XOOPS 
Forum
Forum Index General Forums Community Support Modules Support Themes Support Development International Support Module Hack Reviews Theme Designer Talk
  1. Board index / 
  2. XOOPS Community Support forums / 
  3. XOOPS general usage questions 
  4.  / Serious security issue Anything@chatterzx.cn
Register
1
ccrstudioweb
Serious security issue Anything@chatterzx.cn

Since last December at beginning, I´ve noticed in one of my XOOPS sites that there are some registration from China´s users.
Look some examples:

davidcol
dickiecl
jesswood
stephana
winifred
adadobbi
edithnet
bridgetg

using emails:
75a@myifysero.cn
1307@mybayacha.cn
0b0@mybayacha.cn
b189@jabberblabs.cn
2f66@chatterzx.cn
8b29@chatterzx.cn

The problem is that if you look for chatterzx.cn (or some of domains related) on Google, it returns only XOOPS sites in which these domains´s emails are registered, and curiosly, all of them start registering at beggining last Dec.

And the most curiosly, some of these users have already more than 1000 Comments/Posts on their profiles...

How can I protect my website from this and what may be this?
2
ccrstudioweb
Re: Serious security issue Anything@chatterzx.cn

And they can confirm by themselves their registration...
3
Anonymous
Re: Serious security issue Anything@chatterzx.cn

  • 2010/1/20 14:30

  • Anonymous

  • Posts: 0

  • Since:


Preferences>User Info Settings

1. Enter emails that should not be used in user profile

xoops.org$|.cn$


The last bit stops registrations where the email address uses a .cn domain.

The works for me because there is no way that a legitimate user of my site would be from China. Might be a bit draconian for some, though.

2. I would also recommend setting "Allow users to change email address?" to "No". I had a problem where dubious accounts were being registered using dodgy domains and then setting their email address to fake addresses on otherwise bona-fide domains to hide their tracks.

4
mjoel
Re: Serious security issue Anything@chatterzx.cn

  • 2010/1/20 15:33

  • mjoel

  • Quite a regular

  • Posts: 325

  • Since: 2006/12/9


china ?

http://www.reuters.com/article/idUSTRE60J20820100120

lol...

i got spam registration from russia... november-december last year 2009 in my site

i have blocked ru emails using the method above
5
ccrstudioweb
Re: Serious security issue Anything@chatterzx.cn

I had read it about google...
So...

Does anyone have already implemented captchahttp://www.captcha.net/ on xoops?
Someone has a step by step implementation of this tool?

I´d read about module protector for xoops. Is it reliable?
6
Anonymous
Re: Serious security issue Anything@chatterzx.cn

  • 2010/1/20 17:45

  • Anonymous

  • Posts: 0

  • Since:


Quote:
ccrstudioweb wrote:

Does anyone have already implemented captchahttp://www.captcha.net/ on xoops?
Someone has a step by step implementation of this tool?


A "captcha" system is standard on recent releases.

Try registering an account on a current XOOPS set-up and you'll see it on page two of the registration form.

Quote:
ccrstudioweb wrote:

I´d read about module protector for xoops. Is it reliable?


So reliable that it ships with the core and it is highly recommended that users install it.

HTH

Login

Register now!  |  Lost Password?

Search

Advanced Search

Recent Posts

Who's Online

219 user(s) are online (160 user(s) are browsing Support Forums)

Members: 0

Guests: 219

more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: May 31
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits