I have looked at my raw logs around the time that benny is said to have registered. The email message I got was dated 01/Dec/2010, with a time stamp of 16:49. There is a one hour difference between my time and the server time, so the "registration" would have occurred at 17:49 in the logs.

I looked for occurrences of register.php around that time and can't find any very close to that time.

ghia, you once looked at a log from my server to figure out what a robot was doing. If you are interested in looking at this log I have saved the segment surround the time in question and could send it to you.

barryC

@ ghia,

I'll see if I can find any corresponding entry in the Apache logs.

@wishcraft,

I don't fully understand what you are explaining but it is interesting that I got a registration from duz4nliza on a second smaller site that I run.

Both my larger site and that smaller one run on Xoops 2.4.4, both have Protector installed and both have a two step registration process. I have never seen a registration send only an email on the smaller site. One difference is that on the smaller site I manually activate registrations. In the case of duz4nliza the user was registered but not activated. I have put that user in an unwelcome group which has no privileges.

I'll respond again re the logs.

barryC

ghia,

looking in the users table in the db I cannot find a user named benny112. I use two steps in registration but both are saved after step so the filling out only the first one should complete a registration sending me the email and registering the user.

I just tested by registering, filling out only the first step but hitting the submit button on the second page without filling in any additional information. I got the email correctly and the test user was registered and could be found using an admin search. Similarly, if I register but do nothing with the second step, not even hitting the submit button, the user is registered and I get the email. So, as I have the system set up, completing only the first step is necessary for registration.

It is likely that a spurious user or a robot would only fill out the first step but I should still get the email and the user should be registered in the system.

Edit: Coincidentally, I just got a bounce message for the address benjamin at auroragardens dot net. I don't have any registered users with that address so I'm suspicious this is benny. This is the error message:

216.130.191.236 does not like recipient.
Remote host said: 451 Dynamic IP Addresses See: sorbs.net/lookup.shtml?67.222.39.38
Giving up on 216.130.191.236.

Again, I suspect that this and the few others I've had are spurious registrations but I'd like to understand what is going on.

barryC

[size=xx-small]Edit by ghia: Unlinked email and URL.
Don't publish explicit SPAM related material on XOOPS! [/size]

Nope. As I said in my message, I am searching for all users. not just active users. That is not the explanation.

barryC

I hope my topic is understandable.

I have had several notifications of registrations on my site, without that user being recorded. That is, I receive the email as admin saying (for example) benny112 has registered. However, when I check by searching for the user benny112, I get no hits. I am searching via the admin interface for all users. I do this routinely to check for spurious registrations, especially when I see a user ID like that, which looks to me to be suspicious.

Not all registrations fail like this. Some are recorded correctly and I can find them in a search.

Does anyone have a possible explanation of this? Under what conditions could I get the email message but not have the user name recorded in the system?

My concern, of course, is that legitimate users are not being registered, although I am inclined to think that these are spurious registrations that are not being completed.

I am using Xoops 2.4.4, recaptcha and peekays hack to block access to register.php without a referrer (i.e. to block robot registrations).

barryC

I hate to have to reactivate this discussion, but I suspect reCaptcha has been hacked or overcome in some way by robots.

I have two active sites both using reCaptcha. The larger site also has Peekay's hack, earlier in this thread, blocking direct access without a referrer. A smaller site has reCaptacha but not the hack. I have been getting tons of spurious registrations on that site that I suspect are robot generated. Has anyone else experienced this while using reCaptcha?

BTW, I have now inlcuded Peekay's hack in the second site. We'll see if that solves the problem.

barryc

Thanks for explaining that ghia. I can see the link now, having been told where to look. However, I have to say it's not very intuitive and, frankly, not so useful. One would have to be checking each forum frequently to look for pending posts for approval. It would be much more useful if the admin or moderator were to be sent an email indicating that there is a post awaiting approval.

No need for apology about the mental miscalculation on the IP range. I wouldn't even know how to do it, in my head or otherwise.

So far I haven't seen another spam post. Let's hope it continues that way.

barryC

thanks to you all.

I tried changing permissions for registered users for "post without approval". That is, posts should be moderated for registered users but not for those in our Members group. I tried a test registration then a post and I did see the screen to say that the post must be approved. However, I am a moderator for that forum and I did not get a message about the post. I cannot find anywhere in CBB where posts pending approval are listed.

So, I reactivate post without approval for registered users but have blocked the IP range for that group in Pakistan (119.155.0.0 - 119.155.31.255). We'll see if that thwarts their game.

ghia, I'm curious about one thing - I'm not expert in the CIDR format for designating an IP range but if I enter the range above my control panel shows 119.155.0.0/19, rather than 18, as you suggested. Can you clarify why you suggested /18?

Incidentally, you convinced me. I changed CBB to show userID not real name.

barryC

You are right about CBB. I expected to find it under preferences but it is in permissions, under "can post without approval". So, I've changed it such that our members can do so but registered users cannot. I hope it works. I'll do a test registration soon and try to post. Hopefully this nuisance will go away if I disallow the posts for a while and I can revert back.

The IP is 119.155.27.37

You make a good point about real names. Perhaps I've been naive about that. I will think about resetting it to not show real names.

barryC

Quote:

ghia,

I tried to search for the IP but came up with "no records found". This may be an unregistered IP. I don't know enough about IP technology to know the answer to that.

the problem with asking for info like "what species do you keep" is that many registrants are browsing but might not keep these fish yet. Our hope is, of course, to attract them to the hobby.

I know it is common practice to allow people to use "handles" when posting. In our case, I don't think genuine people have the need to hide their real name. I haven't received a single complaint about it. Anyway, they can enter a fake name when they register. There's nothing I can do to prevent that.

What would be useful is for the CBB forum preferences to allow approval of posts by the moderator. For a high volume site, that would be a pain, but for us it would be doable, at least short term until this person gives up.

barryC