Sudden Surge of Spam Registrations

Discussion regarding Joomla! 3.x security issues.

Moderators: Bernard T, mandville, fcoulter, PhilD, General Support Moderators

Forum rules
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Forum Post Assistant / FPA - If you are serious about wanting help, you will use this tool to help you post.
webbprop
Joomla! Fledgling
Joomla! Fledgling
Posts: 1
Joined: Fri Mar 11, 2016 9:27 pm

Sudden Surge of Spam Registrations

Postby webbprop » Thu Feb 16, 2017 9:16 pm

Hello,

Our site has had sudden surge of spam registrations since January 3, 2017. An example:

Image

Prior to this, spam registration would happen, but only once or twice a month. Now, we're receiving between 1-3 spam registrations a day. Most spambits have not been able to access our website since we have email activation, but this constant surge of fake registrations are negatively affecting our traffic analytics.

Is there a reason for such a sudden surge of spam registrations? How can we stop it? Is there any way we can protect our site against future spam registrations?

User avatar
sozzled
Joomla! Ace
Joomla! Ace
Posts: 1999
Joined: Sun Jul 05, 2009 3:30 am
Location: Canberra, Australia
Contact:

Re: Sudden Surge of Spam Registrations

Postby sozzled » Thu Feb 16, 2017 10:01 pm

The "reasons" for why there may be an abundance of spam registrations on any website—including websites built with Joomla—are almost as as varied as the number of websites that currently exist on the internet today. In answer to your question, therefore, I do not know why your website is receiving an "sudden" upswing/surge in spam registrations. There are many articles on the internet (and discussions in this forum) that relate to spam registrations (and how to prevent spam in websites).

If you have no reason to allow registrations from Russia (i.e. accounts that use email addresses ending in .ru) you could block access to your site from that country (as well as other countries that have a reputation for registering spam accounts on websites).

I'm sorry but, without further information as to how these accounts may be been created on your website, I can't really offer you many useful solutions or suggestions about how to minimise, reduce or "eliminate" such things.
@sozzled2904 - http://www.kuneze.com/blog
If you think I’m wrong then say “I think you're wrong.” If you say “You’re wrong!”, how do you know?

SPProductions
Joomla! Apprentice
Joomla! Apprentice
Posts: 17
Joined: Thu Apr 01, 2010 11:28 pm

Re: Sudden Surge of Spam Registrations

Postby SPProductions » Fri Feb 17, 2017 3:53 am

We've been seeing a surge in spam registrations as well on several sites on several different servers.
We have disabled registration under User: Options. We still get spam registrations.

I'd say there is a major upswing. I'll let you know if I find a solution.

User avatar
sozzled
Joomla! Ace
Joomla! Ace
Posts: 1999
Joined: Sun Jul 05, 2009 3:30 am
Location: Canberra, Australia
Contact:

Re: Sudden Surge of Spam Registrations

Postby sozzled » Fri Feb 17, 2017 4:25 am

SPProductions wrote:We have disabled registration under User: Options. We still get spam registrations.
Just to be sure that I understand completely what you've written:

1) Your Users » Options screen look like this:
j365_userOptions_disableRegistrations.png


and

2) People, including you, are able to register new accounts with these settings.

Please confirm that my understanding is absolutely correct.
You do not have the required permissions to view the files attached to this post.
@sozzled2904 - http://www.kuneze.com/blog
If you think I’m wrong then say “I think you're wrong.” If you say “You’re wrong!”, how do you know?

User avatar
sozzled
Joomla! Ace
Joomla! Ace
Posts: 1999
Joined: Sun Jul 05, 2009 3:30 am
Location: Canberra, Australia
Contact:

Re: Sudden Surge of Spam Registrations

Postby sozzled » Fri Feb 24, 2017 6:56 pm

SPProductions wrote:We've been seeing a surge in spam registrations as well on several sites on several different servers ... I'd say there is a major upswing. I'll let you know if I find a solution.
I would like to make three observations:

1) I note that there has been no further communication from @SPProductions since I asked a couple of questions in my previous post.

2) It's been over a week since this discussion was active. People could have used this time to contribute their thoughts relating to assertions that there has been "a major upswing" in the number of spam registrations in Joomla websites, generally-speaking.

3) I think people can draw their own conclusions from the lack of follow-up on this topic: I think people are likely to conclude that statements like "[a] sudden surge of spam registrations" are counter-productive and are intended to cast doubt about Joomla as a secure platform upon which to build websites.

That's about all we can say on the matter. 8)
Last edited by sozzled on Fri Feb 24, 2017 7:40 pm, edited 1 time in total.
@sozzled2904 - http://www.kuneze.com/blog
If you think I’m wrong then say “I think you're wrong.” If you say “You’re wrong!”, how do you know?

User avatar
JAVesey
Joomla! Ace
Joomla! Ace
Posts: 1261
Joined: Tue May 14, 2013 1:21 pm
Location: Cardiff, Wales, UK
Contact:

Re: Sudden Surge of Spam Registrations

Postby JAVesey » Fri Feb 24, 2017 7:32 pm

I agree with the above; I've not noticed anything unusual recently.
John V
Cardiff, Wales, UK
Website: http://www.llanmon.org.uk (Joomla 3.6.5)

fubarfudd
Joomla! Fledgling
Joomla! Fledgling
Posts: 1
Joined: Mon Mar 06, 2017 7:51 am

Re: Sudden Surge of Spam Registrations

Postby fubarfudd » Mon Mar 06, 2017 7:57 am

According to the Incapsula bot report and others, more than half of all web traffic is bots (both good bots like googlebot and bad bots like spam bots). Nothing major changed over the past few weeks that should have affected your site, but spam bots are out there. And maybe they just found your site.

What sort of security solutions do you have in place? A good Web Application Firewall (WAF) can help.

theachiever
Joomla! Apprentice
Joomla! Apprentice
Posts: 34
Joined: Mon Sep 16, 2013 1:46 pm

Re: Sudden Surge of Spam Registrations

Postby theachiever » Sun Mar 19, 2017 9:30 pm

Dear Friends,

I can at least share that I am also facing a sudden surge in spam registration. Kindly have a look at the graphics:

Surge in Spam Registration.jpg


User Options settings are:

User Options.jpg


I have now changed the Google ReCaptcha 1.0 to 2.0. But it is yet to be seen whether it would be able to contain the spam registration or not.

Kindly guide what steps should I take to prevent the attack by Bots.

With thanks,

RK
You do not have the required permissions to view the files attached to this post.

theachiever
Joomla! Apprentice
Joomla! Apprentice
Posts: 34
Joined: Mon Sep 16, 2013 1:46 pm

Re: Sudden Surge of Spam Registrations

Postby theachiever » Mon Mar 20, 2017 1:07 pm

Dear Friends,

I am using Joomla 3.6.5. Elevated permissions are w.r.t. SuiteCRM folders/files only.

Here is the FPA output:
Problem Description :: Forum Post Assistant (v1.3.0) : 20th March 2017 wrote:Sudden surge in SPAM Registrations
Last PHP Error(s) Reported :: Forum Post Assistant (v1.3.0) : 20th March 2017 wrote:[20-Mar-2017 11:10:23 Etc/GMT] PHP Notice: Use of undefined constant JPATH_COMPONENT_ADMINISTRATOR - assumed 'JPATH_COMPONENT_ADMINISTRATOR' in /home/luminisi/public_html/components/com_banners/models/banners.php on line 15
Forum Post Assistant (v1.3.0) : 20th March 2017 wrote:
Basic Environment :: wrote:Joomla! Instance :: Joomla! 3.6.5-Stable (Noether) 1-December-2016
Joomla! Configured :: Yes | Read-Only (444) | Owner: --protected-- . (uid: 1/gid: 1) | Group: --protected-- (gid: 1) | Valid For: 3.6
Configuration Options :: Offline: 0 | SEF: 1 | SEF Suffix: 0 | SEF ReWrite: 1 | .htaccess/web.config: Yes | GZip: 1 | Cache: 0 | FTP Layer: 0 | SSL: 0 | Error Reporting: default | Site Debug: 0 | Language Debug: 0 | Default Access: 1 | Unicode Slugs: 0 | Database Credentials Present: Yes

Host Configuration :: OS: Linux | OS Version: 2.6.32-673.8.1.lve1.4.3.el6.x86_64 | Technology: x86_64 | Web Server: Apache Phusion_Passenger/4.0.10 mod_bwlimited/1.4 mod_fcgid/2.3.9 | Encoding: gzip, deflate | Doc Root: /home2/luminisi/public_html | System TMP Writable: Yes

PHP Configuration :: Version: 5.6.25 | PHP API: cgi-fcgi | Session Path Writable: Yes | Display Errors: | Error Reporting: 30719 | Log Errors To: error_log | Last Known Error: 20th March 2017 12:43:48. | Register Globals: | Magic Quotes: | Safe Mode: | Open Base: | Uploads: 1 | Max. Upload Size: 32M | Max. POST Size: 32M | Max. Input Time: 60 | Max. Execution Time: 180 | Memory Limit: 512M

MySQL Configuration :: Version: 5.5.40-36.1 (Client:5.5.40-36.1) | Host: --protected-- (--protected--) | Collation: latin1_swedish_ci (Character Set: latin1) | Database Size: 18.43 MiB | #of Tables:  227
Detailed Environment :: wrote:PHP Extensions :: Core (5.6.25) | date (5.6.25) | ereg () | libxml () | openssl () | pcre () | sqlite3 (0.7-dev) | zlib (2.0) | bz2 () | calendar () | ctype () | curl () | hash (1.0) | filter (0.11.0) | ftp () | gettext () | gmp () | SPL (0.2) | iconv () | pcntl () | readline (5.6.25) | Reflection ($Id: 5f15287237d5f78d75b19c26915aa7bd83dee8b8 $) | session () | standard (5.6.25) | shmop () | SimpleXML (0.1) | mbstring () | tokenizer (0.1) | xml () | cgi-fcgi () | PDO (1.0.4dev) | pdo_mysql (1.0.2) | wddx () | bcmath () | imagick (3.1.2) | gd () | mysql (1.0) | sockets () | zip (1.12.5) | xmlwriter (0.1) | propro (1.0.0) | json (1.2.1) | exif (1.4 $Id: 657a2cc1f26ea75651108ab93b352771f6690ffe $) | soap () | xmlrpc (0.51) | mysqli (0.1) | imap () | raphf (1.1.0) | dom (20031129) | pdo_sqlite (1.0.1) | Phar (2.0.2) | xmlreader (0.1) | posix () | mcrypt () | xsl (0.1) | mhash () | ionCube Loader () | Zend Engine (2.6.0) |
Potential Missing Extensions :: suhosin |

Switch User Environment (Experimental) :: PHP CGI: Yes | Server SU: Yes | PHP SU: Yes | Custom SU (LiteSpeed/Cloud/Grid): Yes
Potential Ownership Issues: No
Folder Permissions :: wrote:Core Folders :: --protected-- (755) | --protected-- (755) | --protected-- (755) | --protected-- (755) | --protected-- (755) | --protected-- (755) | --protected-- (755) | --protected-- (755) | --protected-- (755) | --protected-- (755) | --protected-- (755) | --protected-- (755) | --protected-- (755) |

Elevated Permissions (First 10) :: --protected-- (775) | --protected-- (775) | --protected-- (775) | --protected-- (775) | --protected-- (775) | --protected-- (775) | --protected-- (775) | --protected-- (775) | --protected-- (775) | --protected-- (775) |
Extensions Discovered :: wrote:Strict Information Privacy was selected. Nothing to display.
Templates Discovered :: wrote:_FPA_STRICT Information Privacy Nothing to display.
[/size]
[/quote]


Kindly guide.

With thanks,

RK


Return to “Security in Joomla! 3.x”

Who is online

Users browsing this forum: No registered users and 7 guests