on the site like it is now)
Thanks
Audrey
Offline
Does your email a friend page have a captcha field?
You can go into Raw Database Admin -> core_namespace -> ecom.emailfriend and either set it's active field to 0 or change the group allow section to superuser, admin (instead of its default of *) and its groupdeny to * (instead of empty), either one should stop the use of that script.
John
Offline
Thanks John for your help and the quick response
I did not look to see if they email a friend had captcha-
I was too busy disabling it in the admin section on all of the carts on the server
I will go into the raw database as you suggest
Thanks again
Audrey
Offline
For ccp6 sites check out this post for captcha .
Generally to get captcha on the email friend for ccp 8 go to Raw Database Admin -> core_formfields, scan the "Type" column for "CAPTCHA" (email a friend field entries are on the 3 page near the bottom there should be a captch field labled eocm.discemail) clone this entry and name it ecom.emailfriend.verify and set it's "form" field to ecom.emailfriend, you should then have the captcha field present on that form.
You can also do the same for ccp6 or ccp7.
John
Offline
dh783 wrote:
For ccp6 sites check out this post for captcha .
Generally to get captcha on the email friend for ccp 8 go to Raw Database Admin -> core_formfields, scan the "Type" column for "CAPTCHA" (email a friend field entries are on the 3 page near the bottom there should be a captch field labled eocm.discemail) clone this entry and name it ecom.emailfriend.verify and set it's "form" field to ecom.emailfriend, you should then have the captcha field present on that form.
You can also do the same for ccp6 or ccp7.
John
John
I better subscribe to this topic, just in case. So far no attempts.
Offline
As noted in the security update, version 8 is not affected. The issue for audrey is the v6 install, which needs to be updated. Simply turning the function off in admin is not enough for v6/v7, you need to apply the update here:
https://kryptronic.com/cms-xmodnewsrss_ … 2014S.html
Offline
Would you recommend we keep the email a friend on (CCPv8) and add the capture field to the form or it is still too risky. If OK how to add captcha as the "dh783 wrote" instructions above do not seem to correlate to what I am seeing in Raw Database Admin -> core_formfields
Offline
I just upgraded to version 8 and my "email a friend" is not working properly. Whe i click it, it comes up with an error message "There was an error encountered when trying to send your email message. Perhaps an invalid email address was entered. Please try again."
How do i resolve this problem
Offline
Yes. All the email addresses entered are valid. you can try it on the website. http://www.datacommexpress.com/
Offline
Check the email address you have entered for the default from address under System | Mail | Mail Messages for the email a friend message. It might not be a valid email.
Offline
Pages: 1