11
finalfiler
Re: Curious about user registration security
  • 2003/12/1 20:41

  • finalfiler

  • Documentation Writer

  • Posts: 111

  • Since: 2002/1/19


Quote:

Who is your web host?


It was a server problem, now fixed. I've been using spidersaid.com for near on 12 months now. Generally very happy with the service.

Thanks

12
Stewdio
Re: Curious about user registration security
  • 2003/12/1 23:40

  • Stewdio

  • Community Support Member

  • Posts: 1560

  • Since: 2003/5/7 1


Quote:

finalfiler wrote:
Oddly the site in question has just started generating

Fatal error: Unable to connect to database in /public_html/php/class/database/databasefactory.php on line 34

Tryhttp://www.public-cemeteries.net

It's a worry


This happened to me last night when I changed my password to access host account. I had problems changing the password back, so I did a backup of the SQL DB, uploaded the intall files and the mainfile.php and reinstalled overtop with the new account password. After that I ijust dropped the backup DB into the new DB Tables and all was well again.

I learned a lesson here. When installing multiple XOOPS under the same domain, be sure to create new DB user with admin privs. Using one user/pass for all DB's can cause some headaches, like the one I experienced when I changed my hosting account password.

13
finalfiler
Re: Curious about user registration security
  • 2003/12/2 1:59

  • finalfiler

  • Documentation Writer

  • Posts: 111

  • Since: 2002/1/19


Quote:

Stewdio wrote:
Using one user/pass for all DB's can cause some headaches, like the one I experienced when I changed my hosting account password.


Apparently the problem we had was due to an upgrade of cpanel, (we're on a virtual host), which broke the mySQL passwords.

All fixed now.

14
finalfiler
Re: Curious about user registration security
  • 2003/12/12 21:38

  • finalfiler

  • Documentation Writer

  • Posts: 111

  • Since: 2002/1/19


Just an update - the spurious and unusually high registrations on the site continue. The common denominator is that the user names are weird, like
YUhgGS123 or tws6bzx

The email address submitted do not respond to request for feedback.

The spamrate to to the webmaster's address, which I use for site notifications, is now at such a rate that I have no choice but to cancel the account.

AND to make matters worse, the same thing is now starting on another site. I have stopped registrations on that site.

Guys, I think the user registration system needs to be beefed up, urgently.

15
mvandam
Re: Curious about user registration security
  • 2003/12/12 22:56

  • mvandam

  • Quite a regular

  • Posts: 253

  • Since: 2003/2/7 2


I think chrisz's idea was good... I think that kind of system is called a captcha (i.e. you're shown an image containing a word and you have to type the word).

I'm not sure how many registrations you're getting but I guess it looks like someone has written a script (for some reason) to repeatedly try registering on your site. You could hack all kinds of minimal things to disrupt this... but this would not deter a *determined* 'spammer'. Anyone know enough about this to add something like this to the registration form?

16
finalfiler
Re: Curious about user registration security
  • 2003/12/13 1:17

  • finalfiler

  • Documentation Writer

  • Posts: 111

  • Since: 2002/1/19


Quote:

mvandam wrote:

I'm not sure how many registrations you're getting


The site concerned is for a specialised interest group. There were ~150 members when it had settled down about 12 months ago.

Thereafter maybe two to three new registrations a months.

The spurious registrations started about a month ago with 20 to 30 new registrations a day.

When I pulled new registrations this week it had reached 80 plus a day and there are over 8000 members where I'd expect ~200!

I figure only a script would be practical to do what was happening.

Thankfully I have a backup of the data before the trouble started. I'll need to identify the legitimate members and somehow delete the idiots.

Regards

17
Kilowoo
Re: Curious about user registration security
  • 2003/12/16 6:19

  • Kilowoo

  • Just popping in

  • Posts: 6

  • Since: 2003/11/9


I'm starting to have this problem too!!
Completely unkown and strange users.. with unreal mail has registered to my site.. I will not mail him because I think it will be worst if I try to ask him to leave..
The mail is.. for example: snipi@refresh.sk
(very strange, isn't it?)

My site is a particular one for a student's community that has never been promoted.. I hope you can give us a solution.. Thanks for your work.

Kilowoo
Spammers must die!

The problem has stopped.. no more completely unkown registered users.. I do not know why this people registered.. but I can affirm it wasn't an spammer attack.. Sorry Folks!! I'm a little paranoid and reading Oz message incresead it!!

18
Herko
Re: Curious about user registration security
  • 2003/12/16 8:13

  • Herko

  • XOOPS is my life!

  • Posts: 4238

  • Since: 2002/2/4 1


http://www.refresh.sk/ is an existing website, so IMO this e-mail address isn't that strange. But we're looking into this!

Herko

19
finalfiler
Re: Curious about user registration security
  • 2004/1/5 10:10

  • finalfiler

  • Documentation Writer

  • Posts: 111

  • Since: 2002/1/19


Quote:

Herko Coomans wrote:
...we're looking into this!


G'day Herko & fellow XOOPSers,
The attack, if it was an attack, has now stopped.

Nevertheless, a more secure registration system would be a could thing, I think.

regards

20
svaha
Re: Curious about user registration security
  • 2004/1/5 10:32

  • svaha

  • Just can't stay away

  • Posts: 896

  • Since: 2003/8/2 2


Hi Pierre,
Just asking : Do you let new users activate their account directly, or by an 'activate' mail ?
Aloha

Login

Who's Online

196 user(s) are online (128 user(s) are browsing Support Forums)


Members: 0


Guests: 196


more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Mar 31
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits