Register.php spammed [Q and A] - XOOPS Web Application System

XOOPS

Forum

Forum Index General Forums Community Support Modules Support Themes Support Development International Support Module Hack Reviews Theme Designer Talk

1

Register.php spammed

2007/5/10 19:43
Cuidiu
Quite a regular
Posts: 358
Since: 2006/4/23

My registration page was spammed and some fields that should have been answered were left unanswered (should not have allowed him to submit the page without answering!) when I got the registration email. Is there a way I can make the form not spammable or use server side code to validate the fields that should be completed? I'm using 2.2.4. This hacker knew right where he was going - I suspect I'm not the first XOOPS site he's been spamming. I would like to prevent future spamming like this - is that possible?

Thank in advance,

Cuidiu

[size=x-small]Working sites:
XOOPS 2.0.16 PHP 5.2.2, MySQL 5.0.24a-standard-log, Apache/2.0.54 (Unix)
XOOPS 2.2.4, PHP 4.3.10, MySQL 3.23.58, Apache/1.3.33 (Unix)[/size]

2

Re: Register.php spammed

2007/5/10 19:50
wuddel
Just popping in
Posts: 71
Since: 2005/9/13

look at xoops-magazin.com there ist a hack to put the captcha code in the registry form. The hack should be work in 2.2.x too.

cu wuddel

[size=x-small]sorry about my sh** english [/size]

3

Re: Register.php spammed

2007/5/10 23:18
Cuidiu
Quite a regular
Posts: 358
Since: 2006/4/23

Thanks wuddel, I will give that a try. I would love to know how they submitted the form without answering the required questions. I know it is possible but I would love to know how... Anyone??? Feel free to PM instead of answering this post.

[size=x-small]Edited to add: I know it's possible for a hacker to submit without completing all fields - but unlikely for the regular site visitor... but still want to know how to prevent it?[/size]

[size=x-small]Working sites:
XOOPS 2.0.16 PHP 5.2.2, MySQL 5.0.24a-standard-log, Apache/2.0.54 (Unix)
XOOPS 2.2.4, PHP 4.3.10, MySQL 3.23.58, Apache/1.3.33 (Unix)[/size]

4

Re: Register.php spammed

2007/5/13 5:50
Cuidiu
Quite a regular
Posts: 358
Since: 2006/4/23

But 2.2.4 frameworks does not include captcha so I guess I'm back to where I started.

Why is it that no one responds to my question about my form being submitted with almost all required fields blank. Does no one think this is an important issue? Will someone please tell me how this could happen?

Quote:

wuddel wrote:
look at xoops-magazin.com there ist a hack to put the captcha code in the registry form. The hack should be work in 2.2.x too.

[size=x-small]Working sites:
XOOPS 2.0.16 PHP 5.2.2, MySQL 5.0.24a-standard-log, Apache/2.0.54 (Unix)
XOOPS 2.2.4, PHP 4.3.10, MySQL 3.23.58, Apache/1.3.33 (Unix)[/size]

5

Re: Register.php spammed

2007/5/13 7:27
jdseymour
Friend of XOOPS
Posts: 3782
Since: 2004/11/11

The latest protector module blocks this by default. See the Peak XOOPS site for the latest protector module.

Proactive Support for Sites and Servers

WebServerMasters.com | XOOPS Tutorials

6

Re: Register.php spammed

2007/5/13 14:33
wuddel
Just popping in
Posts: 71
Since: 2005/9/13

You need this Framework

cu wuddel

[size=x-small]sorry about my sh** english [/size]

7

Re: Register.php spammed

2007/5/13 20:16
Cuidiu
Quite a regular
Posts: 358
Since: 2006/4/23

Thank you jdseymour. I do use Protector on that site but not the latest version.

Quote:

jdseymour wrote:
The latest protector module blocks this by default. See the Peak XOOPS site for the latest protector module.

[size=x-small]Working sites:
XOOPS 2.0.16 PHP 5.2.2, MySQL 5.0.24a-standard-log, Apache/2.0.54 (Unix)
XOOPS 2.2.4, PHP 4.3.10, MySQL 3.23.58, Apache/1.3.33 (Unix)[/size]

8

Re: Register.php spammed

2007/5/13 20:18
Cuidiu
Quite a regular
Posts: 358
Since: 2006/4/23

Thanks wuddel. So much to do, so little time!

Quote:

wuddel wrote:
You need this Framework

[size=x-small]Working sites:
XOOPS 2.0.16 PHP 5.2.2, MySQL 5.0.24a-standard-log, Apache/2.0.54 (Unix)
XOOPS 2.2.4, PHP 4.3.10, MySQL 3.23.58, Apache/1.3.33 (Unix)[/size]

Login

Username

Password

Remember me

Register now! | Lost Password?

Search

Advanced Search

Recent Posts

Re: Rebuilding and Updating a 20 years old Xoops Website from 2.0.18? to 2.5.11

3/16 2:02 Mamba
Rebuilding and Updating a 20 years old Xoops Website from 2.0.18? to 2.5.11

3/14 20:34 hnn_gerd
Re: NewBB v 5.1.0 b 6

3/7 12:07 Mamba
Re: NewBB v 5.1.0 b 6

2/23 2:57 Mamba
NewBB v 5.1.0 b 6

2/17 18:57 spierrard
Re: XOOPS 2.5.11 search user is not working

2/14 13:11 Mamba
Re: oledrion

2/14 11:29 Mamba
Re: oledrion

2/13 15:22 oswaldo
Re: oledrion

2/12 19:20 Mamba
Re: oledrion

2/12 16:02 oswaldo

Who's Online

204 user(s) are online (137 user(s) are browsing Support Forums)

Members: 0

Guests: 204

Donat-O-Meter

Stats
Goal:	$100.00
Due Date:	Apr 30
Gross Amount:	$0.00
Net Balance:	$0.00
Left to go:	$100.00

Latest GitHub Commits

{{ record.sha.slice(0, 7) }} - {{ record.commit.message | truncate }}

{{ record.commit.author.name }} {{ record.commit.author.date | formatDate }}