More and more Users Register with Not Enabled & Not Activated State

Discussion regarding Joomla! 3.x security issues.

Moderators: Bernard T, mandville, fcoulter, PhilD, General Support Moderators

Forum rules
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Forum Post Assistant / FPA - If you are serious about wanting help, you will use this tool to help you post.
Post Reply
Estranghero
Joomla! Explorer
Joomla! Explorer
Posts: 276
Joined: Thu May 14, 2009 7:05 am

More and more Users Register with Not Enabled & Not Activated State

Post by Estranghero » Tue Feb 06, 2018 8:39 pm

Hi, may I interfere in this one? Because I got exactly the same issue (I added a screenshot). I already installed RS Firewall and ose-antihacker. But still I'm getting more and more users :-\ ! Is there a way to stop that? my site is: "austrialandscapes.org"
best regards!
You do not have the required permissions to view the files attached to this post.
Last edited by imanickam on Thu Feb 08, 2018 3:56 am, edited 1 time in total.
Reason: Split from the topic https://forum.joomla.org/viewtopic.php?f=714&t=957950. In the future, for your issues, please create a separate topic. Even though the symptoms my be the same, the root cause could be different.

User avatar
sozzled
Joomla! Champion
Joomla! Champion
Posts: 5628
Joined: Sun Jul 05, 2009 3:30 am
Location: Canberra, Australia
Contact:

Re: Many, many new users, not enabled or activated

Post by sozzled » Tue Feb 06, 2018 9:09 pm

I understand the situation and I empathise with the problem. I have a similar personal experience with a website that I help manage. Last year this website was being frequently bombarded with new account registrations in spite of using CAPTCHA, agreement to TOS or having to complete mandatory items. Nothing seemed to stop this occurring. As far as we could tell, the email addresses were all fake. After the email addresses were then created, the people using this technique would then complete the registration process and then flood the forum with spam.

We tried several techniques (including the use of Akeeba Admin Tools "geo-blocking") but nothing worked. Every day we were spending time removing the spurious accounts before they were activated. This was not a pleasurable experience.

However, we did eventually stop these attacks very simply by installing a plugin that sent an email before the [account registration] submit button could be pressed and required an acknowledgement of a code to be entered before the request to create a new account could be made. It was really simple because, as we know, these attacks are created by automated mechanisms that don't check for what information appears on the registration form. These automated mechanisms assume that they're able to bypass the CAPTCHA, enter random information in the data fields, check off the "Accept TOS" box and they've done half of what's needed before they activate the account.

So, to let you in on the "secret" (it's not a secret, really), install a plugin to require a "pre-registration email validation". See https://extensions.joomla.org/extension ... alidation/

In the meantime, delete the spurious accounts from your website. I think you'll find that, after installing and enabling this plugin, your spurious accounts will stop almost immediately.
https://www.kuneze.com/blog
Former member of Kunena project team
If you think I’m wrong then say “I think you're wrong.” If you say “You’re wrong!”, how do you know?

Estranghero
Joomla! Explorer
Joomla! Explorer
Posts: 276
Joined: Thu May 14, 2009 7:05 am

Re: Many, many new users, not enabled or activated

Post by Estranghero » Wed Feb 07, 2018 9:50 am

Hi sozzled,
thank you very much for your quick response! This plugin sounds very interestingut the download link does not seem to work anymore (Screenshot) :( ! Is there any direct link, please?
best regards!
You do not have the required permissions to view the files attached to this post.

Estranghero
Joomla! Explorer
Joomla! Explorer
Posts: 276
Joined: Thu May 14, 2009 7:05 am

Re: Many, many new users, not enabled or activated

Post by Estranghero » Wed Feb 07, 2018 9:52 am

sorry for the confusion! I guess I got it! url has being changed to: http://www.function90.com/products/free ... ation.html

cheers and best regards!

Estranghero
Joomla! Explorer
Joomla! Explorer
Posts: 276
Joined: Thu May 14, 2009 7:05 am

Re: Many, many new users, not enabled or activated

Post by Estranghero » Wed Feb 07, 2018 10:47 am

hi sozzled,

I just tried your recommended plugin, and want report the outcome; Unfortunately, it did not work! I'm still getting new fake registration within in minutes :( !

best regards!

mabdelaziz
Joomla! Intern
Joomla! Intern
Posts: 87
Joined: Mon Aug 21, 2006 10:56 am
Location: Alexandria, Egypt
Contact:

Re: Many, many new users, not enabled or activated

Post by mabdelaziz » Wed Feb 07, 2018 11:12 am

Hi,

I have had the same situation before in one of my websites, then I configured the password options to be more strict, I set it to require minimum 2 integers, 2 symbols and 2 uppercase.

This configuration stopped these fake registrations forever in my case.
Joomla extensions, tutorials and blogs
https://www.joomreem.com

Custom development is available.
Mohamed Abdelaziz

Estranghero
Joomla! Explorer
Joomla! Explorer
Posts: 276
Joined: Thu May 14, 2009 7:05 am

Re: Many, many new users, not enabled or activated

Post by Estranghero » Wed Feb 07, 2018 2:55 pm

thank you for the reply, mabdelaziz. Sorry for keep asking you, but I can't see any pwd options neither inside the registration module, nor in Global Config. Unfortunately, neither the web gave me some result, when asking for setting pwd option. Could you please be more specific where to find these settings?

best regards

Estranghero
Joomla! Explorer
Joomla! Explorer
Posts: 276
Joined: Thu May 14, 2009 7:05 am

Re: Many, many new users, not enabled or activated

Post by Estranghero » Wed Feb 07, 2018 2:58 pm

ok, I was just too quick! For anyone who's looking for that option, you'll find it under "Users" > "Manage" > than "Option" at the right top corner. Thank you, mabdelaziz. I'll definetly give that a try ;) !

mabdelaziz
Joomla! Intern
Joomla! Intern
Posts: 87
Joined: Mon Aug 21, 2006 10:56 am
Location: Alexandria, Egypt
Contact:

Re: Many, many new users, not enabled or activated

Post by mabdelaziz » Wed Feb 07, 2018 3:09 pm

You are welcome!

Please share the result with us :)
Joomla extensions, tutorials and blogs
https://www.joomreem.com

Custom development is available.
Mohamed Abdelaziz

Estranghero
Joomla! Explorer
Joomla! Explorer
Posts: 276
Joined: Thu May 14, 2009 7:05 am

Re: Many, many new users, not enabled or activated

Post by Estranghero » Wed Feb 07, 2018 5:01 pm

Yes, you were right, mabdelaziz! No more registrations :laugh: ! Thank you very very much, my friend! I had that same issue before. I always thought it was a virus. That was one of the mayor reason I rebuilt my entire site. Now, I know it! Thanx again and wish you a great time 8) !

mabdelaziz
Joomla! Intern
Joomla! Intern
Posts: 87
Joined: Mon Aug 21, 2006 10:56 am
Location: Alexandria, Egypt
Contact:

Re: Many, many new users, not enabled or activated

Post by mabdelaziz » Wed Feb 07, 2018 5:20 pm

My friend,
Glad that it helped you, Estranghero :)

wish you the best!
Joomla extensions, tutorials and blogs
https://www.joomreem.com

Custom development is available.
Mohamed Abdelaziz


Post Reply

Return to “Security in Joomla! 3.x”