I hope my topic is understandable.

I have had several notifications of registrations on my site, without that user being recorded. That is, I receive the email as admin saying (for example) benny112 has registered. However, when I check by searching for the user benny112, I get no hits. I am searching via the admin interface for all users. I do this routinely to check for spurious registrations, especially when I see a user ID like that, which looks to me to be suspicious.

Not all registrations fail like this. Some are recorded correctly and I can find them in a search.

Does anyone have a possible explanation of this? Under what conditions could I get the email message but not have the user name recorded in the system?

My concern, of course, is that legitimate users are not being registered, although I am inclined to think that these are spurious registrations that are not being completed.

I am using Xoops 2.4.4, recaptcha and peekays hack to block access to register.php without a referrer (i.e. to block robot registrations).

barryC

It's very simple.

Benny registered, but didn't confirmed, therefore is not active.

When you just type the name, the default is only for "active" users, therefore the search will not return "Benny's" record.

Select "all users" and you should be able to see him.

Nope. As I said in my message, I am searching for all users. not just active users. That is not the explanation.

barryC

Did you retrieve them in the database table with eg phpMyAdmin?
How many registration steps (form pages) do you have?

ghia,

looking in the users table in the db I cannot find a user named benny112. I use two steps in registration but both are saved after step so the filling out only the first one should complete a registration sending me the email and registering the user.

I just tested by registering, filling out only the first step but hitting the submit button on the second page without filling in any additional information. I got the email correctly and the test user was registered and could be found using an admin search. Similarly, if I register but do nothing with the second step, not even hitting the submit button, the user is registered and I get the email. So, as I have the system set up, completing only the first step is necessary for registration.

It is likely that a spurious user or a robot would only fill out the first step but I should still get the email and the user should be registered in the system.

Edit: Coincidentally, I just got a bounce message for the address benjamin at auroragardens dot net. I don't have any registered users with that address so I'm suspicious this is benny. This is the error message:

216.130.191.236 does not like recipient.
Remote host said: 451 Dynamic IP Addresses See: sorbs.net/lookup.shtml?67.222.39.38
Giving up on 216.130.191.236.

Again, I suspect that this and the few others I've had are spurious registrations but I'd like to understand what is going on.

barryC

[size=xx-small]Edit by ghia: Unlinked email and URL.
Don't publish explicit SPAM related material on XOOPS! [/size]

Weird, but did you see the register.php of Benny in the Apache logs (check with the time of the email)?

Hi how are you. I think kind sir due to the registration process you have found an injestable $_GET for mailing user 1 with the mail function. That as far as I can tell is the last one, I got one today from:

Quote:

please notice the mail function is only triggerable there is no user creation thank goodness.

Needs to be salted with the MD5 for user sessions to prevent this and all other hacks as in the 2.6 Hypothesis document in the XOOPS Document area. Thoses ifs and butts for the need for a SECURE Define against build me ups

Look at the registration process for example on http://www.xortify.com it is profile 1.61 with validation and it is still happening so the problem is with the assignment of you 'key' with blowfish combination of a DefiNE and a passkey from the database for a MD5 session to prevent this error.

Perhaps in further forensics it is one of your registered users. An example of blowfish combination with the sessions in xhelp 1.61 and the RSS Feeds and auto user leveling key with tickets.

@ ghia,

I'll see if I can find any corresponding entry in the Apache logs.

@wishcraft,

I don't fully understand what you are explaining but it is interesting that I got a registration from duz4nliza on a second smaller site that I run.

Both my larger site and that smaller one run on Xoops 2.4.4, both have Protector installed and both have a two step registration process. I have never seen a registration send only an email on the smaller site. One difference is that on the smaller site I manually activate registrations. In the case of duz4nliza the user was registered but not activated. I have put that user in an unwelcome group which has no privileges.

I'll respond again re the logs.

barryC

I have looked at my raw logs around the time that benny is said to have registered. The email message I got was dated 01/Dec/2010, with a time stamp of 16:49. There is a one hour difference between my time and the server time, so the "registration" would have occurred at 17:49 in the logs.

I looked for occurrences of register.php around that time and can't find any very close to that time.

ghia, you once looked at a log from my server to figure out what a robot was doing. If you are interested in looking at this log I have saved the segment surround the time in question and could send it to you.

barryC

OK Send me a link where I can download it.

You verified that hour difference, by doing some action yourself?

Are you sure the email came from your system and is not a fake SPAM thingy?