Hundreds of Spam Users are created in my Joomla!!!
Moderators: mandville, General Support Moderators
Forum rules
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Forum Post Assistant / FPA - If you are serious about wanting help, you will use this tool to help you post.
Windows Defender SmartScreen Issues <-- please read this if using Windows 10.
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Forum Post Assistant / FPA - If you are serious about wanting help, you will use this tool to help you post.
Windows Defender SmartScreen Issues <-- please read this if using Windows 10.
-
- Joomla! Enthusiast
- Posts: 191
- Joined: Fri Dec 18, 2015 6:40 pm
Hundreds of Spam Users are created in my Joomla!!!
Dear Support,
Please be noted that many spam users can create users in my Joomla website...I have used Spambotcheck in order to protect my website and block those spam users...Please why they are able to create as I am using Google Recaptcha?
Website: careers.tis.edu.sa
https://careers.tis.edu.sa/index.php/en/register ( This link is the registration Form)
Kindly for your help.
Ahmad Moussa
Please be noted that many spam users can create users in my Joomla website...I have used Spambotcheck in order to protect my website and block those spam users...Please why they are able to create as I am using Google Recaptcha?
Website: careers.tis.edu.sa
https://careers.tis.edu.sa/index.php/en/register ( This link is the registration Form)
Kindly for your help.
Ahmad Moussa
You do not have the required permissions to view the files attached to this post.
- dhuelsmann
- Joomla! Master
- Posts: 19659
- Joined: Sun Oct 02, 2005 12:50 am
- Location: Omaha, NE
- Contact:
Re: Hundreds of Spam Users are created in my Joomla!!!
What version of Joomla do you have?
Regards, Dave
Past Treasurer Open Source Matters, Inc.
Past Global Moderator
http://www.kiwaniswest.org
Past Treasurer Open Source Matters, Inc.
Past Global Moderator
http://www.kiwaniswest.org
-
- Joomla! Enthusiast
- Posts: 191
- Joined: Fri Dec 18, 2015 6:40 pm
Re: Hundreds of Spam Users are created in my Joomla!!!
I am using the latest version of Joomla 3.6.4.
- dhuelsmann
- Joomla! Master
- Posts: 19659
- Joined: Sun Oct 02, 2005 12:50 am
- Location: Omaha, NE
- Contact:
Re: Hundreds of Spam Users are created in my Joomla!!!
Read this viewtopic.php?f=621&t=582860 and download the FPA and post the output here.
Regards, Dave
Past Treasurer Open Source Matters, Inc.
Past Global Moderator
http://www.kiwaniswest.org
Past Treasurer Open Source Matters, Inc.
Past Global Moderator
http://www.kiwaniswest.org
-
- Joomla! Enthusiast
- Posts: 191
- Joined: Fri Dec 18, 2015 6:40 pm
Re: Hundreds of Spam Users are created in my Joomla!!!
Last PHP Error(s) Reported :: Forum Post Assistant (v1.2.7) : 27th November 2016 wrote:[27-Nov-2016 13:00:29 America/Chicago] PHP Strict Standards: Only variables should be assigned by reference in /home/tisserver1/public_html/tis_careers/plugins/user/jsjobsloginredirect/jsjobsloginredirect.php on line 54
Forum Post Assistant (v1.2.7) : 27th November 2016 wrote:Basic Environment :: wrote:Joomla! Instance :: .- ()
Joomla! Configured :: Yes | Read-Only (444) | Owner: tisserver1 (uid: 1/gid: 1) | Group: tisserver1 (gid: 1) | Valid For: 1.6
Configuration Options :: Offline: 0 | SEF: 1 | SEF Suffix: 0 | SEF ReWrite: 0 | .htaccess/web.config: No | GZip: 0 | Cache: 0 | FTP Layer: 0 | SSL: 2 | Error Reporting: default | Site Debug: 0 | Database Credentials Present: Yes
Host Configuration :: OS: Linux | OS Version: 2.6.32-042stab113.11 | Technology: x86_64 | Web Server: Apache | Encoding: gzip, deflate | Doc Root: /home/tisserver1/public_html/tis_careers | System TMP Writable: Yes
PHP Configuration :: Version: 5.5.36 | PHP API: cgi-fcgi | Session Path Writable: Yes | Display Errors: | Error Reporting: 24567 | Log Errors To: error_log | Last Known Error: 27th November 2016 13:00:29. | Register Globals: | Magic Quotes: | Safe Mode: | Open Base: | Uploads: 1 | Max. Upload Size: 1000M | Max. POST Size: 900M | Max. Input Time: 60 | Max. Execution Time: 20000 | Memory Limit: -1
MySQL Configuration :: Version: 5.6.34 (Client:mysqlnd 5.0.11-dev - 20120503 - $Id: 15d5c781cfcad91193dceae1d2cdd127674ddb3e $) | Host: --protected-- (--protected--) | Collation: latin1_swedish_ci (Character Set: latin1) | Database Size: 11.51 MiB | #of Tables: 170Detailed Environment :: wrote:PHP Extensions :: Core (5.5.36) | date (5.5.36) | ereg () | libxml () | openssl () | pcre () | sqlite3 (0.7-dev) | zlib (2.0) | bcmath () | bz2 () | calendar () | ctype () | curl () | dom (20031129) | filter (0.11.0) | ftp () | gd () | hash (1.0) | iconv () | SPL (0.2) | json (1.2.1) | mbstring () | mcrypt () | session () | standard (5.5.36) | mysqlnd (mysqlnd 5.0.11-dev - 20120503 - $Id: 15d5c781cfcad91193dceae1d2cdd127674ddb3e $) | mysqli (0.1) | Phar (2.0.2) | posix () | Reflection ($Id: dc76d2fe0f3e9c327c1d4ca617d94e26c7fae98d $) | mysql (1.0) | SimpleXML (0.1) | soap () | sockets () | imap () | tokenizer (0.1) | xml () | xmlreader (0.1) | xmlwriter (0.1) | zip (1.11.0) | cgi-fcgi () | PDO (1.0.4dev) | pdo_sqlite (1.0.1) | pdo_mysql (1.0.2) | Zend OPcache (7.0.6-devFE) | Zend Engine (2.5.0) |
Potential Missing Extensions :: suhosin |
Switch User Environment (Experimental) :: PHP CGI: Yes | Server SU: Yes | PHP SU: Yes | Custom SU (LiteSpeed/Cloud/Grid): Yes
Potential Ownership Issues: NoFolder Permissions :: wrote:Core Folders :: images/ (755) | components/ (755) | modules/ (755) | plugins/ (755) | language/ (755) | templates/ (755) | cache/ (755) | logs/ (755) | tmp/ (755) | administrator/components/ (755) | administrator/modules/ (755) | administrator/language/ (755) | administrator/templates/ (755) |
Elevated Permissions (First 10) ::Extensions Discovered :: wrote:Components :: SITE :: com_wrapper (3.0.0) | com_mailto (3.0.0) |
Components :: ADMIN :: com_newsfeeds (3.0.0) | spambotcheck (1.0.1) | com_templates (3.0.0) | com_joomlaupdate (3.6.2) | AcyMailing (5.5.0) | AcyMailing : (auto)Subscribe d (5.5.0) | AcyMailing table of contents g (1.0.0) | AcyMailing : trigger Joomla Co (3.7.0) | AcyMailing Manage text (1.0.0) | AcyMailing Template Class Repl (5.5.0) | AcyMailing Tag : content inser (3.7.0) | AcyMailing : Statistics Plugin (3.7.0) | AcyMailing Editor (5.5.0) | AcyMailing Editor (beta) (4.6.2) | AcyMailing Tag and filter : Co (3.7.2) | AcyMailing Tag and filter : Co (3.7.2) | AcyMailing Tag : Date / Time (5.5.0) | AcyMailing : share on social n (1.0.0) | AcyMailing Module (3.7.0) | AcyMailing Tag : Subscriber in (5.5.0) | AcyMailing Tag : Joomla User I (5.5.0) | AcyMailing Tag : Website links (3.7.0) | AcyMailing Tag : Manage the Su (5.5.0) | Quick Logout (1.9.3) | COM_JSJOBS (1.1.5) | com_plugins (3.0.0) | com_users (3.0.0) | com_config (3.0.0) | com_installer (3.0.0) | Akeeba (5.2.4) | com_banners (3.0.0) | com_cache (3.0.0) | com_cpanel (3.0.0) | com_checkin (3.0.0) | com_ajax (3.2.0) | com_search (3.0.0) | com_modules (3.0.0) | com_postinstall (3.2.0) | com_content (3.0.0) | com_admin (3.0.0) | com_contenthistory (3.2.0) | com_login (3.0.0) | mod_k2_comments (-) | mod_k2_comments (-) | COM_K2 (2.7.1) | com_menus (3.0.0) | com_categories (3.0.0) | com_languages (3.0.0) | com_profiles (1.5.0) | com_jaextmanager (2.5.3) | com_jaextmanager (2.6.2) | com_tags (3.1.0) | com_redirect (3.0.0) | com_finder (3.0.0) | com_media (3.0.0) | com_messages (3.0.0) |
Modules :: SITE :: JS Hot Jobs (1.0.2) | JA Masshead (2.6.1) | mod_articles_latest (3.0.0) | mod_breadcrumbs (3.0.0) | mod_feed (3.0.0) | JS Gold Jobs (1.0.0) | mod_articles_popular (3.0.0) | JS Jobs On Map (1.0.0) | JS Resume Search (1.0) | mod_articles_archive (3.0.0) | JS Featured Companies (1.0.0) | JS Jobs Login (1.0) | mod_banners (3.0.0) | JS Top Jobs (1.0.2) | JS Jobs Stats (1.0.0) | mod_stats (3.0.0) | JS Gold Resumes (1.0.0) | mod_articles_news (3.0.0) | mod_syndicate (3.0.0) | JS Jobs By Cities (1.0.0) | K2 Content (2.7.1) | K2 Tools (2.7.1) | JS Jobs By Categories (1.0.0) | JS Jobs By Countries (1.0.0) | mod_random_image (3.0.0) | JS Featured Jobs (1.0.0) | mod_articles_categories (3.0.0) | mod_footer (3.0.0) | K2 Users (2.7.1) | mod_wrapper (3.0.0) | mod_related_items (3.0.0) | K2 User (2.7.1) | mod_tags_popular (3.1.0) | JA Facebook Like Box Module (2.6.1) | JS Jobs By States (1.0.0) | mod_whosonline (3.0.0) | Search JS Jobs (1.0.3) | mod_languages (3.5.0) | mod_custom (3.0.0) | JS Gold Companies (1.0.0) | JS Newest Jobs (1.0.2) | mod_users_latest (3.0.0) | AcyMailing Module (3.7.0) | JS Featured Resumes (1.0.0) | JS top Resumes (1.0.0) | JA Side News (2.6.7) | mod_login (3.0.0) | mod_search (3.0.0) | mod_finder (3.0.0) | mod_menu (3.0.0) | JS newest Resumes (1.0.0) | mod_tags_similar (3.1.0) | K2 Comments (2.7.1) | JA Content Slider (2.7.2) | JA Slideshow Lite (1.2.3) | mod_articles_category (3.0.0) |
Modules :: ADMIN :: mod_quickicon (3.0.0) | mod_feed (3.0.0) | mod_toolbar (3.0.0) | mod_latest (3.0.0) | mod_popular (3.0.0) | K2 Stats (admin) (2.7.1) | mod_version (3.0.0) | mod_custom (3.0.0) | mod_logged (3.0.0) | K2 Quick Icons (admin) (2.7.1) | mod_title (3.0.0) | mod_submenu (3.0.0) | mod_stats_admin (3.0.0) | mod_multilangstatus (3.0.0) | mod_login (3.0.0) | mod_status (3.0.0) | mod_menu (3.0.0) |
Plugins :: SITE :: plg_installer_webinstaller (1.1.0) | PLG_INSTALLER_FOLDERINSTALLER (3.6.0) | PLG_INSTALLER_URLINSTALLER (3.6.0) | plg_installer_packageinstaller (3.6.0) | User - SpambotCheck (1.3.13) | plg_user_contactcreator (3.0.0) | User - K2 (2.7.1) | plg_user_joomla (3.0.0) | plg_user_profile (3.0.0) | JSJobs Login Redirect (1.0) | plg_twofactorauth_yubikey (3.2.0) | plg_twofactorauth_totp (3.2.0) | plg_editors_tinymce (4.4.3) | AcyMailing Editor (5.5.0) | AcyMailing Editor (beta) (4.6.2) | plg_editors_codemirror (5.18.0) | T3 Framework (2.6.1) | System - SpambotCheckExtended (1.0.1) | plg_system_stats (3.5.0) | plg_system_highlight (3.0.0) | plg_system_p3p (3.0.0) | plg_system_redirect (3.0.0) | plg_system_logout (3.0.0) | PLG_SYSTEM_BACKUPONUPDATE_TITL (3.7) | plg_system_cache (3.0.0) | plg_system_remember (3.0.0) | System - K2 (2.7.1) | PLG_SYSTEM_AKEEBAUPDATECHECK_T (1.1) | plg_system_languagefilter (3.0.0) | JSJobs Register (1.0) | plg_system_sef (3.0.0) | plg_system_debug (3.0.0) | AcyMailing : (auto)Subscribe d (5.5.0) | plg_system_updatenotification (3.5.0) | plg_system_log (3.0.0) | plg_system_admintplhelper (1.0.0) | plg_system_languagecode (3.0.0) | AcyMailing Manage text (1.0.0) | AcyMailing : Statistics Plugin (3.7.0) | AcyMailing Tag : Date / Time (5.5.0) | AcyMailing Tag : Subscriber in (5.5.0) | AcyMailing Tag : Joomla User I (5.5.0) | AcyMailing Tag and filter : Co (3.7.2) | AcyMailing Tag and filter : Co (3.7.2) | AcyMailing : share on social n (1.0.0) | AcyMailing Template Class Repl (5.5.0) | AcyMailing Tag : Manage the Su (5.5.0) | AcyMailing : trigger Joomla Co (3.7.0) | AcyMailing table of contents g (1.0.0) | AcyMailing Tag : Website links (3.7.0) | AcyMailing Tag : content inser (3.7.0) | plg_finder_categories (3.0.0) | plg_finder_newsfeeds (3.0.0) | plg_finder_tags (3.0.0) | plg_finder_contacts (3.0.0) | plg_finder_content (3.0.0) | plg_finder_k2 (2.7.1) | plg_quickicon_joomlaupdate (3.0.0) | plg_quickicon_akeebabackup (1.0) | plg_quickicon_extensionupdate (3.0.0) | Josetta - K2 Categories (2.6.9) | Josetta - K2 Items (2.6.9) | JS Job By Categories (1.0.0) | JS Gold Resumes (1.0) | JS Search Jobs (1.0.1) | JS Newest Jobs (1.0.1) | JS Featured Companies (1.0) | JS Gold Companies (1.0) | JS Search Resumes (1.0) | JS Jobs BY Cities (1.0.0) | JS Hot Jobs (1.0.1) | plg_content_loadmodule (3.0.0) | plg_content_emailcloak (3.0.0) | JS Jobs By States (1.0.0) | JS Newest Resumes (1.0.1) | plg_content_finder (3.0.0) | JS Top Resumes (1.0.1) | plg_content_pagebreak (3.0.0) | plg_content_joomla (3.0.0) | JS Featured Jobs (1.0.0) | plg_content_pagenavigation (3.0.0) | JS Jobs By Countries (1.0.0) | JS Top Jobs (1.0.0) | plg_content_vote (3.0.0) | JS Gold Jobs (1.0.0) | JS Featured Resumes (1.0) | plg_authentication_ldap (3.0.0) | plg_authentication_cookie (3.0.0) | plg_authentication_gmail (3.0.0) | plg_authentication_joomla (3.0.0) | plg_captcha_recaptcha (3.4.0) | plg_search_categories (3.0.0) | plg_search_newsfeeds (3.0.0) | plg_search_tags (3.0.0) | plg_search_contacts (3.0.0) | plg_search_content (3.0.0) | Search - K2 (2.7.1) | plg_editors-xtd_image (3.0.0) | plg_editors-xtd_article (3.0.0) | plg_editors-xtd_module (3.5.0) | plg_editors-xtd_pagebreak (3.0.0) | plg_editors-xtd_readmore (3.0.0) | plg_extension_joomla (3.0.0) |Templates Discovered :: wrote:Templates :: SITE :: protostar (1.0) | beez3 (3.1.0) | ja_university_t3 (1.1.5) |
Templates :: ADMIN :: hathor (3.0.0) | isis (1.0) |
- JAVesey
- Joomla! Hero
- Posts: 2634
- Joined: Tue May 14, 2013 1:21 pm
- Location: Cardiff, Wales, UK
- Contact:
Re: Hundreds of Spam Users are created in my Joomla!!!
Were these users created before or after you upgraded to v3.6.4?
What is the range of the account-created dates?
Have the accounts been activated?
What user-privileges do the accounts have?
Have these accounts actually logged in?
Have they been used to do/post anything on your site?
What is the range of the account-created dates?
Have the accounts been activated?
What user-privileges do the accounts have?
Have these accounts actually logged in?
Have they been used to do/post anything on your site?
John V
Cardiff, Wales, UK
Joomla 5.1.0 "live" site on PHP 8.2.15 and MariaDB 10.11.7
Joomla 5.1.0 on XAMMP for OSX with PHP 8.2.4 and MariaDB 10.4.28
Cardiff, Wales, UK
Joomla 5.1.0 "live" site on PHP 8.2.15 and MariaDB 10.11.7
Joomla 5.1.0 on XAMMP for OSX with PHP 8.2.4 and MariaDB 10.4.28
-
- Joomla! Enthusiast
- Posts: 191
- Joined: Fri Dec 18, 2015 6:40 pm
Re: Hundreds of Spam Users are created in my Joomla!!!
Hi JAVesey,
1- I think all users are created after upgrading as everything was working fine before I upgrade.
2- Every day and every 15 minutes or less or sometimes every two minutes new user is registered (24/7).
3- Not all the accounts are activated but all others yes until I have installed an extension (Spambotcheck) that prevents the creation of new users.
4- The user-privileges the accounts have is registered.
5- Nop these users dont login. Just they are created.
6- Nop they dont post anything on my website...they are just created.
Regards,
Ahmad Moussa
1- I think all users are created after upgrading as everything was working fine before I upgrade.
2- Every day and every 15 minutes or less or sometimes every two minutes new user is registered (24/7).
3- Not all the accounts are activated but all others yes until I have installed an extension (Spambotcheck) that prevents the creation of new users.
4- The user-privileges the accounts have is registered.
5- Nop these users dont login. Just they are created.
6- Nop they dont post anything on my website...they are just created.
Regards,
Ahmad Moussa
- mandville
- Joomla! Master
- Posts: 15152
- Joined: Mon Mar 20, 2006 1:56 am
- Location: The Girly Side of Joomla in Sussex
Re: Hundreds of Spam Users are created in my Joomla!!!
do they sign up for the newsletter and get auto created a user account
HU2HY- Poor questions = Poor answer
Un requested Help PM's will be reported, added to the foe list and possibly just deleted
{VEL Team Leader}{TM Auditor }{ Showcase & Security forums Moderator}
Un requested Help PM's will be reported, added to the foe list and possibly just deleted
{VEL Team Leader}{TM Auditor }{ Showcase & Security forums Moderator}
- tonytranupc
- Joomla! Apprentice
- Posts: 30
- Joined: Mon Sep 12, 2016 4:14 am
Re: Hundreds of Spam Users are created in my Joomla!!!
I've seen some kinds of automatic software that use CURL to sign up new account automatically. That could the one situation.
-
- Joomla! Enthusiast
- Posts: 191
- Joined: Fri Dec 18, 2015 6:40 pm
Re: Hundreds of Spam Users are created in my Joomla!!!
Hi, I found the issue:
https://careers.tis.edu.sa/index.php/en ... gistration (This link should be hidden, how can I do that?) I am registering my users using another plugin (JS Login: https://careers.tis.edu.sa/index.php/en/register) ...Please how can I make joomla default registration link hidden or remove register button so spam users can not create users?
Thanks in Advance.
https://careers.tis.edu.sa/index.php/en ... gistration (This link should be hidden, how can I do that?) I am registering my users using another plugin (JS Login: https://careers.tis.edu.sa/index.php/en/register) ...Please how can I make joomla default registration link hidden or remove register button so spam users can not create users?
Thanks in Advance.
- fcoulter
- Joomla! Ace
- Posts: 1685
- Joined: Thu Sep 13, 2007 11:39 am
- Location: UK
- Contact:
Re: Hundreds of Spam Users are created in my Joomla!!!
Hiding the link is not likely to help you, because the spam bots would still be able to reach the registration page as a native joomla url.
What you could try is to enable the recapchta plugin for the standard joomla registration so that if bots try to use it to sign up then it should defeat them. I am not sure if it is compatible with the js jobs registration though so it is not guaranteed to work. But worth a try.
What you could try is to enable the recapchta plugin for the standard joomla registration so that if bots try to use it to sign up then it should defeat them. I am not sure if it is compatible with the js jobs registration though so it is not guaranteed to work. But worth a try.
http://www.spiralscripts.co.uk for Joomla! extensions
http://www.fionacoulter.com/blog my personal website
Security Forum moderator :: VEL team member
"Wearing my tin foil hat with pride"
http://www.fionacoulter.com/blog my personal website
Security Forum moderator :: VEL team member
"Wearing my tin foil hat with pride"
-
- Joomla! Enthusiast
- Posts: 191
- Joined: Fri Dec 18, 2015 6:40 pm
Re: Hundreds of Spam Users are created in my Joomla!!!
Thanks Fcoulter, but If I enabled Google Recaptcha JS Jobs Registration Form will not work.
- fcoulter
- Joomla! Ace
- Posts: 1685
- Joined: Thu Sep 13, 2007 11:39 am
- Location: UK
- Contact:
Re: Hundreds of Spam Users are created in my Joomla!!!
I would check with the developer of js jobs about that. Looking at the JS Jobs registration plugin it looks as if it should be compatible with the Joomla Recaptcha plugin, it appears to be designed that way.
http://www.spiralscripts.co.uk for Joomla! extensions
http://www.fionacoulter.com/blog my personal website
Security Forum moderator :: VEL team member
"Wearing my tin foil hat with pride"
http://www.fionacoulter.com/blog my personal website
Security Forum moderator :: VEL team member
"Wearing my tin foil hat with pride"
-
- Joomla! Enthusiast
- Posts: 191
- Joined: Fri Dec 18, 2015 6:40 pm
Re: Hundreds of Spam Users are created in my Joomla!!!
The Problem is fixed:
The common way to avoid span registration is using the recaptcha on registration form . A 3rd party extension is used on my Joomla Default Registration form to show recaptcha. This will prevent public to create fake users.
The extension used is: ECC+ - EasyCalcCheck Plus - Joomla! 3
https://extensions.joomla.org/extension ... check-plus
Regards,
Ahmad
The common way to avoid span registration is using the recaptcha on registration form . A 3rd party extension is used on my Joomla Default Registration form to show recaptcha. This will prevent public to create fake users.
The extension used is: ECC+ - EasyCalcCheck Plus - Joomla! 3
https://extensions.joomla.org/extension ... check-plus
Regards,
Ahmad
Last edited by toivo on Tue Nov 29, 2016 6:44 am, edited 1 time in total.
Reason: mod note: replaced the link with the JED URL - please read the forum rules about extensions
Reason: mod note: replaced the link with the JED URL - please read the forum rules about extensions
-
- Joomla! Apprentice
- Posts: 9
- Joined: Fri Mar 30, 2012 11:51 pm
Re: Hundreds of Spam Users are created in my Joomla!!!
Is this still working? I've tried different extensions and I'm still being attacked with hundreds of Spam Users in Joomla 3.6.4.
Yesterday I had to disable Registration all together. However, the attempts to access my Admin dashboard has not stopped, which now has caused my site to be shutdown due to an excessive number of invalid logins.
On top of that... today I'm not even able to log-out of the admin dashboard!? Now I need to find a fix for this too.
Yesterday I had to disable Registration all together. However, the attempts to access my Admin dashboard has not stopped, which now has caused my site to be shutdown due to an excessive number of invalid logins.
On top of that... today I'm not even able to log-out of the admin dashboard!? Now I need to find a fix for this too.
- JAVesey
- Joomla! Hero
- Posts: 2634
- Joined: Tue May 14, 2013 1:21 pm
- Location: Cardiff, Wales, UK
- Contact:
Re: Hundreds of Spam Users are created in my Joomla!!!
This will be because your /administrator login page is easy to find on a standard Joomla installation.drgarden wrote:Yesterday I had to disable Registration all together. However, the attempts to access my Admin dashboard has not stopped, which now has caused my site to be shutdown due to an excessive number of invalid logins.
Try the AdminExile plugin; it allows you to choose your own administrator login page URL and provides front- and back-end brute force protection.
John V
Cardiff, Wales, UK
Joomla 5.1.0 "live" site on PHP 8.2.15 and MariaDB 10.11.7
Joomla 5.1.0 on XAMMP for OSX with PHP 8.2.4 and MariaDB 10.4.28
Cardiff, Wales, UK
Joomla 5.1.0 "live" site on PHP 8.2.15 and MariaDB 10.11.7
Joomla 5.1.0 on XAMMP for OSX with PHP 8.2.4 and MariaDB 10.4.28
-
- Joomla! Apprentice
- Posts: 9
- Joined: Fri Mar 30, 2012 11:51 pm
Re: Hundreds of Spam Users are created in my Joomla!!!
Thank you John,
This sounds like a great fix. However, in looking this over, it's seems a bit intimidating for a novice like myself. Eight pages of mostly over-my-head information.
"keys" "penalties"
I've downloaded it and will see if I can pull this off.
This sounds like a great fix. However, in looking this over, it's seems a bit intimidating for a novice like myself. Eight pages of mostly over-my-head information.
"keys" "penalties"
I've downloaded it and will see if I can pull this off.
- mandville
- Joomla! Master
- Posts: 15152
- Joined: Mon Mar 20, 2006 1:56 am
- Location: The Girly Side of Joomla in Sussex
Re: Hundreds of Spam Users are created in my Joomla!!!
Please explain thisdrgarden wrote:Thank you John,
"keys" "penalties"
.
HU2HY- Poor questions = Poor answer
Un requested Help PM's will be reported, added to the foe list and possibly just deleted
{VEL Team Leader}{TM Auditor }{ Showcase & Security forums Moderator}
Un requested Help PM's will be reported, added to the foe list and possibly just deleted
{VEL Team Leader}{TM Auditor }{ Showcase & Security forums Moderator}
-
- Joomla! Apprentice
- Posts: 9
- Joined: Fri Mar 30, 2012 11:51 pm
Re: Hundreds of Spam Users are created in my Joomla!!!
JAVesey wrote:This will be because your /administrator login page is easy to find on a standard Joomla installation.drgarden wrote:Yesterday I had to disable Registration all together. However, the attempts to access my Admin dashboard has not stopped, which now has caused my site to be shutdown due to an excessive number of invalid logins.
Try the AdminExile plugin; it allows you to choose your own administrator login page URL and provides front- and back-end brute force protection.
I got it to work! And I'm happy to say, AdminExile has been steadily blocking several Brute Force attempts to access my site! Thanks so much John (JAVesey)! This is an excellent and well needed plug-in!
-
- Joomla! Enthusiast
- Posts: 191
- Joined: Fri Dec 18, 2015 6:40 pm
Re: Hundreds of Spam Users are created in my Joomla!!!
Hi drgarden and Everyone,
For now everything is working fine but after all of these comments I will install AdminExile for sure. Thanks all for your great support.
Have a nice day.
Ahmad Moussa
For now everything is working fine but after all of these comments I will install AdminExile for sure. Thanks all for your great support.
Have a nice day.
Ahmad Moussa
- JAVesey
- Joomla! Hero
- Posts: 2634
- Joined: Tue May 14, 2013 1:21 pm
- Location: Cardiff, Wales, UK
- Contact:
Re: Hundreds of Spam Users are created in my Joomla!!!
It is a fab plugin. It works really well with the standard Joomla Two-Factor Authentication too. Use both together to protect access to your admindrgarden wrote:I got it to work! And I'm happy to say, AdminExile has been steadily blocking several Brute Force attempts to access my site! Thanks so much John (JAVesey)! This is an excellent and well needed plug-in!
John V
Cardiff, Wales, UK
Joomla 5.1.0 "live" site on PHP 8.2.15 and MariaDB 10.11.7
Joomla 5.1.0 on XAMMP for OSX with PHP 8.2.4 and MariaDB 10.4.28
Cardiff, Wales, UK
Joomla 5.1.0 "live" site on PHP 8.2.15 and MariaDB 10.11.7
Joomla 5.1.0 on XAMMP for OSX with PHP 8.2.4 and MariaDB 10.4.28
-
- Joomla! Enthusiast
- Posts: 191
- Joined: Fri Dec 18, 2015 6:40 pm
Re: Hundreds of Spam Users are created in my Joomla!!!
Thanks you for your Help JAVesey. I will do that as soon as possible.
- stutteringp0et
- Joomla! Ace
- Posts: 1389
- Joined: Sat Oct 28, 2006 11:16 pm
- Location: Texas
- Contact:
Re: Hundreds of Spam Users are created in my Joomla!!!
I love seeing success stories like this from people using my AdminExile plugin.
I was searching for anyone claiming to have defeated it, when I ran across this. It brings warm feelings to my heart to know that it makes such a big difference to so many people!
I was searching for anyone claiming to have defeated it, when I ran across this. It brings warm feelings to my heart to know that it makes such a big difference to so many people!
My extensions: http://extensions.joomla.org/profile/pr ... ails/18398
Honk if this signature offends you.
Honk if this signature offends you.
- JAVesey
- Joomla! Hero
- Posts: 2634
- Joined: Tue May 14, 2013 1:21 pm
- Location: Cardiff, Wales, UK
- Contact:
Re: Hundreds of Spam Users are created in my Joomla!!!
Happy to point users in its direction - peace of mind is a wonderful thingstutteringp0et wrote:I love seeing success stories like this from people using my AdminExile plugin.
I was searching for anyone claiming to have defeated it, when I ran across this. It brings warm feelings to my heart to know that it makes such a big difference to so many people!
John V
Cardiff, Wales, UK
Joomla 5.1.0 "live" site on PHP 8.2.15 and MariaDB 10.11.7
Joomla 5.1.0 on XAMMP for OSX with PHP 8.2.4 and MariaDB 10.4.28
Cardiff, Wales, UK
Joomla 5.1.0 "live" site on PHP 8.2.15 and MariaDB 10.11.7
Joomla 5.1.0 on XAMMP for OSX with PHP 8.2.4 and MariaDB 10.4.28
-
- Joomla! Fledgling
- Posts: 1
- Joined: Mon Feb 26, 2018 10:53 pm
Re: Hundreds of Spam Users are created in my Joomla!!!
The AdminExile plugin did not work on my website - I had to have the 'accounts' disabled to stop it -in the end, the bogus accounts were non stop for nearly 24 hrs.
-
- I've been banned!
- Posts: 13639
- Joined: Sun Jul 05, 2009 3:30 am
- Location: Canberra, Australia
Re: Hundreds of Spam Users are created in my Joomla!!!
This is [kind of] one of my "favourite" subjects. There are several different ways I've used over the years to prevent unwanted account registrations on sites that I've created or on those that I help other people to manage. While I have no direct experience with AdminExile (and, therefore, I cannot comment on its effectiveness in this matter), there is one, almost 100% guaranteed mechanism to prevent unwanted registrations on any website (Joomla or non-Joomla) ...
.
.
.
.
.
... charge people a fee to register an account. In 30+ years of developing websites, I've never seen an unwanted account on any website where I've used this approach!
I wonder why this approach works when other ideas don't ... hmmmm?
.
.
.
.
.
... charge people a fee to register an account. In 30+ years of developing websites, I've never seen an unwanted account on any website where I've used this approach!
I wonder why this approach works when other ideas don't ... hmmmm?
- stutteringp0et
- Joomla! Ace
- Posts: 1389
- Joined: Sat Oct 28, 2006 11:16 pm
- Location: Texas
- Contact:
Re: Hundreds of Spam Users are created in my Joomla!!!
My AdminExile plugin doesn't stop people from registering - it stops unauthorized access to /administrator
I do, however, have a Captcha that works quite well. Look up HashCash in the JED. It is the least annoying Captcha you'll ever see - because you'll never see it.
Not selling anything - HashCash is free.
I do, however, have a Captcha that works quite well. Look up HashCash in the JED. It is the least annoying Captcha you'll ever see - because you'll never see it.
Not selling anything - HashCash is free.
My extensions: http://extensions.joomla.org/profile/pr ... ails/18398
Honk if this signature offends you.
Honk if this signature offends you.
- JAVesey
- Joomla! Hero
- Posts: 2634
- Joined: Tue May 14, 2013 1:21 pm
- Location: Cardiff, Wales, UK
- Contact:
Re: Hundreds of Spam Users are created in my Joomla!!!
If it's as good as your other plugins then it will work like a charm...stutteringp0et wrote:I do, however, have a Captcha that works quite well. Look up HashCash in the JED. It is the least annoying Captcha you'll ever see - because you'll never see it.
*goes to JED/Richeyweb*
John V
Cardiff, Wales, UK
Joomla 5.1.0 "live" site on PHP 8.2.15 and MariaDB 10.11.7
Joomla 5.1.0 on XAMMP for OSX with PHP 8.2.4 and MariaDB 10.4.28
Cardiff, Wales, UK
Joomla 5.1.0 "live" site on PHP 8.2.15 and MariaDB 10.11.7
Joomla 5.1.0 on XAMMP for OSX with PHP 8.2.4 and MariaDB 10.4.28
-
- Joomla! Enthusiast
- Posts: 191
- Joined: Fri Dec 18, 2015 6:40 pm
Re: Hundreds of Spam Users are created in my Joomla!!!
The common way to avoid span registration is using the recaptcha on registration form . A 3rd party extension is used on my Joomla Default Registration form to show recaptcha. This will prevent public to create fake users.
The extension used is: ECC+ - EasyCalcCheck Plus - Joomla! 3.
Good Luck stutteringp0et, also be noted that the AdminExile has been split to free version and paid version to get all features.
The extension used is: ECC+ - EasyCalcCheck Plus - Joomla! 3.
Good Luck stutteringp0et, also be noted that the AdminExile has been split to free version and paid version to get all features.
- stutteringp0et
- Joomla! Ace
- Posts: 1389
- Joined: Sat Oct 28, 2006 11:16 pm
- Location: Texas
- Contact:
Re: Hundreds of Spam Users are created in my Joomla!!!
The paid version of AdminExile is for users who don't administer their own servers.
I run the free version on my own websites.
Server administrators can use things like fail2ban to achieve the bruteforce blocking, ipset with iptables to black and white list - I even graph attempts using the server logs.
Yes, I split it because I spend A LOT of time and money to give away free extensions.
I run the free version on my own websites.
Server administrators can use things like fail2ban to achieve the bruteforce blocking, ipset with iptables to black and white list - I even graph attempts using the server logs.
Yes, I split it because I spend A LOT of time and money to give away free extensions.
My extensions: http://extensions.joomla.org/profile/pr ... ails/18398
Honk if this signature offends you.
Honk if this signature offends you.