The Joomla! Forum ™

Hi, i keep getting what looks like "spam user registrations" occur on my joomla website.

What i mean by that is, someone/something is trying to register a user on my site with a weird looking name. I have the site set up to then email me the fact that someone has tried registering a user and i need to approve it.

This is happening fairly frequently (30-50 every few weeks).

Here is an example of one of the emails i get telling me an attempt has been made to register a user :-

A new User has registered at XYZ
This e-mail contains their details:

Name - gromokiltus
E-mail - bazalistz97@mail.ru
Username - gromokiltus

Please do not respond to this message as it is automatically generated and is for information purposes only

Obviously the name/email/username vary, but a lot of the email addresses seem to end in mail.ru.

Anyone else experienced this ? How can i stop it ?

try this or a similar extension

_________________
-Joe

Hi there,

I started having the same spam user registrations on my site since approximately the same date.

They all have some bogus username and the e-mail address is made up of the same name @gmail.com

There are approximately 2-3 registrations of this kind on my site per day.

Anyone please knows what this is?

Examples:

11 ylxlvfe ylxlvfe Enabled Registered bhzyma@jyqehj.com - 72
12 hjximoxo hjximoxo Enabled Registered pkwsfz@aoieah.com - 73
13 ivxsrywuj ivxsrywuj Enabled Registered eykqis@xlycqi.com - 74
14 chimchans chimchans Enabled Registered chimchans@gmail.com - 75
15 trastuso trastuso Enabled Registered proskostya@yandex.ua - 76
16 wmsets wmsets Enabled Registered wmsets@gmail.com - 77
17 kashollp kashollp Enabled Registered kashollp@gmail.com - 78
18 Kedeaaa Kedeaaa Enabled Registered jolonoh@gmail.com - 79
19 nanoidel nanoidel Enabled Registered nanoidel@gmail.com - 80
20 mankartenb mankartenb Enabled Registered mankartenb@gmail.com - 81
21 sutshamol sutshamol Enabled Registered sutshamol@gmail.com - 82
22 wopressk wopressk Enabled Registered wopressk@gmail.com - 83
23 dutareyor dutareyor Enabled Registered dutareyor@gmail.com - 84
24 xolonho xolonho Enabled Registered trastuso@yandex.ua - 85
25 perrokits perrokits Enabled Registered perrokits@gmail.com - 86
26 labingda labingda Enabled Registered labingda@gmail.com - 87
27 rararbol rararbol Enabled Registered rararbol@gmail.com - 88
28 salxmblimd salxmblimd Enabled Registered npedoe@bdmbmt.com - 89
29 regerno regerno Enabled Registered regerno@gmail.com - 90
30 chuppeth chuppeth Enabled Registered chuppeth@gmail.com - 91

These are registrations from a type of Spambot. The spambots look for any type of form on the web and try to fill in the form with spam in the hopes that the spam will be posted to a guestbook or forum or even just spamming the email recipient of the form. If you haven't already you might want to select Yes in your Global Configuration->Site->Use New Account Activation->Yes This will make registrants click a link in an automatic email that is sent to them to confirm that they actually want to register and that their email is real.

I have done Global Configuration->Site->Use New Account Activation->Yes and it is not able to activate its account but Is there any way to prevent these kind of spam registrations as it is annoying and also a risk, any extension for this ?

Thanks

As twcmex posted above you'll need to try one of the Captcha type extensions out, I don't have any experience with them myself.
http://extensions.joomla.org/index.php? ... &Itemid=35

The captcha would probably be pretty effective on the registration form. If you can set the characters generated by it to 6 or 7. Most spam bots can not handle captcha with that many characters. Many still can't handle them at all. There are bots out there that can handle 4 or 5 characters in a captcha now though.

While I don't use a captcha on my registration form ( Club site) it is because I don't allow registrations.

On my mosdirectory form I had to add a captcha because club members were getting bombarded with spam from that. The captcha stopped all spam. through that.

On a separate sites submission form, I also use captcha and have not gotten spam from that form.

If you could find one, the phrase type where the person filling out a form has to type in a phrase may work well also.

_________________
PhilD -- Unrequested PM's and/or emails may not get a response.
Security Moderator

I am definately having this issue as well. I installed the reCAPTCHA extention in effrot to prevent the user spam but it DID NOT work. perhaps the spambot is invoking some of the inner workings of the registration feature.

Does anybody have any recommendations to address this issue beyond the implmentation of reCAPTCHA? Any ideas?

try re-naming the old registration component.

Redmaple,
Can you provide the community with an example?

Rename the file, or change the URL or language setting?

Thanks,
HC

_________________
Joomla! is an all-volunteer project. Be Kind.

Did you know that you can make almost any Joomla! site into an app? http://weeverapps.com

The problem with that method is the aount of bounces you get when the ficticious email comes back empty. also with gmail, they have plenty of space for confirmations to be stored.
you will then fill up with hundreds off not active accounts

personally i use geo coding to bounce all russian and turkish visitors off my site

_________________
HU2HY- Poor questions = Poor answer
Un requested Help PM's will be added to the foe list and possibly just deleted
{Community.Connect Administrator }{ Showcase & Security Moderator}

Wow. I'd be lucky to just have 2-3 registrations per hour. This is insane. It seems to have really kicked up after I migrated to Joomla 1.5. Though, I cannot confirm and highly doubt it is due exclusively to Joomla 1.5. I am now using SMF 2.0 / SJSB for registration but have just recently enabled Virtuemart. With or without VM, the problem has remained stable.

Perhaps I'll give an .htaccess trick a try?

_________________
http://www.MediaArmory.com - WEB | PHOTO | WRITE | MARKETING | DESIGN
http://www.ActionArmory.co - Live Extreme Action Sports Lifestyle

Saw the tinCaptcha, but it seems to require a core hack. The first referenced Security Images looks more straight forward and apparently is more conducive Virtuemart functionality, since its developer apparently had his hand in it.

Security Images: THE CAPTCHA engine
http://extensions.joomla.org/extensions ... 11/details

tinCaptcha
http://extensions.joomla.org/extensions ... 87/details

_________________
http://www.MediaArmory.com - WEB | PHOTO | WRITE | MARKETING | DESIGN
http://www.ActionArmory.co - Live Extreme Action Sports Lifestyle

Hi,
You can use JRPassphrase http://extensions.joomla.org/extensions/access-&-security/site-access/6660/details to ask a simple question before a user is allowed to register. For example, you could set it to ask "How many weeks are in a year?" or something similar. This will keep away the "RegBots" without requiring a core hack.

Hello,
I was having the same problem, I deal with this the following way (1.0.15) I do not use CB:

I test:
Community-Builder reCAPTCHA Plugin
http://extensions.joomla.org/extensions ... 47/details
Note: Does not help bots still registering.

Then add:
controlledLoginCB plugin (I modify this to redirect to another registration solution not CB)
http://griale.nichost.ru/download/joom/ ... tails.html
Note: This does not help bots still registering.

Removed:
Community-Builder reCAPTCHA Plugin and controlledLoginCB

Then installed:
Security Images: THE CAPTCHA engine
http://extensions.joomla.org/extensions ... 11/details
Applied pathes to the core files:
http://www.waltercedric.com/downloads-f ... -only.html
Note: This actually help the bots stop registering

I take another step , before this I was using:
sh404SEF
http://extensions.joomla.org/extensions ... 80/details
In the config file (security tab) I enable:
Project Honey Pot
http://www.projecthoneypot.org/httpbl_configure.php
I Visit this site and signup for a free Project Honey Pot access key
Note: enable this feature and stops two or three bots a day

The combination of "Security Images: THE CAPTCHA engine" and enable the "sh404SEF Project Honey Pot configuration" inside this component help me to deal with bot registrations.

If some bot gets smart and bypass those two I had modified the reply message to registrations removing the activation link and added a note that said more or less that all accounts are activated manually by the administrator, adds a little of extra work, but is better to be safe, the bot maybe gets registered but not with an active account.

Well I hope this help to others dealing with bots registrations.

Regards,
Juan Manuel

After some testing, I second the 'Security Images' recommendation.

For CAPTCHA, I prefer ReCaptcha (as it's easy to read and vision-impaired accessible, a good project, etc.) - but - it requires patching Joomla.

Security Images worked via plugin, and let me set where to show or not show a captcha (or mathguard). Worked great.

- HC

_________________
Joomla! is an all-volunteer project. Be Kind.

Did you know that you can make almost any Joomla! site into an app? http://weeverapps.com

I assume you do this via the .htaccess file?

If so, could you share the code?

Edit:

Yep, it's done via the htaccess file.

This site was helpful for getting a countries ip's:
http://www.blockacountry.com/index.php

_________________
Nick Miletich
Hickory, NC Web Design

using a script from http://geobytes.com/GeoDirection.htm
The code below redirects users from the countries within Europe to one page and visitors from the United States to another page. The rest of the world stays on the current page that this code is pasted onto.

_________________
HU2HY- Poor questions = Poor answer
Un requested Help PM's will be added to the foe list and possibly just deleted
{Community.Connect Administrator }{ Showcase & Security Moderator}

Cool.

I like that method better then having a long list of IP's in the .htaccess file.

Thanks, Nick

_________________
Nick Miletich
Hickory, NC Web Design

there are loads of different ways to use that script , if you pop over to geobytes.com where the script came from, i am sure the forum has other examples.

_________________
HU2HY- Poor questions = Poor answer
Un requested Help PM's will be added to the foe list and possibly just deleted
{Community.Connect Administrator }{ Showcase & Security Moderator}

I'm having exactly the same problem.

I will try installing 404sef and honeypot.

Thank you for suggestion.

_________________
depuración | herbalife

Installing 404sef and honeypot is the way to go. Spam has ended. Thank you.

_________________
depuración | herbalife

just enabled the honeypot on 404shsef - will let know how my testing goes

_________________
Malmesbury - South Africa
http://www.voiceconnect.co.za Affordable web Design
http://www.atmalmesbury.co.za

i enabled honeypot and there have been one or two slipping through, but not that much at all - i would say 99% fine

_________________
Malmesbury Accommodation
http://www.atmalmesbury.co.za/
http://www.atmalmesbury.co.za/directory/Accommodation/

Unfortunately I don't think that this is a good solution - the main reason being that bots don't normally execute javascript.

You could have a script that redirects human visitors but not bots, who would be trapped on the front page, but then benign robots that you want crawling your site would also be trapped, for example Googlebot. Your site would drop out of Google altogether.

In fact it gets worse, because Google can certainly detect the presence of javascript redirects, and may get the impression that you are engaging in 'black-hat' SEO practices such as cloaking. Your site could end up being blacklisted by Google.

A better approach, if you want to block a particular country, is maybe a Joomla system plugin that sends a redirect header based on IP address. There is a free database of country IP addresses at http://www.maxmind.com/app/geolitecountry.

I too have had problems with similar spammy registrations. I solved it first by using a capcha, but this is not ideal, because I don't think human users particularly like them. I am going to give project honeypot a try now.

Before I used the capcha I tried using the Joomla user email activation system - worryingly, I found that some of the spammy registrations seemed able to deal with this.

It is all so annoying, particularly because the spammy registrations are utterly pointless, it is pure nuisance.

_________________
http://www.iswebdesign.co.uk for custom Joomla! design
http://www.spiralscripts.co.uk for Joomla! extensions

I am pleased to say that project honeypot seems to be working for me too.

_________________
http://www.iswebdesign.co.uk for custom Joomla! design
http://www.spiralscripts.co.uk for Joomla! extensions

Another very simple alternative that avoids JavaScript and the issue with bots, is to implement the redirection (or dynamically control the page content, if you prefer) server side - via a few lines of php code like this.

This way you don't need to install any modules and you have the flexibility to redirect based on Country, Region/State, or City.

I have a few PHPBB Forums and they were getting huge numbers of spam registrations. A simple and effective mod was a Security Question.

Problem with Captcha's is the bad guys can devise software that reads them. The security question works by asking a question that a person will know but a machine won't recognise. It's simply a case of a mod that asks the question and validates the answer. If the answer doesn't pass validation the registration fails.

Something like "How many days are there in February in a leap year". If the spambot enters anything other than "29" in the field the registration fails.

Clearly the less obvious the question the better so if you cater for a special interest audience you could tailor it to them, e.g. for a sailing website you could ask "When measuring depth of water 6 feet represents one what?" If they answer "fathom" they're in. Simples!

Now all we need is someone to pick the idea up and write the mod.

Mike

someone may already have one!

_________________
HU2HY- Poor questions = Poor answer
Un requested Help PM's will be added to the foe list and possibly just deleted
{Community.Connect Administrator }{ Showcase & Security Moderator}

I like this idea.

I have seen similar approaches at work, for example some that involve answering simple maths questions such as what is 5+6? Or showing a picture of an animal and asking respondents to name it.

I think that the key to this has to be unpredictability, and changing the questions regularly, otherwise it would be possible to program software to beat this too.

I don't like captchas, I have found that the ones with Google have become so complex now that I can't read them!

_________________
http://www.iswebdesign.co.uk for custom Joomla! design
http://www.spiralscripts.co.uk for Joomla! extensions