Joomla! Discussion Forums

Hi, i keep getting what looks like "spam user registrations" occur on my joomla website.

What i mean by that is, someone/something is trying to register a user on my site with a weird looking name. I have the site set up to then email me the fact that someone has tried registering a user and i need to approve it.

This is happening fairly frequently (30-50 every few weeks).

Here is an example of one of the emails i get telling me an attempt has been made to register a user :-

A new User has registered at XYZ
This e-mail contains their details:

Name - gromokiltus
E-mail - bazalistz97@mail.ru
Username - gromokiltus

Please do not respond to this message as it is automatically generated and is for information purposes only

Obviously the name/email/username vary, but a lot of the email addresses seem to end in mail.ru.

Anyone else experienced this ? How can i stop it ?

try this or a similar extension

Hi there,

I started having the same spam user registrations on my site since approximately the same date.

They all have some bogus username and the e-mail address is made up of the same name @gmail.com

There are approximately 2-3 registrations of this kind on my site per day.

Anyone please knows what this is?

Examples:

11 ylxlvfe ylxlvfe Enabled Registered bhzyma@jyqehj.com - 72
12 hjximoxo hjximoxo Enabled Registered pkwsfz@aoieah.com - 73
13 ivxsrywuj ivxsrywuj Enabled Registered eykqis@xlycqi.com - 74
14 chimchans chimchans Enabled Registered chimchans@gmail.com - 75
15 trastuso trastuso Enabled Registered proskostya@yandex.ua - 76
16 wmsets wmsets Enabled Registered wmsets@gmail.com - 77
17 kashollp kashollp Enabled Registered kashollp@gmail.com - 78
18 Kedeaaa Kedeaaa Enabled Registered jolonoh@gmail.com - 79
19 nanoidel nanoidel Enabled Registered nanoidel@gmail.com - 80
20 mankartenb mankartenb Enabled Registered mankartenb@gmail.com - 81
21 sutshamol sutshamol Enabled Registered sutshamol@gmail.com - 82
22 wopressk wopressk Enabled Registered wopressk@gmail.com - 83
23 dutareyor dutareyor Enabled Registered dutareyor@gmail.com - 84
24 xolonho xolonho Enabled Registered trastuso@yandex.ua - 85
25 perrokits perrokits Enabled Registered perrokits@gmail.com - 86
26 labingda labingda Enabled Registered labingda@gmail.com - 87
27 rararbol rararbol Enabled Registered rararbol@gmail.com - 88
28 salxmblimd salxmblimd Enabled Registered npedoe@bdmbmt.com - 89
29 regerno regerno Enabled Registered regerno@gmail.com - 90
30 chuppeth chuppeth Enabled Registered chuppeth@gmail.com - 91

These are registrations from a type of Spambot. The spambots look for any type of form on the web and try to fill in the form with spam in the hopes that the spam will be posted to a guestbook or forum or even just spamming the email recipient of the form. If you haven't already you might want to select Yes in your Global Configuration->Site->Use New Account Activation->Yes This will make registrants click a link in an automatic email that is sent to them to confirm that they actually want to register and that their email is real.

I have done Global Configuration->Site->Use New Account Activation->Yes and it is not able to activate its account but Is there any way to prevent these kind of spam registrations as it is annoying and also a risk, any extension for this ?

Thanks

As twcmex posted above you'll need to try one of the Captcha type extensions out, I don't have any experience with them myself.
http://extensions.joomla.org/index.php? ... &Itemid=35

The captcha would probably be pretty effective on the registration form. If you can set the characters generated by it to 6 or 7. Most spam bots can not handle captcha with that many characters. Many still can't handle them at all. There are bots out there that can handle 4 or 5 characters in a captcha now though.

While I don't use a captcha on my registration form ( Club site) it is because I don't allow registrations.

On my mosdirectory form I had to add a captcha because club members were getting bombarded with spam from that. The captcha stopped all spam. through that.

On a separate sites submission form, I also use captcha and have not gotten spam from that form.

If you could find one, the phrase type where the person filling out a form has to type in a phrase may work well also.

I am definately having this issue as well. I installed the reCAPTCHA extention in effrot to prevent the user spam but it DID NOT work. perhaps the spambot is invoking some of the inner workings of the registration feature.

Does anybody have any recommendations to address this issue beyond the implmentation of reCAPTCHA? Any ideas?

try re-naming the old registration component.

Redmaple,
Can you provide the community with an example?

Rename the file, or change the URL or language setting?

Thanks,
HC

The problem with that method is the aount of bounces you get when the ficticious email comes back empty. also with gmail, they have plenty of space for confirmations to be stored.
you will then fill up with hundreds off not active accounts

personally i use geo coding to bounce all russian and turkish visitors off my site

Wow. I'd be lucky to just have 2-3 registrations per hour. This is insane. It seems to have really kicked up after I migrated to Joomla 1.5. Though, I cannot confirm and highly doubt it is due exclusively to Joomla 1.5. I am now using SMF 2.0 / SJSB for registration but have just recently enabled Virtuemart. With or without VM, the problem has remained stable.

Perhaps I'll give an .htaccess trick a try?

Saw the tinCaptcha, but it seems to require a core hack. The first referenced Security Images looks more straight forward and apparently is more conducive Virtuemart functionality, since its developer apparently had his hand in it.

Security Images: THE CAPTCHA engine
http://extensions.joomla.org/extensions ... 11/details

tinCaptcha
http://extensions.joomla.org/extensions ... 87/details

Hi,
You can use JRPassphrase http://extensions.joomla.org/extensions/access-&-security/site-access/6660/details to ask a simple question before a user is allowed to register. For example, you could set it to ask "How many weeks are in a year?" or something similar. This will keep away the "RegBots" without requiring a core hack.

Hello,
I was having the same problem, I deal with this the following way (1.0.15) I do not use CB:

I test:
Community-Builder reCAPTCHA Plugin
http://extensions.joomla.org/extensions ... 47/details
Note: Does not help bots still registering.

Then add:
controlledLoginCB plugin (I modify this to redirect to another registration solution not CB)
http://griale.nichost.ru/download/joom/ ... tails.html
Note: This does not help bots still registering.

Removed:
Community-Builder reCAPTCHA Plugin and controlledLoginCB

Then installed:
Security Images: THE CAPTCHA engine
http://extensions.joomla.org/extensions ... 11/details
Applied pathes to the core files:
http://www.waltercedric.com/downloads-f ... -only.html
Note: This actually help the bots stop registering

I take another step , before this I was using:
sh404SEF
http://extensions.joomla.org/extensions ... 80/details
In the config file (security tab) I enable:
Project Honey Pot
http://www.projecthoneypot.org/httpbl_configure.php
I Visit this site and signup for a free Project Honey Pot access key
Note: enable this feature and stops two or three bots a day

The combination of "Security Images: THE CAPTCHA engine" and enable the "sh404SEF Project Honey Pot configuration" inside this component help me to deal with bot registrations.

If some bot gets smart and bypass those two I had modified the reply message to registrations removing the activation link and added a note that said more or less that all accounts are activated manually by the administrator, adds a little of extra work, but is better to be safe, the bot maybe gets registered but not with an active account.

Well I hope this help to others dealing with bots registrations.

Regards,
Juan Manuel

After some testing, I second the 'Security Images' recommendation.

For CAPTCHA, I prefer ReCaptcha (as it's easy to read and vision-impaired accessible, a good project, etc.) - but - it requires patching Joomla.

Security Images worked via plugin, and let me set where to show or not show a captcha (or mathguard). Worked great.

- HC

I assume you do this via the .htaccess file?

If so, could you share the code?

Edit:

Yep, it's done via the htaccess file.

This site was helpful for getting a countries ip's:
http://www.blockacountry.com/index.php

using a script from http://geobytes.com/GeoDirection.htm
The code below redirects users from the countries within Europe to one page and visitors from the United States to another page. The rest of the world stays on the current page that this code is pasted onto.

Cool.

I like that method better then having a long list of IP's in the .htaccess file.

Thanks, Nick

there are loads of different ways to use that script , if you pop over to geobytes.com where the script came from, i am sure the forum has other examples.

I'm having exactly the same problem.

I will try installing 404sef and honeypot.

Thank you for suggestion.

Installing 404sef and honeypot is the way to go. Spam has ended. Thank you.

just enabled the honeypot on 404shsef - will let know how my testing goes

i enabled honeypot and there have been one or two slipping through, but not that much at all - i would say 99% fine