Someone is sending spam from my VPASP shopping cart

VPASP reports that this insecurity was fixed in the 650 version of their cart, the patch for which can be found here:

However, please be aware that in order to download this patch you may be required to update your license for VPASP, incurring fees. To help offset this VPASP has offered us a coupon code for a nearly 50% discount on the license, simply insert the coupon code "ALENTUS" into the customer information page when checking out and it will deduct from the total.

Additonally, as VPASP version 700 is slated for release in the coming months upgrading your license will allow you to upgrade to the newest version at no charge once it is released.

If you do not wish to make use of the 'Tell A Friend' feature of the application you can simply rename the file 'shoptellafriend.asp' to something else such as 'shoptellafriend.asp.bak'.

If you do not wish to upgrade your VPASP installation at this time, yet still make use of the 'Tell A Friend' feature,  you can attempt to modify the VPASP shoptellafriend.asp page that is being targeted to discourage spammers from misusing it. However, this action is for more advanced administrators only and we cannot provide support if the following procedure causes errors in your application.

Be sure to make a backup copy of this file before you make any changes, just in case.

To manually modify the VPASP cart to discourage spammers from misusing it please follow the steps below:

  1. Open the file 'shoptellafriend.asp' in the root of your VPASP application.
  2. Locate the function definition 'Sub ValidateData()', usually at line 117 in the file.
  3. Modify the following section of code:

    strCustName = Request.Form("CustName")
    strCustEmail = Request.Form("CustEmail")
    strFriendsName = Request.Form("FriendsName")
    strFriendsEmail = Request.Form("FriendsEmail")

  • When modifying it is recommended to comment out the original line by placing a single quote at the beginning of the line, and then copy the original line for modification.
  • It is recommended to at least change the lines relating to the source email address and message contents as below:
     strCustName = Request.Form("CustName")
     'strCustEmail = Request.Form("CustEmail")
     strCustEmail = ""
     strFriendsName = Request.Form("FriendsName")
     strFriendsEmail = Request.Form("FriendsEmail")
     strMessage = ""
  • In changing the above lines to a blank string VPASP will use the defaults set in the cart options rather than what a potential spammer may have submitted.

Please note the following:

  • Simply modifying the template of the page will not stop spammers from submitting their own messages directly to the form processor.

At the moment we are handling incidents of this form of spamming on a case-by-case basis. If a domain is found to be sending out large amounts of spam from this page we will disable only the shoptellafriend.asp page and send a notification to the email address[es] we have on file.

Add Feedback