argent — 2012-06-19T01:09:49-04:00 — #1
I manage a joomla site which occasionally has unauthorized users registering. There is no login facility or any other way that I can see that would give them access to register.
Can anyone suggest how this might be happening?
Site in question is www.jgre.net.au
Any help appreciated.
cpradio — 2012-06-19T07:15:53-04:00 — #2
A lot of spammers will write scripts that hit a registration API/file and automatically create an account to then use for placing unwanted comments.
You can try a few things, 1) rename the usual registration page, 2) delete any registration module/widget, 3) check your server logs to see what request is being used to hit that page and use htaccess to block that request.
argent — 2012-06-19T07:31:22-04:00 — #3
Thanks but I don't have any registration page, module/widget on this site and if this is a vulnerability then option 3 would have me repeating the blocking process time and time again for new spammers right?
cpradio — 2012-06-19T07:36:37-04:00 — #4
Well, no, it wouldn't. As you could redirect the request they are sending (which is likely the same vulnerability each is using). So it wouldn't be blocking by ip address, but rather by page request. The problem is tracking down how they are getting around your registration. If there is a date/time field when an account is created, you might be able to use that to find the request in the apache logs. If you find it, post it here and I am sure a few of us can help you write up an htaccess rule to block the request.