Use reg security issue hacker?

[darb]

Hi I got a user that could register unoticed in one Joomla 3.9.22 site and can bypass the user register process. I have disable everything but discovered that he still can login to the site though I get this info notice from Joomla Joomla User Actions. See below and attachment pics.

Latest User Actions
This is the latest action performed by a user on your website.
Action Date Extension Name IP Address
User logged out from site 2020-11-10 01:28:20 UTC Users 114.119.150.227

What to do and any tips?

db3.jpg

db1.jpg

I will check if he is going trough the ACY mailing extension in some way..hmm nope he is not present there. Problem is I got these Latest User Actions even I have not login to the site and I dont know whats going on whey I get notice of logout of site and another ip no 871 is my id but I have not login to the site...

[Webdongle]

https://forumpostassistant.github.io/docs/ please

[darb]

I will do that.

I had a review of the whole site and removed all unwanted extensions plg etc but today again..

I got a new reg spammer now [ redacted ] email: [ redacted ] with IP no address: [ redacted ] and from 15 nov to 17 nov this guy had some activity
Details: [ redacted ] appears in our database 124 times https://www.stopforumspam.com/domain/[ redacted ]

So strange when I have register as disabled and no other reg extension on this site..

[darb]

HI Toivo, you are breaking the forum rules.

Can you explain your reason to have "personal" details removed?

Is this your own interpretation of what can be post here or not? Pls give me the forum rules that tell that you have the power to remove this...

Last edited by toivo on Tue Nov 17, 2020 7:44 am, edited 1 time in total.
Reason: mod note: 'personal' details removed

[toivo]

Neither hacker nor hack details are allowed here. As simple as that.

[darb]

Neither hacker nor hack details are allowed here. As simple as that.

Ok can you point me to that forum rules here Toivo? or is this your own interpretation?

[sozzled]

Neither hacker nor hack details are allowed here. As simple as that.

Ok can you point me to that forum rules here Toivo? or is this your own interpretation?

FYI, the forum rules clearly state:

This is not the place to settle a commercial disagreement for custom development or to be a 'wall of shame'. Any posts deemed to be of this nature will be removed. Settle your disputes in private please.

It's as simple as that.

[AMurray]

As a "Joomla Ace" you should know the rules

[darb]

As a "Joomla Ace" you should know the rules

Yes I know the rules and have being in this community since it started also suggested to use/promote phpBB at that time we started up. I had a another name in the beginning but that was messed up after an update.

Anyhow I dont agree with you n o t to disclose this information, and there is no rule about it, bcs I also think it can help and let other people know about these important security hacks that occour.

But now I know now what and why this happend to a fresh new Joomla 3.9.22 install with only 2 respected updated extensions only. For others I recommend to follow that link and block all these IP numbers from xxx hackers until Joomla have a solution.

All the best!

[Webdongle]

Blocking ip addresses will be as much use as a chocolate teapot.

Posting spam details is (in itself) spam. And posting spam is against the rules.

[darb]

Blocking ip addresses will be as much use as a chocolate teapot.

Posting spam details is (in itself) spam. And posting spam is against the rules.

Good logic?