Spam User Registration ??

Discussion regarding Joomla! security issues.

Moderator: General Support Moderators

Forum rules
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Security Checklist
Forum Post Assistant - If you are serious about wanting help, you will use this tool to help you post.
chappers
Joomla! Fledgling
Joomla! Fledgling
Posts: 3
Joined: Sat Jun 28, 2008 4:14 pm

Spam User Registration ??

Post by chappers » Sat Jun 28, 2008 4:30 pm

Hi, i keep getting what looks like "spam user registrations" occur on my joomla website.

What i mean by that is, someone/something is trying to register a user on my site with a weird looking name. I have the site set up to then email me the fact that someone has tried registering a user and i need to approve it.

This is happening fairly frequently (30-50 every few weeks).

Here is an example of one of the emails i get telling me an attempt has been made to register a user :-

A new User has registered at XYZ
This e-mail contains their details:

Name - gromokiltus
E-mail - bazalistz97@mail.ru
Username - gromokiltus

Please do not respond to this message as it is automatically generated and is for information purposes only


Obviously the name/email/username vary, but a lot of the email addresses seem to end in mail.ru.

Anyone else experienced this ? How can i stop it ?

User avatar
twcmex
Joomla! Guru
Joomla! Guru
Posts: 551
Joined: Sat Dec 16, 2006 10:35 pm
Location: Durango, Mexico

Re: Spam User Registration ??

Post by twcmex » Sat Jun 28, 2008 6:02 pm

try this or a similar extension
-Joe

tiha
Joomla! Fledgling
Joomla! Fledgling
Posts: 1
Joined: Thu Aug 07, 2008 6:15 am

Re: Spam User Registration ??

Post by tiha » Thu Aug 07, 2008 6:21 am

Hi there,

I started having the same spam user registrations on my site since approximately the same date.

They all have some bogus username and the e-mail address is made up of the same name @gmail.com

There are approximately 2-3 registrations of this kind on my site per day.

Anyone please knows what this is?

Examples:

11 ylxlvfe ylxlvfe Enabled Registered bhzyma@jyqehj.com - 72
12 hjximoxo hjximoxo Enabled Registered pkwsfz@aoieah.com - 73
13 ivxsrywuj ivxsrywuj Enabled Registered eykqis@xlycqi.com - 74
14 chimchans chimchans Enabled Registered chimchans@gmail.com - 75
15 trastuso trastuso Enabled Registered proskostya@yandex.ua - 76
16 wmsets wmsets Enabled Registered wmsets@gmail.com - 77
17 kashollp kashollp Enabled Registered kashollp@gmail.com - 78
18 Kedeaaa Kedeaaa Enabled Registered jolonoh@gmail.com - 79
19 nanoidel nanoidel Enabled Registered nanoidel@gmail.com - 80
20 mankartenb mankartenb Enabled Registered mankartenb@gmail.com - 81
21 sutshamol sutshamol Enabled Registered sutshamol@gmail.com - 82
22 wopressk wopressk Enabled Registered wopressk@gmail.com - 83
23 dutareyor dutareyor Enabled Registered dutareyor@gmail.com - 84
24 xolonho xolonho Enabled Registered trastuso@yandex.ua - 85
25 perrokits perrokits Enabled Registered perrokits@gmail.com - 86
26 labingda labingda Enabled Registered labingda@gmail.com - 87
27 rararbol rararbol Enabled Registered rararbol@gmail.com - 88
28 salxmblimd salxmblimd Enabled Registered npedoe@bdmbmt.com - 89
29 regerno regerno Enabled Registered regerno@gmail.com - 90
30 chuppeth chuppeth Enabled Registered chuppeth@gmail.com - 91

Joomaboom
Joomla! Intern
Joomla! Intern
Posts: 73
Joined: Fri Sep 02, 2005 4:19 pm

Re: Spam User Registration ??

Post by Joomaboom » Thu Aug 07, 2008 2:32 pm

These are registrations from a type of Spambot. The spambots look for any type of form on the web and try to fill in the form with spam in the hopes that the spam will be posted to a guestbook or forum or even just spamming the email recipient of the form. If you haven't already you might want to select Yes in your Global Configuration->Site->Use New Account Activation->Yes This will make registrants click a link in an automatic email that is sent to them to confirm that they actually want to register and that their email is real.

redmaple
Joomla! Fledgling
Joomla! Fledgling
Posts: 2
Joined: Thu Aug 14, 2008 1:06 am

Re: Spam User Registration ??

Post by redmaple » Thu Aug 14, 2008 1:10 am

I have done Global Configuration->Site->Use New Account Activation->Yes and it is not able to activate its account but Is there any way to prevent these kind of spam registrations as it is annoying and also a risk, any extension for this ?

Thanks

Joomaboom
Joomla! Intern
Joomla! Intern
Posts: 73
Joined: Fri Sep 02, 2005 4:19 pm

Re: Spam User Registration ??

Post by Joomaboom » Thu Aug 14, 2008 1:59 pm

As twcmex posted above you'll need to try one of the Captcha type extensions out, I don't have any experience with them myself.
http://extensions.joomla.org/index.php? ... &Itemid=35

User avatar
PhilD
Joomla! Hero
Joomla! Hero
Posts: 2734
Joined: Sat Oct 21, 2006 10:20 pm
Location: Wisconsin USA
Contact:

Re: Spam User Registration ??

Post by PhilD » Thu Aug 14, 2008 3:00 pm

The captcha would probably be pretty effective on the registration form. If you can set the characters generated by it to 6 or 7. Most spam bots can not handle captcha with that many characters. Many still can't handle them at all. There are bots out there that can handle 4 or 5 characters in a captcha now though.

While I don't use a captcha on my registration form ( Club site) it is because I don't allow registrations.

On my mosdirectory form I had to add a captcha because club members were getting bombarded with spam from that. The captcha stopped all spam. through that.

On a separate sites submission form, I also use captcha and have not gotten spam from that form.

If you could find one, the phrase type where the person filling out a form has to type in a phrase may work well also.
PhilD -- Unrequested PM's and/or emails may not get a response.
Security Moderator

assurbanibpal
Joomla! Apprentice
Joomla! Apprentice
Posts: 7
Joined: Wed Jan 23, 2008 1:24 pm

Re: Spam User Registration ??

Post by assurbanibpal » Thu Aug 28, 2008 7:16 pm

Joomaboom wrote:As twcmex posted above you'll need to try one of the Captcha type extensions out, I don't have any experience with them myself.
http://extensions.joomla.org/index.php? ... &Itemid=35
I am definately having this issue as well. I installed the reCAPTCHA extention in effrot to prevent the user spam but it DID NOT work. perhaps the spambot is invoking some of the inner workings of the registration feature.

Does anybody have any recommendations to address this issue beyond the implmentation of reCAPTCHA? Any ideas?

redmaple
Joomla! Fledgling
Joomla! Fledgling
Posts: 2
Joined: Thu Aug 14, 2008 1:06 am

Re: Spam User Registration ??

Post by redmaple » Thu Aug 28, 2008 11:52 pm

try re-naming the old registration component.

User avatar
holdencreative
Joomla! Explorer
Joomla! Explorer
Posts: 469
Joined: Thu Oct 13, 2005 1:51 am
Location: Hamilton, ON
Contact:

Re: Spam User Registration ??

Post by holdencreative » Sun Oct 19, 2008 2:49 pm

Redmaple,
Can you provide the community with an example?

Rename the file, or change the URL or language setting?

Thanks,
HC
Joomla! is an all-volunteer project. Be Kind.

Did you know that you can make almost any Joomla! site into an app? http://weeverapps.com

User avatar
mandville
Joomla! Master
Joomla! Master
Posts: 14777
Joined: Mon Mar 20, 2006 1:56 am
Location: The Girly Side of Joomla in Sussex

Re: Spam User Registration ??

Post by mandville » Sun Oct 19, 2008 3:23 pm

Joomaboom wrote:. If you haven't already you might want to select Yes in your Global Configuration->Site->Use New Account Activation->Yes This will make registrants click a link in an automatic email that is sent to them to confirm that they actually want to register and that their email is real.
The problem with that method is the aount of bounces you get when the ficticious email comes back empty. also with gmail, they have plenty of space for confirmations to be stored.
you will then fill up with hundreds off not active accounts

personally i use geo coding to bounce all russian and turkish visitors off my site
HU2HY- Poor questions = Poor answer
Un requested Help PM's will be reported, added to the foe list and possibly just deleted
{VEL Team Leader}{TM Auditor }{ Showcase & Security forums Moderator}

User avatar
FidelGonzales
Joomla! Guru
Joomla! Guru
Posts: 584
Joined: Thu Nov 03, 2005 12:10 am
Location: Hesperia, California, USA
Contact:

Re: Spam User Registration ??

Post by FidelGonzales » Wed Apr 08, 2009 7:26 am

tiha wrote:There are approximately 2-3 registrations of this kind on my site per day.
Wow. I'd be lucky to just have 2-3 registrations per hour. This is insane. It seems to have really kicked up after I migrated to Joomla 1.5. Though, I cannot confirm and highly doubt it is due exclusively to Joomla 1.5. I am now using SMF 2.0 / SJSB for registration but have just recently enabled Virtuemart. With or without VM, the problem has remained stable.

Perhaps I'll give an .htaccess trick a try?
http://www.MediaArmory.com - WEB | PHOTO | WRITE | MARKETING | DESIGN
http://www.DirtArmory.com - Off Road Sports Lifestyle

User avatar
FidelGonzales
Joomla! Guru
Joomla! Guru
Posts: 584
Joined: Thu Nov 03, 2005 12:10 am
Location: Hesperia, California, USA
Contact:

Re: Spam User Registration ??

Post by FidelGonzales » Wed Apr 08, 2009 7:43 am

Saw the tinCaptcha, but it seems to require a core hack. The first referenced Security Images looks more straight forward and apparently is more conducive Virtuemart functionality, since its developer apparently had his hand in it.

Security Images: THE CAPTCHA engine
http://extensions.joomla.org/extensions ... 11/details

tinCaptcha
http://extensions.joomla.org/extensions ... 87/details
http://www.MediaArmory.com - WEB | PHOTO | WRITE | MARKETING | DESIGN
http://www.DirtArmory.com - Off Road Sports Lifestyle

ern1001
Joomla! Intern
Joomla! Intern
Posts: 93
Joined: Wed Mar 12, 2008 6:02 pm

Re: Spam User Registration ??

Post by ern1001 » Fri May 22, 2009 3:17 am

Hi,
You can use JRPassphrase http://extensions.joomla.org/extensions ... 60/details to ask a simple question before a user is allowed to register. For example, you could set it to ask "How many weeks are in a year?" or something similar. This will keep away the "RegBots" without requiring a core hack.

jmro
Joomla! Apprentice
Joomla! Apprentice
Posts: 7
Joined: Thu Mar 29, 2007 8:39 am
Location: Bogota, Col

Re: Spam User Registration ??

Post by jmro » Thu May 28, 2009 1:30 pm

Hello,
I was having the same problem, I deal with this the following way (1.0.15) I do not use CB:

I test:
Community-Builder reCAPTCHA Plugin
http://extensions.joomla.org/extensions ... 47/details
Note: Does not help bots still registering.

Then add:
controlledLoginCB plugin (I modify this to redirect to another registration solution not CB)
http://griale.nichost.ru/download/joom/ ... tails.html
Note: This does not help bots still registering.

Removed:
Community-Builder reCAPTCHA Plugin and controlledLoginCB

Then installed:
Security Images: THE CAPTCHA engine
http://extensions.joomla.org/extensions ... 11/details
Applied pathes to the core files:
http://www.waltercedric.com/downloads-f ... -only.html
Note: This actually help the bots stop registering

I take another step , before this I was using:
sh404SEF
http://extensions.joomla.org/extensions ... 80/details
In the config file (security tab) I enable:
Project Honey Pot
http://www.projecthoneypot.org/httpbl_configure.php
I Visit this site and signup for a free Project Honey Pot access key
Note: enable this feature and stops two or three bots a day

The combination of "Security Images: THE CAPTCHA engine" and enable the "sh404SEF Project Honey Pot configuration" inside this component help me to deal with bot registrations.

If some bot gets smart and bypass those two I had modified the reply message to registrations removing the activation link and added a note that said more or less that all accounts are activated manually by the administrator, adds a little of extra work, but is better to be safe, the bot maybe gets registered but not with an active account.

Well I hope this help to others dealing with bots registrations.

Regards,
Juan Manuel

User avatar
holdencreative
Joomla! Explorer
Joomla! Explorer
Posts: 469
Joined: Thu Oct 13, 2005 1:51 am
Location: Hamilton, ON
Contact:

Re: Spam User Registration ??

Post by holdencreative » Thu May 28, 2009 7:29 pm

After some testing, I second the 'Security Images' recommendation.

For CAPTCHA, I prefer ReCaptcha (as it's easy to read and vision-impaired accessible, a good project, etc.) - but - it requires patching Joomla.

Security Images worked via plugin, and let me set where to show or not show a captcha (or mathguard). Worked great.

- HC
Joomla! is an all-volunteer project. Be Kind.

Did you know that you can make almost any Joomla! site into an app? http://weeverapps.com

nickolai
Joomla! Apprentice
Joomla! Apprentice
Posts: 20
Joined: Fri Dec 22, 2006 4:28 pm
Location: Hickory, NC
Contact:

Re: Spam User Registration ??

Post by nickolai » Sat Jun 06, 2009 6:04 am

mandville wrote: personally i use geo coding to bounce all russian and turkish visitors off my site
I assume you do this via the .htaccess file?

If so, could you share the code?

Edit:

Yep, it's done via the htaccess file.

This site was helpful for getting a countries ip's:
http://www.blockacountry.com/index.php
Last edited by nickolai on Sat Jun 06, 2009 6:14 am, edited 1 time in total.

User avatar
mandville
Joomla! Master
Joomla! Master
Posts: 14777
Joined: Mon Mar 20, 2006 1:56 am
Location: The Girly Side of Joomla in Sussex

Re: Spam User Registration ??

Post by mandville » Sat Jun 06, 2009 6:10 am

using a script from http://geobytes.com/GeoDirection.htm
The code below redirects users from the countries within Europe to one page and visitors from the United States to another page. The rest of the world stays on the current page that this code is pasted onto.

Code: Select all

    



    <head>
    <script language="Javascript" src="http://gd.geobytes.com/Gd?after=-1"></script>
    <script language="javascript">
    var sLocations="US,AL,AD,AT,BE,BG,HR,CZ,DK,EE,FO,FI,FR,DE,GI,GR,"+
    "GG,VA,HU,IE,IT,JE,LV,LI,LT,LU,MK,MT,IM,MC,NL,NO,PL,PT,RO,SM,SK,SI,ES,SE,CH,UK,YU";
    if(typeof(sGeobytesLocationCode)!="undefined")
    {
        var sCountryCode=sGeobytesLocationCode.substring(0,2);
        if(sLocations.indexOf(sCountryCode)==0)
        {
              // Visitors from the US would go here
              document.write("<META HTTP-EQUIV='Refresh' CONTENT='0; URL=enter url here'>");
        }else if(sLocations.indexOf(sCountryCode)>0)
        {
              // Visitors from Europe would go here
              document.write("<META HTTP-EQUIV='Refresh' CONTENT='0; URL=enter url here'>");
        }
    }
    </script>
    </head>


HU2HY- Poor questions = Poor answer
Un requested Help PM's will be reported, added to the foe list and possibly just deleted
{VEL Team Leader}{TM Auditor }{ Showcase & Security forums Moderator}

nickolai
Joomla! Apprentice
Joomla! Apprentice
Posts: 20
Joined: Fri Dec 22, 2006 4:28 pm
Location: Hickory, NC
Contact:

Re: Spam User Registration ??

Post by nickolai » Sat Jun 06, 2009 6:23 am

Cool.

I like that method better then having a long list of IP's in the .htaccess file.

Thanks, Nick

User avatar
mandville
Joomla! Master
Joomla! Master
Posts: 14777
Joined: Mon Mar 20, 2006 1:56 am
Location: The Girly Side of Joomla in Sussex

Re: Spam User Registration ??

Post by mandville » Sat Jun 06, 2009 5:13 pm

there are loads of different ways to use that script , if you pop over to geobytes.com where the script came from, i am sure the forum has other examples.
HU2HY- Poor questions = Poor answer
Un requested Help PM's will be reported, added to the foe list and possibly just deleted
{VEL Team Leader}{TM Auditor }{ Showcase & Security forums Moderator}

User avatar
ArtGoddess
Joomla! Apprentice
Joomla! Apprentice
Posts: 30
Joined: Tue Nov 14, 2006 9:04 am
Location: Spain
Contact:

Re: Spam User Registration ??

Post by ArtGoddess » Tue Jul 21, 2009 9:31 pm

I'm having exactly the same problem.

I will try installing 404sef and honeypot.

Thank you for suggestion.

User avatar
ArtGoddess
Joomla! Apprentice
Joomla! Apprentice
Posts: 30
Joined: Tue Nov 14, 2006 9:04 am
Location: Spain
Contact:

Re: Spam User Registration ??

Post by ArtGoddess » Sat Aug 01, 2009 8:33 am

Installing 404sef and honeypot is the way to go. Spam has ended. Thank you.

User avatar
bossies
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 112
Joined: Tue Oct 11, 2005 3:53 pm
Location: Malmesbury - South Africa
Contact:

Re: Spam User Registration ??

Post by bossies » Wed Sep 16, 2009 7:37 pm

just enabled the honeypot on 404shsef - will let know how my testing goes
Malmesbury - South Africa
http://www.voiceconnect.co.za Voiceconnect
http://www.atmalmesbury.co.za

malmesbury
Joomla! Intern
Joomla! Intern
Posts: 70
Joined: Tue Oct 20, 2009 2:10 pm
Location: Malmesbury South Africa
Contact:

Re: Spam User Registration ??

Post by malmesbury » Wed Oct 28, 2009 7:44 pm

i enabled honeypot and there have been one or two slipping through, but not that much at all - i would say 99% fine

User avatar
fcoulter
Joomla! Ace
Joomla! Ace
Posts: 1685
Joined: Thu Sep 13, 2007 11:39 am
Location: UK
Contact:

Re: Spam User Registration ??

Post by fcoulter » Thu Nov 26, 2009 11:29 am

mandville wrote:using a script from http://geobytes.com/GeoDirection.htm
The code below redirects users from the countries within Europe to one page and visitors from the United States to another page. The rest of the world stays on the current page that this code is pasted onto.

Code: Select all

    



    <head>
    <script language="Javascript" src="http://gd.geobytes.com/Gd?after=-1"></script>
    <script language="javascript">
    var sLocations="US,AL,AD,AT,BE,BG,HR,CZ,DK,EE,FO,FI,FR,DE,GI,GR,"+
    "GG,VA,HU,IE,IT,JE,LV,LI,LT,LU,MK,MT,IM,MC,NL,NO,PL,PT,RO,SM,SK,SI,ES,SE,CH,UK,YU";
    if(typeof(sGeobytesLocationCode)!="undefined")
    {
        var sCountryCode=sGeobytesLocationCode.substring(0,2);
        if(sLocations.indexOf(sCountryCode)==0)
        {
              // Visitors from the US would go here
              document.write("<META HTTP-EQUIV='Refresh' CONTENT='0; URL=enter url here'>");
        }else if(sLocations.indexOf(sCountryCode)>0)
        {
              // Visitors from Europe would go here
              document.write("<META HTTP-EQUIV='Refresh' CONTENT='0; URL=enter url here'>");
        }
    }
    </script>
    </head>


Unfortunately I don't think that this is a good solution - the main reason being that bots don't normally execute javascript.

You could have a script that redirects human visitors but not bots, who would be trapped on the front page, but then benign robots that you want crawling your site would also be trapped, for example Googlebot. Your site would drop out of Google altogether.

In fact it gets worse, because Google can certainly detect the presence of javascript redirects, and may get the impression that you are engaging in 'black-hat' SEO practices such as cloaking. Your site could end up being blacklisted by Google.

A better approach, if you want to block a particular country, is maybe a Joomla system plugin that sends a redirect header based on IP address. There is a free database of country IP addresses at http://www.maxmind.com/app/geolitecountry.

I too have had problems with similar spammy registrations. I solved it first by using a capcha, but this is not ideal, because I don't think human users particularly like them. I am going to give project honeypot a try now.

Before I used the capcha I tried using the Joomla user email activation system - worryingly, I found that some of the spammy registrations seemed able to deal with this.

It is all so annoying, particularly because the spammy registrations are utterly pointless, it is pure nuisance.
http://www.spiralscripts.co.uk for Joomla! extensions
http://www.fionacoulter.com/blog my personal website
Security Forum moderator :: VEL team member
"Wearing my tin foil hat with pride"

User avatar
fcoulter
Joomla! Ace
Joomla! Ace
Posts: 1685
Joined: Thu Sep 13, 2007 11:39 am
Location: UK
Contact:

Re: Spam User Registration ??

Post by fcoulter » Sat Nov 28, 2009 1:51 pm

I am pleased to say that project honeypot seems to be working for me too.
http://www.spiralscripts.co.uk for Joomla! extensions
http://www.fionacoulter.com/blog my personal website
Security Forum moderator :: VEL team member
"Wearing my tin foil hat with pride"

geobytes
Joomla! Fledgling
Joomla! Fledgling
Posts: 1
Joined: Wed Dec 02, 2009 8:03 am

Re: Spam User Registration ??

Post by geobytes » Wed Dec 02, 2009 9:13 am

fcoulter wrote: Unfortunately I don't think that this is a good solution - the main reason being that bots don't normally execute javascript.
Another very simple alternative that avoids JavaScript and the issue with bots, is to implement the redirection (or dynamically control the page content, if you prefer) server side - via a few lines of php code like this.

Code: Select all

$tags = get_meta_tags('http://www.geobytes.com/IpLocator.htm?GetLocation&template=php3.txt&IpAddress=x.x.x.x');
// print $tags['city'];  // city name
if($tags['internet']=='US')
{
   header("location: [some-url that will only be seen by people in the USA]");
   exit;
}
This way you don't need to install any modules and you have the flexibility to redirect based on Country, Region/State, or City.

Mike Cross
Joomla! Apprentice
Joomla! Apprentice
Posts: 17
Joined: Sun Feb 07, 2010 4:41 pm

Re: Spam User Registration ??

Post by Mike Cross » Wed Feb 10, 2010 11:18 am

I have a few PHPBB Forums and they were getting huge numbers of spam registrations. A simple and effective mod was a Security Question.

Problem with Captcha's is the bad guys can devise software that reads them. The security question works by asking a question that a person will know but a machine won't recognise. It's simply a case of a mod that asks the question and validates the answer. If the answer doesn't pass validation the registration fails.

Something like "How many days are there in February in a leap year". If the spambot enters anything other than "29" in the field the registration fails.

Clearly the less obvious the question the better so if you cater for a special interest audience you could tailor it to them, e.g. for a sailing website you could ask "When measuring depth of water 6 feet represents one what?" If they answer "fathom" they're in. Simples!

Now all we need is someone to pick the idea up and write the mod. ;)

Mike

User avatar
mandville
Joomla! Master
Joomla! Master
Posts: 14777
Joined: Mon Mar 20, 2006 1:56 am
Location: The Girly Side of Joomla in Sussex

Re: Spam User Registration ??

Post by mandville » Wed Feb 10, 2010 11:34 am

someone may already have one!
HU2HY- Poor questions = Poor answer
Un requested Help PM's will be reported, added to the foe list and possibly just deleted
{VEL Team Leader}{TM Auditor }{ Showcase & Security forums Moderator}

User avatar
fcoulter
Joomla! Ace
Joomla! Ace
Posts: 1685
Joined: Thu Sep 13, 2007 11:39 am
Location: UK
Contact:

Re: Spam User Registration ??

Post by fcoulter » Wed Feb 10, 2010 12:05 pm

I like this idea.

I have seen similar approaches at work, for example some that involve answering simple maths questions such as what is 5+6? Or showing a picture of an animal and asking respondents to name it.

I think that the key to this has to be unpredictability, and changing the questions regularly, otherwise it would be possible to program software to beat this too.

I don't like captchas, I have found that the ones with Google have become so complex now that I can't read them!
http://www.spiralscripts.co.uk for Joomla! extensions
http://www.fionacoulter.com/blog my personal website
Security Forum moderator :: VEL team member
"Wearing my tin foil hat with pride"


Locked

Return to “Security - 1.0.x”