Subject:*
<
Name/Email:*
<
Message Icon:*
<
Select*
<
Message:*
<



Click the Preview to see the content in action.
Options:*
<
Confirmation Code*
<
3 - 0 = ?  
Input the result from the expression
Maximum attempts you can try: 10
*
<
     

Re: Fake registrations.... bots perhaps! Please Help
by Dante7237 on 2011/10/27 14:32:17

The 2 part registration is enabled by allowing the "complimentary" form in preferences.

Also, in your php.ini file located "usually" 1 directory above your html folder you need to be sure that these items are set as so:
register_globals Off
allow_url_fopen Off

This helps prevent exploits like remote file inclusion.
If you don't have access to php.ini then contact your hosting provider and they should be more than happy to correct that.

Note: All these things are fine, but a human in a shop in India can still register if he comes in on a clean IP.

Re: Fake registrations.... bots perhaps! Please Help
by wishcraft on 2011/10/27 9:24:29

Just install Xortify, it will stop the spammers and spammer bots as well as harvester.

Make sure you are using http://xortify.chronolabs.coop it is the primary in the multi node honeypot. You will have to use this one before registering.

It will change this when the cron runs. You might also want to put the cron time up the services are quiet stable now.
Fake registrations.... bots perhaps! Please Help
by engelseboer on 2011/10/26 23:06:43

Hi Dante,

How did you accomplish the 2 part registration

I (and others) are being inundated with Bot registraitions
We run databases (AnimalPedigree) that use xoops (mine runs xoops 2.4.5)

These people are perpetually registering (10 times a day) as loan or credit or cash .... accounts/usernames

Listing usernames as not allowed that contain these words has failed and are still registered

I have tried forcing the requirement for admin authorization, but this is bypassed too

they are authorized before i ever get to see the e-mail request

I'd like some system of preventing such things

hope you or someone can help please
I am NOT xoops literate and only mildly PC literate

Regards
Malcolm
Re: Mass user registrations.... bots perhaps? Anyone else getting these?
by trabis on 2011/9/27 23:01:22

@Barry, you should wait for 2.5.2 Final before update your website.

I've now realized that this version of protector requires 2.5.x because it has a new admin menu.
Re: Mass user registrations.... bots perhaps? Anyone else getting these?
by barryc on 2011/9/27 22:53:56

@trabis,

yes, it is there, got 8 hits as a matter of fact, all with different IP addresses but with the same email. Even the user ID was the same (for 7 of them) as was used on my site.

Will the new version of Protector only run on Xoops 2.5.2? I'm still using 2.4.4, mainly because I'm afraid of breaking some of the modules on my site if I update.

barryC

Who's Online

171 user(s) are online (118 user(s) are browsing Support Forums)


Members: 0


Guests: 171


more...

Donat-O-Meter

Stats
Goal: $15.00
Due Date: Jul 31
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $15.00
Make donations with PayPal!

Latest GitHub Commits