1
preachur
Mass user registrations.... bots perhaps? Anyone else getting these?
  • 2009/11/10 22:03

  • preachur

  • Just can't stay away

  • Posts: 525

  • Since: 2006/2/4 4


In the past few days ALL of my XOOPS sites, on different servers, have been getting several users an hour. They all put google.com down as their homepage. Most of them don't validate their accounts, but some do. I have been deleting them under the assumption that they are either spammers or some sort of bot.

Anyone else experiencing this?

2
Burning
Re: Mass user registrations.... bots perhaps? Anyone else getting these?
  • 2009/11/10 22:11

  • Burning

  • Theme Designer

  • Posts: 1163

  • Since: 2006/8/22


hi'

... same false resgistrations on two old sites made with XOOPS 2.0.18 (one or two per day, since 5 days)

3
ghia
Re: Mass user registrations.... bots perhaps? Anyone else getting these?
  • 2009/11/10 22:16

  • ghia

  • Community Support Member

  • Posts: 4953

  • Since: 2008/7/3 1


Are they shielded with captcha?

4
preachur
Re: Mass user registrations.... bots perhaps? Anyone else getting these?
  • 2009/11/10 22:16

  • preachur

  • Just can't stay away

  • Posts: 525

  • Since: 2006/2/4 4


I'm getting them on 2.0.18 AND 2.3.3....

5
Burning
Re: Mass user registrations.... bots perhaps? Anyone else getting these?
  • 2009/11/10 22:25

  • Burning

  • Theme Designer

  • Posts: 1163

  • Since: 2006/8/22


Hi' Ghia,

no captcha on both sites for form registration

6
Peekay
Re: Mass user registrations.... bots perhaps? Anyone else getting these?
  • 2009/11/10 23:39

  • Peekay

  • XOOPS is my life!

  • Posts: 2335

  • Since: 2004/11/20


Captcha for registration is a good idea. It comes as standard on 2.3 and I assume also 2.4?

In addition, I would recommend blocking the kind or spiders that can implement automated registration and other such exploits by blocking Perl library user agents in .htaccess and/or by implementing the Perishable Press blacklist mentioned in this post.

7
noo-b
Re: Mass user registrations.... bots perhaps? Anyone else getting these?
  • 2009/11/11 0:25

  • noo-b

  • Just can't stay away

  • Posts: 456

  • Since: 2007/10/23



8
preachur
Re: Mass user registrations.... bots perhaps? Anyone else getting these?
  • 2009/11/12 22:15

  • preachur

  • Just can't stay away

  • Posts: 525

  • Since: 2006/2/4 4


Thought I would follow-up.... I downloaded the file that link lead me to. I followed the instructions. On 2.0.18.1 that hack kills the registration. 1)The captcha is almost 100% impossible to read. (The friggin' background is jumbled letters and numbers. How stupid is THAT?) 2) White screen on submit.

Luckily it is easy to undo. 2 core files to replace and it's back to normal. (unprotected, but functional.)

I was all happy thinking I would have captcha protected registration on those sites. Oh well. I will just continue deleting bots, or whatever they are I guess. I upgraded the 2.3.3 site to 2.4.1 so maybe that will stop it, but I was getting those registrations with the 2.3.3 registration captcha on that site as well.

I don't know what to do about this.

9
Burning
Re: Mass user registrations.... bots perhaps? Anyone else getting these?
  • 2009/11/12 22:42

  • Burning

  • Theme Designer

  • Posts: 1163

  • Since: 2006/8/22


hi'

You can customize captcha image : modify parameters in
• class/captcha/config.image.php
• and class/captcha/config.php

10
preachur
Re: Mass user registrations.... bots perhaps? Anyone else getting these?
  • 2009/11/12 23:05

  • preachur

  • Just can't stay away

  • Posts: 525

  • Since: 2006/2/4 4


What about the white screen?

Login

Username:
Password:

Lost Password? Register now!

Who's Online

58 user(s) are online (29 user(s) are browsing Support Forums)


Members: 0


Guests: 58


more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: May 31
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits