Did you know that Joomla! and VirtueMart has a feature that opens up your site to be a potential spam paradise? The “recommend to a friend” feature, which is available in ANY Joomla! and VirtueMart install, creates a form in which the user can specify the to and from email addresses as well as a custom message. Spammers actually Google instances of this so that they can take advantage of the open invitation to use people’s sites for creating SPAM, totally unbeknownst to them.
I can’t take credit for discovering this bug in the first place, but I can report that on future versions of the HBLI Store (our version of Joomla! and VirtueMart) that this bug will be fixed:
For now, though, or if you have your own Joomla! and VirtueMart install, we recommend that you take these steps to remove the possible liability that this “feature” creates:
- Open up Administrator/Components/com_virtuemart/html/shop.recommend.php
- Locate this line:
if( !defined( ‘_VALID_MOS’ ) && !defined( ‘_JEXEC’ ) ) die( ‘Direct Access to ‘.basename(__FILE__).’ is not allowed.’ ); - Right below that line, type this:
header(‘Location: http://www.mywebsite.com’);
exit; - (Replace “mywebsite.com” with your domain name)
- Log into the back end of your site.
- Go to VirtueMart > Admin > Configuration > Site > Show the “Recommend to a friend” link? and make sure that it is turned OFF.
You have now disabled the “Recommend to Friend” feature and also prevented the page from being used should someone try to access it directly.