Hundreds of Spam Users are created in my Joomla!!!

Discussion regarding Joomla! 3.x security issues.

Moderators: Bernard T, mandville, fcoulter, PhilD, General Support Moderators

Forum rules
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Forum Post Assistant / FPA - If you are serious about wanting help, you will use this tool to help you post.
aboarken
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 162
Joined: Fri Dec 18, 2015 6:40 pm

Hundreds of Spam Users are created in my Joomla!!!

Post by aboarken » Sun Nov 27, 2016 6:19 pm

Dear Support,


Please be noted that many spam users can create users in my Joomla website...I have used Spambotcheck in order to protect my website and block those spam users...Please why they are able to create as I am using Google Recaptcha?



Website: careers.tis.edu.sa
https://careers.tis.edu.sa/index.php/en/register ( This link is the registration Form)

Kindly for your help.


Ahmad Moussa
You do not have the required permissions to view the files attached to this post.

User avatar
dhuelsmann
Joomla! Master
Joomla! Master
Posts: 19646
Joined: Sun Oct 02, 2005 12:50 am
Location: Omaha, NE
Contact:

Re: Hundreds of Spam Users are created in my Joomla!!!

Post by dhuelsmann » Sun Nov 27, 2016 6:20 pm

What version of Joomla do you have?
Regards, Dave
Past Treasurer Open Source Matters, Inc.
Past Global Moderator
http://www.kiwaniswest.org

aboarken
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 162
Joined: Fri Dec 18, 2015 6:40 pm

Re: Hundreds of Spam Users are created in my Joomla!!!

Post by aboarken » Sun Nov 27, 2016 6:50 pm

I am using the latest version of Joomla 3.6.4.

User avatar
dhuelsmann
Joomla! Master
Joomla! Master
Posts: 19646
Joined: Sun Oct 02, 2005 12:50 am
Location: Omaha, NE
Contact:

Re: Hundreds of Spam Users are created in my Joomla!!!

Post by dhuelsmann » Sun Nov 27, 2016 6:56 pm

Read this viewtopic.php?f=621&t=582860 and download the FPA and post the output here.
Regards, Dave
Past Treasurer Open Source Matters, Inc.
Past Global Moderator
http://www.kiwaniswest.org

aboarken
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 162
Joined: Fri Dec 18, 2015 6:40 pm

Re: Hundreds of Spam Users are created in my Joomla!!!

Post by aboarken » Sun Nov 27, 2016 7:09 pm

Last PHP Error(s) Reported :: Forum Post Assistant (v1.2.7) : 27th November 2016 wrote:[27-Nov-2016 13:00:29 America/Chicago] PHP Strict Standards: Only variables should be assigned by reference in /home/tisserver1/public_html/tis_careers/plugins/user/jsjobsloginredirect/jsjobsloginredirect.php on line 54
Forum Post Assistant (v1.2.7) : 27th November 2016 wrote:
Basic Environment :: wrote:Joomla! Instance :: .- ()
Joomla! Configured :: Yes | Read-Only (444) | Owner: tisserver1 (uid: 1/gid: 1) | Group: tisserver1 (gid: 1) | Valid For: 1.6
Configuration Options :: Offline: 0 | SEF: 1 | SEF Suffix: 0 | SEF ReWrite: 0 | .htaccess/web.config: No | GZip: 0 | Cache: 0 | FTP Layer: 0 | SSL: 2 | Error Reporting: default | Site Debug: 0 | Database Credentials Present: Yes

Host Configuration :: OS: Linux | OS Version: 2.6.32-042stab113.11 | Technology: x86_64 | Web Server: Apache | Encoding: gzip, deflate | Doc Root: /home/tisserver1/public_html/tis_careers | System TMP Writable: Yes

PHP Configuration :: Version: 5.5.36 | PHP API: cgi-fcgi | Session Path Writable: Yes | Display Errors: | Error Reporting: 24567 | Log Errors To: error_log | Last Known Error: 27th November 2016 13:00:29. | Register Globals: | Magic Quotes: | Safe Mode: | Open Base: | Uploads: 1 | Max. Upload Size: 1000M | Max. POST Size: 900M | Max. Input Time: 60 | Max. Execution Time: 20000 | Memory Limit: -1

MySQL Configuration :: Version: 5.6.34 (Client:mysqlnd 5.0.11-dev - 20120503 - $Id: 15d5c781cfcad91193dceae1d2cdd127674ddb3e $) | Host: --protected-- (--protected--) | Collation: latin1_swedish_ci (Character Set: latin1) | Database Size: 11.51 MiB | #of Tables: 170
Detailed Environment :: wrote:PHP Extensions :: Core (5.5.36) | date (5.5.36) | ereg () | libxml () | openssl () | pcre () | sqlite3 (0.7-dev) | zlib (2.0) | bcmath () | bz2 () | calendar () | ctype () | curl () | dom (20031129) | filter (0.11.0) | ftp () | gd () | hash (1.0) | iconv () | SPL (0.2) | json (1.2.1) | mbstring () | mcrypt () | session () | standard (5.5.36) | mysqlnd (mysqlnd 5.0.11-dev - 20120503 - $Id: 15d5c781cfcad91193dceae1d2cdd127674ddb3e $) | mysqli (0.1) | Phar (2.0.2) | posix () | Reflection ($Id: dc76d2fe0f3e9c327c1d4ca617d94e26c7fae98d $) | mysql (1.0) | SimpleXML (0.1) | soap () | sockets () | imap () | tokenizer (0.1) | xml () | xmlreader (0.1) | xmlwriter (0.1) | zip (1.11.0) | cgi-fcgi () | PDO (1.0.4dev) | pdo_sqlite (1.0.1) | pdo_mysql (1.0.2) | Zend OPcache (7.0.6-devFE) | Zend Engine (2.5.0) |
Potential Missing Extensions :: suhosin |

Switch User Environment (Experimental) :: PHP CGI: Yes | Server SU: Yes | PHP SU: Yes | Custom SU (LiteSpeed/Cloud/Grid): Yes
Potential Ownership Issues: No
Folder Permissions :: wrote:Core Folders :: images/ (755) | components/ (755) | modules/ (755) | plugins/ (755) | language/ (755) | templates/ (755) | cache/ (755) | logs/ (755) | tmp/ (755) | administrator/components/ (755) | administrator/modules/ (755) | administrator/language/ (755) | administrator/templates/ (755) |

Elevated Permissions (First 10) ::
Extensions Discovered :: wrote:Components :: SITE :: com_wrapper (3.0.0) | com_mailto (3.0.0) |
Components :: ADMIN :: com_newsfeeds (3.0.0) | spambotcheck (1.0.1) | com_templates (3.0.0) | com_joomlaupdate (3.6.2) | AcyMailing (5.5.0) | AcyMailing : (auto)Subscribe d (5.5.0) | AcyMailing table of contents g (1.0.0) | AcyMailing : trigger Joomla Co (3.7.0) | AcyMailing Manage text (1.0.0) | AcyMailing Template Class Repl (5.5.0) | AcyMailing Tag : content inser (3.7.0) | AcyMailing : Statistics Plugin (3.7.0) | AcyMailing Editor (5.5.0) | AcyMailing Editor (beta) (4.6.2) | AcyMailing Tag and filter : Co (3.7.2) | AcyMailing Tag and filter : Co (3.7.2) | AcyMailing Tag : Date / Time (5.5.0) | AcyMailing : share on social n (1.0.0) | AcyMailing Module (3.7.0) | AcyMailing Tag : Subscriber in (5.5.0) | AcyMailing Tag : Joomla User I (5.5.0) | AcyMailing Tag : Website links (3.7.0) | AcyMailing Tag : Manage the Su (5.5.0) | Quick Logout (1.9.3) | COM_JSJOBS (1.1.5) | com_plugins (3.0.0) | com_users (3.0.0) | com_config (3.0.0) | com_installer (3.0.0) | Akeeba (5.2.4) | com_banners (3.0.0) | com_cache (3.0.0) | com_cpanel (3.0.0) | com_checkin (3.0.0) | com_ajax (3.2.0) | com_search (3.0.0) | com_modules (3.0.0) | com_postinstall (3.2.0) | com_content (3.0.0) | com_admin (3.0.0) | com_contenthistory (3.2.0) | com_login (3.0.0) | mod_k2_comments (-) | mod_k2_comments (-) | COM_K2 (2.7.1) | com_menus (3.0.0) | com_categories (3.0.0) | com_languages (3.0.0) | com_profiles (1.5.0) | com_jaextmanager (2.5.3) | com_jaextmanager (2.6.2) | com_tags (3.1.0) | com_redirect (3.0.0) | com_finder (3.0.0) | com_media (3.0.0) | com_messages (3.0.0) |

Modules :: SITE :: JS Hot Jobs (1.0.2) | JA Masshead (2.6.1) | mod_articles_latest (3.0.0) | mod_breadcrumbs (3.0.0) | mod_feed (3.0.0) | JS Gold Jobs (1.0.0) | mod_articles_popular (3.0.0) | JS Jobs On Map (1.0.0) | JS Resume Search (1.0) | mod_articles_archive (3.0.0) | JS Featured Companies (1.0.0) | JS Jobs Login (1.0) | mod_banners (3.0.0) | JS Top Jobs (1.0.2) | JS Jobs Stats (1.0.0) | mod_stats (3.0.0) | JS Gold Resumes (1.0.0) | mod_articles_news (3.0.0) | mod_syndicate (3.0.0) | JS Jobs By Cities (1.0.0) | K2 Content (2.7.1) | K2 Tools (2.7.1) | JS Jobs By Categories (1.0.0) | JS Jobs By Countries (1.0.0) | mod_random_image (3.0.0) | JS Featured Jobs (1.0.0) | mod_articles_categories (3.0.0) | mod_footer (3.0.0) | K2 Users (2.7.1) | mod_wrapper (3.0.0) | mod_related_items (3.0.0) | K2 User (2.7.1) | mod_tags_popular (3.1.0) | JA Facebook Like Box Module (2.6.1) | JS Jobs By States (1.0.0) | mod_whosonline (3.0.0) | Search JS Jobs (1.0.3) | mod_languages (3.5.0) | mod_custom (3.0.0) | JS Gold Companies (1.0.0) | JS Newest Jobs (1.0.2) | mod_users_latest (3.0.0) | AcyMailing Module (3.7.0) | JS Featured Resumes (1.0.0) | JS top Resumes (1.0.0) | JA Side News (2.6.7) | mod_login (3.0.0) | mod_search (3.0.0) | mod_finder (3.0.0) | mod_menu (3.0.0) | JS newest Resumes (1.0.0) | mod_tags_similar (3.1.0) | K2 Comments (2.7.1) | JA Content Slider (2.7.2) | JA Slideshow Lite (1.2.3) | mod_articles_category (3.0.0) |
Modules :: ADMIN :: mod_quickicon (3.0.0) | mod_feed (3.0.0) | mod_toolbar (3.0.0) | mod_latest (3.0.0) | mod_popular (3.0.0) | K2 Stats (admin) (2.7.1) | mod_version (3.0.0) | mod_custom (3.0.0) | mod_logged (3.0.0) | K2 Quick Icons (admin) (2.7.1) | mod_title (3.0.0) | mod_submenu (3.0.0) | mod_stats_admin (3.0.0) | mod_multilangstatus (3.0.0) | mod_login (3.0.0) | mod_status (3.0.0) | mod_menu (3.0.0) |

Plugins :: SITE :: plg_installer_webinstaller (1.1.0) | PLG_INSTALLER_FOLDERINSTALLER (3.6.0) | PLG_INSTALLER_URLINSTALLER (3.6.0) | plg_installer_packageinstaller (3.6.0) | User - SpambotCheck (1.3.13) | plg_user_contactcreator (3.0.0) | User - K2 (2.7.1) | plg_user_joomla (3.0.0) | plg_user_profile (3.0.0) | JSJobs Login Redirect (1.0) | plg_twofactorauth_yubikey (3.2.0) | plg_twofactorauth_totp (3.2.0) | plg_editors_tinymce (4.4.3) | AcyMailing Editor (5.5.0) | AcyMailing Editor (beta) (4.6.2) | plg_editors_codemirror (5.18.0) | T3 Framework (2.6.1) | System - SpambotCheckExtended (1.0.1) | plg_system_stats (3.5.0) | plg_system_highlight (3.0.0) | plg_system_p3p (3.0.0) | plg_system_redirect (3.0.0) | plg_system_logout (3.0.0) | PLG_SYSTEM_BACKUPONUPDATE_TITL (3.7) | plg_system_cache (3.0.0) | plg_system_remember (3.0.0) | System - K2 (2.7.1) | PLG_SYSTEM_AKEEBAUPDATECHECK_T (1.1) | plg_system_languagefilter (3.0.0) | JSJobs Register (1.0) | plg_system_sef (3.0.0) | plg_system_debug (3.0.0) | AcyMailing : (auto)Subscribe d (5.5.0) | plg_system_updatenotification (3.5.0) | plg_system_log (3.0.0) | plg_system_admintplhelper (1.0.0) | plg_system_languagecode (3.0.0) | AcyMailing Manage text (1.0.0) | AcyMailing : Statistics Plugin (3.7.0) | AcyMailing Tag : Date / Time (5.5.0) | AcyMailing Tag : Subscriber in (5.5.0) | AcyMailing Tag : Joomla User I (5.5.0) | AcyMailing Tag and filter : Co (3.7.2) | AcyMailing Tag and filter : Co (3.7.2) | AcyMailing : share on social n (1.0.0) | AcyMailing Template Class Repl (5.5.0) | AcyMailing Tag : Manage the Su (5.5.0) | AcyMailing : trigger Joomla Co (3.7.0) | AcyMailing table of contents g (1.0.0) | AcyMailing Tag : Website links (3.7.0) | AcyMailing Tag : content inser (3.7.0) | plg_finder_categories (3.0.0) | plg_finder_newsfeeds (3.0.0) | plg_finder_tags (3.0.0) | plg_finder_contacts (3.0.0) | plg_finder_content (3.0.0) | plg_finder_k2 (2.7.1) | plg_quickicon_joomlaupdate (3.0.0) | plg_quickicon_akeebabackup (1.0) | plg_quickicon_extensionupdate (3.0.0) | Josetta - K2 Categories (2.6.9) | Josetta - K2 Items (2.6.9) | JS Job By Categories (1.0.0) | JS Gold Resumes (1.0) | JS Search Jobs (1.0.1) | JS Newest Jobs (1.0.1) | JS Featured Companies (1.0) | JS Gold Companies (1.0) | JS Search Resumes (1.0) | JS Jobs BY Cities (1.0.0) | JS Hot Jobs (1.0.1) | plg_content_loadmodule (3.0.0) | plg_content_emailcloak (3.0.0) | JS Jobs By States (1.0.0) | JS Newest Resumes (1.0.1) | plg_content_finder (3.0.0) | JS Top Resumes (1.0.1) | plg_content_pagebreak (3.0.0) | plg_content_joomla (3.0.0) | JS Featured Jobs (1.0.0) | plg_content_pagenavigation (3.0.0) | JS Jobs By Countries (1.0.0) | JS Top Jobs (1.0.0) | plg_content_vote (3.0.0) | JS Gold Jobs (1.0.0) | JS Featured Resumes (1.0) | plg_authentication_ldap (3.0.0) | plg_authentication_cookie (3.0.0) | plg_authentication_gmail (3.0.0) | plg_authentication_joomla (3.0.0) | plg_captcha_recaptcha (3.4.0) | plg_search_categories (3.0.0) | plg_search_newsfeeds (3.0.0) | plg_search_tags (3.0.0) | plg_search_contacts (3.0.0) | plg_search_content (3.0.0) | Search - K2 (2.7.1) | plg_editors-xtd_image (3.0.0) | plg_editors-xtd_article (3.0.0) | plg_editors-xtd_module (3.5.0) | plg_editors-xtd_pagebreak (3.0.0) | plg_editors-xtd_readmore (3.0.0) | plg_extension_joomla (3.0.0) |
Templates Discovered :: wrote:Templates :: SITE :: protostar (1.0) | beez3 (3.1.0) | ja_university_t3 (1.1.5) |
Templates :: ADMIN :: hathor (3.0.0) | isis (1.0) |

User avatar
JAVesey
Joomla! Ace
Joomla! Ace
Posts: 1843
Joined: Tue May 14, 2013 1:21 pm
Location: Cardiff, Wales, UK
Contact:

Re: Hundreds of Spam Users are created in my Joomla!!!

Post by JAVesey » Sun Nov 27, 2016 10:35 pm

Were these users created before or after you upgraded to v3.6.4?
What is the range of the account-created dates?
Have the accounts been activated?
What user-privileges do the accounts have?
Have these accounts actually logged in?
Have they been used to do/post anything on your site?
John V
Cardiff, Wales, UK
Uses Joomla 3.9.1

aboarken
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 162
Joined: Fri Dec 18, 2015 6:40 pm

Re: Hundreds of Spam Users are created in my Joomla!!!

Post by aboarken » Mon Nov 28, 2016 5:02 am

Hi JAVesey,

1- I think all users are created after upgrading as everything was working fine before I upgrade.
2- Every day and every 15 minutes or less or sometimes every two minutes new user is registered (24/7).
3- Not all the accounts are activated but all others yes until I have installed an extension (Spambotcheck) that prevents the creation of new users.
4- The user-privileges the accounts have is registered.
5- Nop these users dont login. Just they are created.
6- Nop they dont post anything on my website...they are just created.

Regards,

Ahmad Moussa

User avatar
mandville
Joomla! Master
Joomla! Master
Posts: 14728
Joined: Mon Mar 20, 2006 1:56 am
Location: The Girly Side of Joomla in Sussex

Re: Hundreds of Spam Users are created in my Joomla!!!

Post by mandville » Mon Nov 28, 2016 10:04 am

do they sign up for the newsletter and get auto created a user account
HU2HY- Poor questions = Poor answer
Un requested Help PM's will be reported, added to the foe list and possibly just deleted
{VEL Team Leader}{TM Auditor }{ Showcase & Security forums Moderator}

tonytranupc
Joomla! Apprentice
Joomla! Apprentice
Posts: 26
Joined: Mon Sep 12, 2016 4:14 am

Re: Hundreds of Spam Users are created in my Joomla!!!

Post by tonytranupc » Mon Nov 28, 2016 2:23 pm

I've seen some kinds of automatic software that use CURL to sign up new account automatically. That could the one situation.

aboarken
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 162
Joined: Fri Dec 18, 2015 6:40 pm

Re: Hundreds of Spam Users are created in my Joomla!!!

Post by aboarken » Mon Nov 28, 2016 4:35 pm

Hi, I found the issue:

https://careers.tis.edu.sa/index.php/en ... gistration (This link should be hidden, how can I do that?) I am registering my users using another plugin (JS Login: https://careers.tis.edu.sa/index.php/en/register) ...Please how can I make joomla default registration link hidden or remove register button so spam users can not create users?

Thanks in Advance.

User avatar
fcoulter
Joomla! Ace
Joomla! Ace
Posts: 1685
Joined: Thu Sep 13, 2007 11:39 am
Location: UK
Contact:

Re: Hundreds of Spam Users are created in my Joomla!!!

Post by fcoulter » Mon Nov 28, 2016 5:59 pm

Hiding the link is not likely to help you, because the spam bots would still be able to reach the registration page as a native joomla url.

What you could try is to enable the recapchta plugin for the standard joomla registration so that if bots try to use it to sign up then it should defeat them. I am not sure if it is compatible with the js jobs registration though so it is not guaranteed to work. But worth a try.
http://www.spiralscripts.co.uk for Joomla! extensions
http://www.fionacoulter.com/blog my personal website
Security Forum moderator :: VEL team member
"Wearing my tin foil hat with pride"

aboarken
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 162
Joined: Fri Dec 18, 2015 6:40 pm

Re: Hundreds of Spam Users are created in my Joomla!!!

Post by aboarken » Mon Nov 28, 2016 6:55 pm

Thanks Fcoulter, but If I enabled Google Recaptcha JS Jobs Registration Form will not work.

User avatar
fcoulter
Joomla! Ace
Joomla! Ace
Posts: 1685
Joined: Thu Sep 13, 2007 11:39 am
Location: UK
Contact:

Re: Hundreds of Spam Users are created in my Joomla!!!

Post by fcoulter » Mon Nov 28, 2016 7:57 pm

I would check with the developer of js jobs about that. Looking at the JS Jobs registration plugin it looks as if it should be compatible with the Joomla Recaptcha plugin, it appears to be designed that way.
http://www.spiralscripts.co.uk for Joomla! extensions
http://www.fionacoulter.com/blog my personal website
Security Forum moderator :: VEL team member
"Wearing my tin foil hat with pride"

aboarken
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 162
Joined: Fri Dec 18, 2015 6:40 pm

Re: Hundreds of Spam Users are created in my Joomla!!!

Post by aboarken » Tue Nov 29, 2016 5:53 am

The Problem is fixed:

The common way to avoid span registration is using the recaptcha on registration form . A 3rd party extension is used on my Joomla Default Registration form to show recaptcha. This will prevent public to create fake users.

The extension used is: ECC+ - EasyCalcCheck Plus - Joomla! 3

https://extensions.joomla.org/extension ... check-plus

Regards,

Ahmad
Last edited by toivo on Tue Nov 29, 2016 6:44 am, edited 1 time in total.
Reason: mod note: replaced the link with the JED URL - please read the forum rules about extensions

drgarden
Joomla! Apprentice
Joomla! Apprentice
Posts: 9
Joined: Fri Mar 30, 2012 11:51 pm

Re: Hundreds of Spam Users are created in my Joomla!!!

Post by drgarden » Tue Nov 29, 2016 5:19 pm

Is this still working? I've tried different extensions and I'm still being attacked with hundreds of Spam Users in Joomla 3.6.4.

Yesterday I had to disable Registration all together. However, the attempts to access my Admin dashboard has not stopped, which now has caused my site to be shutdown due to an excessive number of invalid logins.

On top of that... today I'm not even able to log-out of the admin dashboard!? Now I need to find a fix for this too.

User avatar
JAVesey
Joomla! Ace
Joomla! Ace
Posts: 1843
Joined: Tue May 14, 2013 1:21 pm
Location: Cardiff, Wales, UK
Contact:

Re: Hundreds of Spam Users are created in my Joomla!!!

Post by JAVesey » Tue Nov 29, 2016 5:37 pm

drgarden wrote:Yesterday I had to disable Registration all together. However, the attempts to access my Admin dashboard has not stopped, which now has caused my site to be shutdown due to an excessive number of invalid logins.
This will be because your /administrator login page is easy to find on a standard Joomla installation.

Try the AdminExile plugin; it allows you to choose your own administrator login page URL and provides front- and back-end brute force protection.
John V
Cardiff, Wales, UK
Uses Joomla 3.9.1

drgarden
Joomla! Apprentice
Joomla! Apprentice
Posts: 9
Joined: Fri Mar 30, 2012 11:51 pm

Re: Hundreds of Spam Users are created in my Joomla!!!

Post by drgarden » Tue Nov 29, 2016 5:53 pm

Thank you John,

This sounds like a great fix. However, in looking this over, it's seems a bit intimidating for a novice like myself. Eight pages of mostly over-my-head information.

"keys" "penalties"

I've downloaded it and will see if I can pull this off.

User avatar
mandville
Joomla! Master
Joomla! Master
Posts: 14728
Joined: Mon Mar 20, 2006 1:56 am
Location: The Girly Side of Joomla in Sussex

Re: Hundreds of Spam Users are created in my Joomla!!!

Post by mandville » Tue Nov 29, 2016 6:02 pm

drgarden wrote:Thank you John,


"keys" "penalties"

.
Please explain this
HU2HY- Poor questions = Poor answer
Un requested Help PM's will be reported, added to the foe list and possibly just deleted
{VEL Team Leader}{TM Auditor }{ Showcase & Security forums Moderator}

drgarden
Joomla! Apprentice
Joomla! Apprentice
Posts: 9
Joined: Fri Mar 30, 2012 11:51 pm

Re: Hundreds of Spam Users are created in my Joomla!!!

Post by drgarden » Tue Nov 29, 2016 11:29 pm

JAVesey wrote:
drgarden wrote:Yesterday I had to disable Registration all together. However, the attempts to access my Admin dashboard has not stopped, which now has caused my site to be shutdown due to an excessive number of invalid logins.
This will be because your /administrator login page is easy to find on a standard Joomla installation.

Try the AdminExile plugin; it allows you to choose your own administrator login page URL and provides front- and back-end brute force protection.

I got it to work! And I'm happy to say, AdminExile has been steadily blocking several Brute Force attempts to access my site! Thanks so much John (JAVesey)! This is an excellent and well needed plug-in!

aboarken
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 162
Joined: Fri Dec 18, 2015 6:40 pm

Re: Hundreds of Spam Users are created in my Joomla!!!

Post by aboarken » Wed Nov 30, 2016 8:26 am

Hi drgarden and Everyone,

For now everything is working fine but after all of these comments I will install AdminExile for sure. Thanks all for your great support.

Have a nice day.

Ahmad Moussa

User avatar
JAVesey
Joomla! Ace
Joomla! Ace
Posts: 1843
Joined: Tue May 14, 2013 1:21 pm
Location: Cardiff, Wales, UK
Contact:

Re: Hundreds of Spam Users are created in my Joomla!!!

Post by JAVesey » Sat Dec 03, 2016 11:39 am

drgarden wrote:I got it to work! And I'm happy to say, AdminExile has been steadily blocking several Brute Force attempts to access my site! Thanks so much John (JAVesey)! This is an excellent and well needed plug-in!
It is a fab plugin. It works really well with the standard Joomla Two-Factor Authentication too. Use both together to protect access to your admin 8)
John V
Cardiff, Wales, UK
Uses Joomla 3.9.1

aboarken
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 162
Joined: Fri Dec 18, 2015 6:40 pm

Re: Hundreds of Spam Users are created in my Joomla!!!

Post by aboarken » Tue Dec 06, 2016 1:29 pm

Thanks you for your Help JAVesey. I will do that as soon as possible.

User avatar
stutteringp0et
Joomla! Ace
Joomla! Ace
Posts: 1384
Joined: Sat Oct 28, 2006 11:16 pm
Location: Texas
Contact:

Re: Hundreds of Spam Users are created in my Joomla!!!

Post by stutteringp0et » Tue Apr 18, 2017 10:20 pm

I love seeing success stories like this from people using my AdminExile plugin.

I was searching for anyone claiming to have defeated it, when I ran across this. It brings warm feelings to my heart to know that it makes such a big difference to so many people!
My extensions: http://extensions.joomla.org/profile/pr ... ails/18398
Honk if this signature offends you.

User avatar
JAVesey
Joomla! Ace
Joomla! Ace
Posts: 1843
Joined: Tue May 14, 2013 1:21 pm
Location: Cardiff, Wales, UK
Contact:

Re: Hundreds of Spam Users are created in my Joomla!!!

Post by JAVesey » Wed Apr 19, 2017 8:52 am

stutteringp0et wrote:I love seeing success stories like this from people using my AdminExile plugin.

I was searching for anyone claiming to have defeated it, when I ran across this. It brings warm feelings to my heart to know that it makes such a big difference to so many people!
Happy to point users in its direction - peace of mind is a wonderful thing :D
John V
Cardiff, Wales, UK
Uses Joomla 3.9.1

judygross
Joomla! Fledgling
Joomla! Fledgling
Posts: 1
Joined: Mon Feb 26, 2018 10:53 pm

Re: Hundreds of Spam Users are created in my Joomla!!!

Post by judygross » Mon Feb 26, 2018 10:58 pm

The AdminExile plugin did not work on my website - I had to have the 'accounts' disabled to stop it -in the end, the bogus accounts were non stop for nearly 24 hrs.

User avatar
sozzled
Joomla! Champion
Joomla! Champion
Posts: 6046
Joined: Sun Jul 05, 2009 3:30 am
Location: Canberra, Australia
Contact:

Re: Hundreds of Spam Users are created in my Joomla!!!

Post by sozzled » Tue Feb 27, 2018 2:09 am

This is [kind of] one of my "favourite" subjects. There are several different ways I've used over the years to prevent unwanted account registrations on sites that I've created or on those that I help other people to manage. While I have no direct experience with AdminExile (and, therefore, I cannot comment on its effectiveness in this matter), there is one, almost 100% guaranteed mechanism to prevent unwanted registrations on any website (Joomla or non-Joomla) ...
.
.
.
.
.
... charge people a fee to register an account. In 30+ years of developing websites, I've never seen an unwanted account on any website where I've used this approach! ;)

I wonder why this approach works when other ideas don't ... hmmmm?
https://www.kuneze.com/blog
Former member of Kunena project team
If you think I’m wrong then say “I think you're wrong.” If you say “You’re wrong!”, how do you know?

User avatar
stutteringp0et
Joomla! Ace
Joomla! Ace
Posts: 1384
Joined: Sat Oct 28, 2006 11:16 pm
Location: Texas
Contact:

Re: Hundreds of Spam Users are created in my Joomla!!!

Post by stutteringp0et » Tue Feb 27, 2018 7:34 am

My AdminExile plugin doesn't stop people from registering - it stops unauthorized access to /administrator

I do, however, have a Captcha that works quite well. Look up HashCash in the JED. It is the least annoying Captcha you'll ever see - because you'll never see it.

Not selling anything - HashCash is free.
My extensions: http://extensions.joomla.org/profile/pr ... ails/18398
Honk if this signature offends you.

User avatar
JAVesey
Joomla! Ace
Joomla! Ace
Posts: 1843
Joined: Tue May 14, 2013 1:21 pm
Location: Cardiff, Wales, UK
Contact:

Re: Hundreds of Spam Users are created in my Joomla!!!

Post by JAVesey » Tue Feb 27, 2018 7:58 am

stutteringp0et wrote:I do, however, have a Captcha that works quite well. Look up HashCash in the JED. It is the least annoying Captcha you'll ever see - because you'll never see it.
If it's as good as your other plugins then it will work like a charm...

*goes to JED/Richeyweb*

:geek:
John V
Cardiff, Wales, UK
Uses Joomla 3.9.1

aboarken
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 162
Joined: Fri Dec 18, 2015 6:40 pm

Re: Hundreds of Spam Users are created in my Joomla!!!

Post by aboarken » Sun Mar 04, 2018 6:22 pm

The common way to avoid span registration is using the recaptcha on registration form . A 3rd party extension is used on my Joomla Default Registration form to show recaptcha. This will prevent public to create fake users.

The extension used is: ECC+ - EasyCalcCheck Plus - Joomla! 3.

Good Luck stutteringp0et, also be noted that the AdminExile has been split to free version and paid version to get all features.

User avatar
stutteringp0et
Joomla! Ace
Joomla! Ace
Posts: 1384
Joined: Sat Oct 28, 2006 11:16 pm
Location: Texas
Contact:

Re: Hundreds of Spam Users are created in my Joomla!!!

Post by stutteringp0et » Sun Mar 04, 2018 10:16 pm

The paid version of AdminExile is for users who don't administer their own servers.

I run the free version on my own websites.

Server administrators can use things like fail2ban to achieve the bruteforce blocking, ipset with iptables to black and white list - I even graph attempts using the server logs.

Yes, I split it because I spend A LOT of time and money to give away free extensions.
My extensions: http://extensions.joomla.org/profile/pr ... ails/18398
Honk if this signature offends you.


Post Reply

Return to “Security in Joomla! 3.x”