SitePoint Sponsor

User Tag List

Results 1 to 4 of 4

Thread: Unwanted users

  1. #1
    SitePoint Zealot
    Join Date
    Apr 2003
    Location
    Perth W.A.
    Posts
    131
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Unwanted users

    Hi folks,

    I manage a joomla site which occasionally has unauthorized users registering. There is no login facility or any other way that I can see that would give them access to register.

    Can anyone suggest how this might be happening?

    Site in question is www.jgre.net.au

    Any help appreciated.

  2. #2
    Hosting Team Leader silver trophybronze trophy
    cpradio's Avatar
    Join Date
    Jun 2002
    Location
    Ohio
    Posts
    5,118
    Mentioned
    152 Post(s)
    Tagged
    0 Thread(s)
    A lot of spammers will write scripts that hit a registration API/file and automatically create an account to then use for placing unwanted comments.

    You can try a few things, 1) rename the usual registration page, 2) delete any registration module/widget, 3) check your server logs to see what request is being used to hit that page and use htaccess to block that request.

  3. #3
    SitePoint Zealot
    Join Date
    Apr 2003
    Location
    Perth W.A.
    Posts
    131
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Thanks but I don't have any registration page, module/widget on this site and if this is a vulnerability then option 3 would have me repeating the blocking process time and time again for new spammers right?

  4. #4
    Hosting Team Leader silver trophybronze trophy
    cpradio's Avatar
    Join Date
    Jun 2002
    Location
    Ohio
    Posts
    5,118
    Mentioned
    152 Post(s)
    Tagged
    0 Thread(s)
    Well, no, it wouldn't. As you could redirect the request they are sending (which is likely the same vulnerability each is using). So it wouldn't be blocking by ip address, but rather by page request. The problem is tracking down how they are getting around your registration. If there is a date/time field when an account is created, you might be able to use that to find the request in the apache logs. If you find it, post it here and I am sure a few of us can help you write up an htaccess rule to block the request.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •