Strange usernames and email addresses like HyxmcNuhGL

[billvv]

I am getting a dozen or so registration requests daily (J. is set up to require my approval to register on the site) that I have to go in and delete the disabled and unactivated user from the User Manager. I've tried putting the login screen in a sub-menu but that didn't work.

Here's a couple examples.....

username: HyxmcNuhGL
email: [email protected] (I've changed this slightly - just seemed like a good idea)

Any idea how I can prevent them from getting to the user list in the first place?

[sozzled]

There are ways to prevent user registration attempts that involved certain email domains (e.g. gmail.com) if that's what you would like. It all depends on where these attempts come from, doesn't it? It's not easy to prevent "meaningless"/trashy usernames being used: if people would prefer to register an account with a name like HyxmcNuhGL instead of, say, BillSmith that's their choice, isn't it?

Anyway, because you have setup your website so that you, as the administrator, have to approve these registration attempts, these "people"—if they are, indeed, real people, can't do a lot. Having said that, you would also be aware that 'bots—automated scripts—often use non-existent or disposable email addresses. There are ways to prevent attempted registrations that involve non-existent email addresses if that's something you're interested in doing.

[billvv]

These are all from either gmail.com or outlook.com which we can't just block since it's more than likely that we will have legitimate new users with those domains. If there's a way to test that they are legitimate addresses, that would be good to try.

[sozzled]

Fair enough (about allowing people to use gmail.com or outlook.com to register new accounts) if that's what you want.

The easiest way that I've found—to test if an email address exists at the time a new registration attempt is made—is to use a free system plugin called Pre Registration Email Validation. I know that I've used the URL that refers to the JED and the extension is unpublished there—and that the link to the error code that explains why the extension was de-listed doesn't work—but I am following the forum rules:

• Linking to extensions: If an extension (commercial or otherwise) is listed in the JED then the link from the forum must be to the approved JED listing only.

If you use Google to search for "Pre Registration Email Validation for Joomla" you should easily find where you can download the plugin.

I use this extension myself on a few websites; it still works with the latest release of J! 3.x and PHP 7.x and assists to considerably reduce the incidence of fake registration attempts. I have not looked into its operation for PHP 8.x, sorry, and furthermore J! 3.10.4 does not work properly with PHP 8.1 yet.

You may also be interested in a discussion we had a while ago about how to prevent spam registrations.

[deleted user]

I've been getting those. Seem to be Russian spammers.