Users registering without registration form being published Topic is solved

[mandville]

This is not always due to a hack, mostly, it is a site administrators failure.

I have had a spate of new Users appearing in my User Manager.
I am the only authorised user on my sites (Super User) - so how do these spammers get in; and how to block them in future?

I've received email messages from my website, telling me that a new user has registered.
1. There is no user registration form on the website
2. These appear to be hacks
.

The symptom checklist is as follows:
Did you turn off New User Registration in the Options of User Manager? Since J3.4.0
The User Registration option is switched OFF by default for new Joomla installations
If you have upgraded from an older version then you may need to change it yourself:

On all joomla installations, unless the module code is deleted, the registration form is still available even when you don't have a menu item pointing to it. Spam bots are preprogammed with the non sef link to the module (likewise for drupal and wordpress targetting bots)

[*]In Users > User ManagerClick on [Options] (on the right)
on [Component] tab set "Allow User Registration" to No.

Prevention:
If you require users to register but want to cut down on the bot registrations, then on a normal site it is good idea to be using
[*] the self activation part as a lot of bots use fake addresses and wont be able to confirm their registration.
or
[*]you can set new registrations to "public" which means they think they have registered but cant do anything until you raise them to registered level.
or
[*] you can set new registrations to no /disabled
It helps to have captcha installed, meaning one more hurdle for bots and spammers to go through.

Related links

https://docs.joomla.org/Help34:Componen ... figuration
https://docs.joomla.org/Setting_user_re ... ion_policy

[Hellen VH]

I had post this question under “Remove "Forgot your password? Forgot your username?", but today when I read your post I thought that maybe it is a good idea ask this question here.

I am not a Joomla expert, your advice will be very important for me. In my case, I do not want the login form be shown when someone tries to access the site using /component/users.

Is it correct to override the /com_users/login/default_log.php into my html folder template and redirect the user to the homepage? Something likes this:
<?php
defined('_JEXEC') or die;
JHtml::_('behavior.keepalive');
function Redirect($url, $permanent = false)
{
if (headers_sent() === false)
{
header('Location: ' . $url, true, ($permanent === true) ? 301 : 302);
}
exit();
}
Redirect('http://domain-name.com/', false);
?>
It works for me perfectly on my localhost; but I am not sure if it is the correct way to do it. Or is better through the .htaccess?

Thanks for the info you can give me.

[brian]

No the correct way is to do exactly what Mandville says above and "turn off New User Registration in the Options of User Manager? "

What you are proposing is easy to overcome (not posting here how)

[Hellen VH]

Oh! Thanks for your information. Sorry that I posted that here.
The New User Registration option is off, of course this works.
Is there another way to prevent the login form to be shown?

[uaintgotthisid]

To unpublish the login form.

Go to Extensions > Modules

Change the "type" to "login"

The modules you see are all Login modules. Unpublish them and you will remove the login form.

[hvitnov]

I am not able to turn of user registration since I don't see an "options" button in my user manager in Joomla 3.4.4 (see attached screenshot). It seems to be missing from the menu.
Also when creating a login form, it comes with the option for users to register, so I assume the user registration option is not set to off in my case.
I am not the first admin on the site, so it may well be a consequence of a failed upgrade or similar, but checking database etc. in the extension manager produces no errors, so I am puzzled.

Any ideas as to why the options button would not show up?

[brian]

You are not logged in asa Super Administrator - just a regular admin

[hvitnov]

You are absolutely right. I've been placed in the admin and not the super user group.
Talk about looking in all the wrong places, when the answer is (literally) right under your nose.

Thanks Brian

[brian]

Glad to help

[bluesardine]

did you sort this?
Go to users - then right hand side options - Allow registration set to NO

[DorsetJoomla]

Thanks for this I was just about to raise a new topic about this very issue.

[legalno]

Dear representatives of Joomla!

In my CMS Joomla! v. 3.4.8 constantly receive a large number of new users. I think that there are bots (spammers). Disable new user registration in the CMS settings did not help solve the problem. Please help solve the problem

Yours sincerely,
Alexander

[mandville]

Please make a new post with your forum post assistant report

[sua may tinh]

wow. good thank

[lukebainton]

ok that is good but i have registered already

thanks

[changlee]

You have also to use Google reCaptcha, it will save your lifes :-)

[mandville]

You have also to use Google reCaptcha, it will save your lifes :-)

or
[*] you can set new registrations to no /disabled
It helps to have captcha installed, meaning one more hurdle for bots and spammers to go through.

[ofir]

Hi, I have Joomla at version 3.6.2 and today I've received an email that a user registered.
I go to the User Manager and I see it has a random name and a random Gmail address and he has Administrator access,



I deleted him and navigated to User > Options and the user registration was not enabled (was on 'No'),
Guest User Group was set to Public.

So how is this possible? Did someone hack into my server/Joomla?

[apsilva]

update to 3.6.4 now. That's a known security issue
See https://www.joomla.org/announcements/re ... eased.html

[ofir]

update to 3.6.4 now. That's a known security issue
See https://www.joomla.org/announcements/re ... eased.html

Thank you, While I'm surprised that such a major flaw existed, good thing it was fixed already.

[sithub]

down vote
There are many possible ways that the hacker has broken into your web,

I recommend you see these documents:

https://docs.joomla.org/Security

As to your question I would bet that the hacker could somehow upload a file to your website with a script that creates the user directly into the database.

With knowledge of Joomla tables and function it is relatively simple to do.

[sithub]

Did you turn off New User Registration in the Options of User Manager? Since J3.4.0
The User Registration option is switched OFF by default for new Joomla installations
If you have upgraded from an older version then you've to change it yourself:

[pcpetes]

down vote
There are many possible ways that the hacker has broken into your web,

I recommend you see these documents:

https://docs.joomla.org/Security

As to your question I would bet that the hacker could somehow upload a file to your website with a script that creates the user directly into the database.

With knowledge of Joomla tables and function it is relatively simple to do.

Can hacker scripts targetting the database be stopped by changing the table prefix from the default when installing joomla 3.7.5 as a hacker would need that for a accurate script to work ??

[Per Yngve Berg]

Can hacker scripts targetting the database be stopped by changing the table prefix from the default when installing joomla 3.7.5 as a hacker would need that for a accurate script to work ??

There is no default database prefix in Joomla 3.7.5. It's randomly set during installation. The default was "jos_" back in version 1.5.

[pcpetes]

Per Yngve Berg: Ok, thanks

[changlee]

Hi, I have Joomla at version 3.6.2 and today I've received an email that a user registered.
I go to the User Manager and I see it has a random name and a random Gmail address and he has Administrator access,

I deleted him and navigated to User > Options and the user registration was not enabled (was on 'No'),
Guest User Group was set to Public.

So how is this possible? Did someone hack into my server/Joomla?

Have you updated EVERYTHING? Joomla, Components, Modules, Plugins?

[john-doe]

Can hacker scripts targetting the database be stopped by changing the table prefix from the default when installing joomla 3.7.5 as a hacker would need that for a accurate script to work ??

There is no default database prefix in Joomla 3.7.5. It's randomly set during installation. The default was "jos_" back in version 1.5.

Some hosting providers with "Autoinstallers" sets up Joomla 3.X with jos_ prefix which does not help much. It is better practice upload the files and install it by yourself.

[leolam]

g providers with "Autoinstallers" sets up Joomla 3.X with jos_ prefix which does not help much.

Please clarify this statement since it is not clear for me? You refer to Softaculous and co?

Leo

[sozzled]

I go away for a week and nothing changes. *sigh*

Why are we resurrecting these things, years after they were once "topical"?

[AMurray]

@Leolamn perhaps miss-read the last post date as October 12, 2019, not 2018.