1
ccrstudioweb
Serious security issue Anything@chatterzx.cn

Since last December at beginning, I´ve noticed in one of my XOOPS sites that there are some registration from China´s users.
Look some examples:

davidcol
dickiecl
jesswood
stephana
winifred
adadobbi
edithnet
bridgetg

using emails:
75a@myifysero.cn
1307@mybayacha.cn
0b0@mybayacha.cn
b189@jabberblabs.cn
2f66@chatterzx.cn
8b29@chatterzx.cn

The problem is that if you look for chatterzx.cn (or some of domains related) on Google, it returns only XOOPS sites in which these domains´s emails are registered, and curiosly, all of them start registering at beggining last Dec.

And the most curiosly, some of these users have already more than 1000 Comments/Posts on their profiles...

How can I protect my website from this and what may be this?

2
ccrstudioweb
Re: Serious security issue Anything@chatterzx.cn

And they can confirm by themselves their registration...

3
Anonymous
Re: Serious security issue Anything@chatterzx.cn
  • 2010/1/20 14:30

  • Anonymous

  • Posts: 0

  • Since:


Preferences>User Info Settings

1. Enter emails that should not be used in user profile

xoops.org$|.cn$


The last bit stops registrations where the email address uses a .cn domain.

The works for me because there is no way that a legitimate user of my site would be from China. Might be a bit draconian for some, though.

2. I would also recommend setting "Allow users to change email address?" to "No". I had a problem where dubious accounts were being registered using dodgy domains and then setting their email address to fake addresses on otherwise bona-fide domains to hide their tracks.


4
mjoel
Re: Serious security issue Anything@chatterzx.cn
  • 2010/1/20 15:33

  • mjoel

  • Quite a regular

  • Posts: 325

  • Since: 2006/12/9


china ?

http://www.reuters.com/article/idUSTRE60J20820100120

lol...

i got spam registration from russia... november-december last year 2009 in my site

i have blocked ru emails using the method above

5
ccrstudioweb
Re: Serious security issue Anything@chatterzx.cn

I had read it about google...
So...

Does anyone have already implemented captcha http://www.captcha.net/ on xoops?
Someone has a step by step implementation of this tool?

I´d read about module protector for xoops. Is it reliable?

6
Anonymous
Re: Serious security issue Anything@chatterzx.cn
  • 2010/1/20 17:45

  • Anonymous

  • Posts: 0

  • Since:


Quote:
ccrstudioweb wrote:

Does anyone have already implemented captcha http://www.captcha.net/ on xoops?
Someone has a step by step implementation of this tool?


A "captcha" system is standard on recent releases.

Try registering an account on a current XOOPS set-up and you'll see it on page two of the registration form.

Quote:
ccrstudioweb wrote:

I´d read about module protector for xoops. Is it reliable?


So reliable that it ships with the core and it is highly recommended that users install it.

HTH

Login

Who's Online

381 user(s) are online (264 user(s) are browsing Support Forums)


Members: 0


Guests: 381


more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Nov 30
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits