Hundreds of Spam Users are created in my Joomla!!!

[aboarken]

Dear Support,


Please be noted that many spam users can create users in my Joomla website...I have used Spambotcheck in order to protect my website and block those spam users...Please why they are able to create as I am using Google Recaptcha?



Website: careers.tis.edu.sa
https://careers.tis.edu.sa/index.php/en/register ( This link is the registration Form)

Kindly for your help.


Ahmad Moussa

[dhuelsmann]

What version of Joomla do you have?

[aboarken]

I am using the latest version of Joomla 3.6.4.

[dhuelsmann]

Read this viewtopic.php?f=621&t=582860 and download the FPA and post the output here.

[aboarken]

[27-Nov-2016 13:00:29 America/Chicago] PHP Strict Standards: Only variables should be assigned by reference in /home/tisserver1/public_html/tis_careers/plugins/user/jsjobsloginredirect/jsjobsloginredirect.php on line 54

Joomla! Instance :: .- ()
Joomla! Configured :: Yes | Read-Only (444) | Owner: tisserver1 (uid: 1/gid: 1) | Group: tisserver1 (gid: 1) | Valid For: 1.6
Configuration Options :: Offline: 0 | SEF: 1 | SEF Suffix: 0 | SEF ReWrite: 0 | .htaccess/web.config: No | GZip: 0 | Cache: 0 | FTP Layer: 0 | SSL: 2 | Error Reporting: default | Site Debug: 0 | Database Credentials Present: Yes

Host Configuration :: OS: Linux | OS Version: 2.6.32-042stab113.11 | Technology: x86_64 | Web Server: Apache | Encoding: gzip, deflate | Doc Root: /home/tisserver1/public_html/tis_careers | System TMP Writable: Yes

PHP Configuration :: Version: 5.5.36 | PHP API: cgi-fcgi | Session Path Writable: Yes | Display Errors: | Error Reporting: 24567 | Log Errors To: error_log | Last Known Error: 27th November 2016 13:00:29. | Register Globals: | Magic Quotes: | Safe Mode: | Open Base: | Uploads: 1 | Max. Upload Size: 1000M | Max. POST Size: 900M | Max. Input Time: 60 | Max. Execution Time: 20000 | Memory Limit: -1

MySQL Configuration :: Version: 5.6.34 (Client:mysqlnd 5.0.11-dev - 20120503 - $Id: 15d5c781cfcad91193dceae1d2cdd127674ddb3e $) | Host: --protected-- (--protected--) | Collation: latin1_swedish_ci (Character Set: latin1) | Database Size: 11.51 MiB | #of Tables: 170

PHP Extensions :: Core (5.5.36) | date (5.5.36) | ereg () | libxml () | openssl () | pcre () | sqlite3 (0.7-dev) | zlib (2.0) | bcmath () | bz2 () | calendar () | ctype () | curl () | dom (20031129) | filter (0.11.0) | ftp () | gd () | hash (1.0) | iconv () | SPL (0.2) | json (1.2.1) | mbstring () | mcrypt () | session () | standard (5.5.36) | mysqlnd (mysqlnd 5.0.11-dev - 20120503 - $Id: 15d5c781cfcad91193dceae1d2cdd127674ddb3e $) | mysqli (0.1) | Phar (2.0.2) | posix () | Reflection ($Id: dc76d2fe0f3e9c327c1d4ca617d94e26c7fae98d $) | mysql (1.0) | SimpleXML (0.1) | soap () | sockets () | imap () | tokenizer (0.1) | xml () | xmlreader (0.1) | xmlwriter (0.1) | zip (1.11.0) | cgi-fcgi () | PDO (1.0.4dev) | pdo_sqlite (1.0.1) | pdo_mysql (1.0.2) | Zend OPcache (7.0.6-devFE) | Zend Engine (2.5.0) |
Potential Missing Extensions :: suhosin |

Switch User Environment (Experimental) :: PHP CGI: Yes | Server SU: Yes | PHP SU: Yes | Custom SU (LiteSpeed/Cloud/Grid): Yes
Potential Ownership Issues: No

Core Folders :: images/ (755) | components/ (755) | modules/ (755) | plugins/ (755) | language/ (755) | templates/ (755) | cache/ (755) | logs/ (755) | tmp/ (755) | administrator/components/ (755) | administrator/modules/ (755) | administrator/language/ (755) | administrator/templates/ (755) |

Elevated Permissions (First 10) ::

Components :: SITE :: com_wrapper (3.0.0) | com_mailto (3.0.0) |
Components :: ADMIN :: com_newsfeeds (3.0.0) | spambotcheck (1.0.1) | com_templates (3.0.0) | com_joomlaupdate (3.6.2) | AcyMailing (5.5.0) | AcyMailing : (auto)Subscribe d (5.5.0) | AcyMailing table of contents g (1.0.0) | AcyMailing : trigger Joomla Co (3.7.0) | AcyMailing Manage text (1.0.0) | AcyMailing Template Class Repl (5.5.0) | AcyMailing Tag : content inser (3.7.0) | AcyMailing : Statistics Plugin (3.7.0) | AcyMailing Editor (5.5.0) | AcyMailing Editor (beta) (4.6.2) | AcyMailing Tag and filter : Co (3.7.2) | AcyMailing Tag and filter : Co (3.7.2) | AcyMailing Tag : Date / Time (5.5.0) | AcyMailing : share on social n (1.0.0) | AcyMailing Module (3.7.0) | AcyMailing Tag : Subscriber in (5.5.0) | AcyMailing Tag : Joomla User I (5.5.0) | AcyMailing Tag : Website links (3.7.0) | AcyMailing Tag : Manage the Su (5.5.0) | Quick Logout (1.9.3) | COM_JSJOBS (1.1.5) | com_plugins (3.0.0) | com_users (3.0.0) | com_config (3.0.0) | com_installer (3.0.0) | Akeeba (5.2.4) | com_banners (3.0.0) | com_cache (3.0.0) | com_cpanel (3.0.0) | com_checkin (3.0.0) | com_ajax (3.2.0) | com_search (3.0.0) | com_modules (3.0.0) | com_postinstall (3.2.0) | com_content (3.0.0) | com_admin (3.0.0) | com_contenthistory (3.2.0) | com_login (3.0.0) | mod_k2_comments (-) | mod_k2_comments (-) | COM_K2 (2.7.1) | com_menus (3.0.0) | com_categories (3.0.0) | com_languages (3.0.0) | com_profiles (1.5.0) | com_jaextmanager (2.5.3) | com_jaextmanager (2.6.2) | com_tags (3.1.0) | com_redirect (3.0.0) | com_finder (3.0.0) | com_media (3.0.0) | com_messages (3.0.0) |

Modules :: SITE :: JS Hot Jobs (1.0.2) | JA Masshead (2.6.1) | mod_articles_latest (3.0.0) | mod_breadcrumbs (3.0.0) | mod_feed (3.0.0) | JS Gold Jobs (1.0.0) | mod_articles_popular (3.0.0) | JS Jobs On Map (1.0.0) | JS Resume Search (1.0) | mod_articles_archive (3.0.0) | JS Featured Companies (1.0.0) | JS Jobs Login (1.0) | mod_banners (3.0.0) | JS Top Jobs (1.0.2) | JS Jobs Stats (1.0.0) | mod_stats (3.0.0) | JS Gold Resumes (1.0.0) | mod_articles_news (3.0.0) | mod_syndicate (3.0.0) | JS Jobs By Cities (1.0.0) | K2 Content (2.7.1) | K2 Tools (2.7.1) | JS Jobs By Categories (1.0.0) | JS Jobs By Countries (1.0.0) | mod_random_image (3.0.0) | JS Featured Jobs (1.0.0) | mod_articles_categories (3.0.0) | mod_footer (3.0.0) | K2 Users (2.7.1) | mod_wrapper (3.0.0) | mod_related_items (3.0.0) | K2 User (2.7.1) | mod_tags_popular (3.1.0) | JA Facebook Like Box Module (2.6.1) | JS Jobs By States (1.0.0) | mod_whosonline (3.0.0) | Search JS Jobs (1.0.3) | mod_languages (3.5.0) | mod_custom (3.0.0) | JS Gold Companies (1.0.0) | JS Newest Jobs (1.0.2) | mod_users_latest (3.0.0) | AcyMailing Module (3.7.0) | JS Featured Resumes (1.0.0) | JS top Resumes (1.0.0) | JA Side News (2.6.7) | mod_login (3.0.0) | mod_search (3.0.0) | mod_finder (3.0.0) | mod_menu (3.0.0) | JS newest Resumes (1.0.0) | mod_tags_similar (3.1.0) | K2 Comments (2.7.1) | JA Content Slider (2.7.2) | JA Slideshow Lite (1.2.3) | mod_articles_category (3.0.0) |
Modules :: ADMIN :: mod_quickicon (3.0.0) | mod_feed (3.0.0) | mod_toolbar (3.0.0) | mod_latest (3.0.0) | mod_popular (3.0.0) | K2 Stats (admin) (2.7.1) | mod_version (3.0.0) | mod_custom (3.0.0) | mod_logged (3.0.0) | K2 Quick Icons (admin) (2.7.1) | mod_title (3.0.0) | mod_submenu (3.0.0) | mod_stats_admin (3.0.0) | mod_multilangstatus (3.0.0) | mod_login (3.0.0) | mod_status (3.0.0) | mod_menu (3.0.0) |

Plugins :: SITE :: plg_installer_webinstaller (1.1.0) | PLG_INSTALLER_FOLDERINSTALLER (3.6.0) | PLG_INSTALLER_URLINSTALLER (3.6.0) | plg_installer_packageinstaller (3.6.0) | User - SpambotCheck (1.3.13) | plg_user_contactcreator (3.0.0) | User - K2 (2.7.1) | plg_user_joomla (3.0.0) | plg_user_profile (3.0.0) | JSJobs Login Redirect (1.0) | plg_twofactorauth_yubikey (3.2.0) | plg_twofactorauth_totp (3.2.0) | plg_editors_tinymce (4.4.3) | AcyMailing Editor (5.5.0) | AcyMailing Editor (beta) (4.6.2) | plg_editors_codemirror (5.18.0) | T3 Framework (2.6.1) | System - SpambotCheckExtended (1.0.1) | plg_system_stats (3.5.0) | plg_system_highlight (3.0.0) | plg_system_p3p (3.0.0) | plg_system_redirect (3.0.0) | plg_system_logout (3.0.0) | PLG_SYSTEM_BACKUPONUPDATE_TITL (3.7) | plg_system_cache (3.0.0) | plg_system_remember (3.0.0) | System - K2 (2.7.1) | PLG_SYSTEM_AKEEBAUPDATECHECK_T (1.1) | plg_system_languagefilter (3.0.0) | JSJobs Register (1.0) | plg_system_sef (3.0.0) | plg_system_debug (3.0.0) | AcyMailing : (auto)Subscribe d (5.5.0) | plg_system_updatenotification (3.5.0) | plg_system_log (3.0.0) | plg_system_admintplhelper (1.0.0) | plg_system_languagecode (3.0.0) | AcyMailing Manage text (1.0.0) | AcyMailing : Statistics Plugin (3.7.0) | AcyMailing Tag : Date / Time (5.5.0) | AcyMailing Tag : Subscriber in (5.5.0) | AcyMailing Tag : Joomla User I (5.5.0) | AcyMailing Tag and filter : Co (3.7.2) | AcyMailing Tag and filter : Co (3.7.2) | AcyMailing : share on social n (1.0.0) | AcyMailing Template Class Repl (5.5.0) | AcyMailing Tag : Manage the Su (5.5.0) | AcyMailing : trigger Joomla Co (3.7.0) | AcyMailing table of contents g (1.0.0) | AcyMailing Tag : Website links (3.7.0) | AcyMailing Tag : content inser (3.7.0) | plg_finder_categories (3.0.0) | plg_finder_newsfeeds (3.0.0) | plg_finder_tags (3.0.0) | plg_finder_contacts (3.0.0) | plg_finder_content (3.0.0) | plg_finder_k2 (2.7.1) | plg_quickicon_joomlaupdate (3.0.0) | plg_quickicon_akeebabackup (1.0) | plg_quickicon_extensionupdate (3.0.0) | Josetta - K2 Categories (2.6.9) | Josetta - K2 Items (2.6.9) | JS Job By Categories (1.0.0) | JS Gold Resumes (1.0) | JS Search Jobs (1.0.1) | JS Newest Jobs (1.0.1) | JS Featured Companies (1.0) | JS Gold Companies (1.0) | JS Search Resumes (1.0) | JS Jobs BY Cities (1.0.0) | JS Hot Jobs (1.0.1) | plg_content_loadmodule (3.0.0) | plg_content_emailcloak (3.0.0) | JS Jobs By States (1.0.0) | JS Newest Resumes (1.0.1) | plg_content_finder (3.0.0) | JS Top Resumes (1.0.1) | plg_content_pagebreak (3.0.0) | plg_content_joomla (3.0.0) | JS Featured Jobs (1.0.0) | plg_content_pagenavigation (3.0.0) | JS Jobs By Countries (1.0.0) | JS Top Jobs (1.0.0) | plg_content_vote (3.0.0) | JS Gold Jobs (1.0.0) | JS Featured Resumes (1.0) | plg_authentication_ldap (3.0.0) | plg_authentication_cookie (3.0.0) | plg_authentication_gmail (3.0.0) | plg_authentication_joomla (3.0.0) | plg_captcha_recaptcha (3.4.0) | plg_search_categories (3.0.0) | plg_search_newsfeeds (3.0.0) | plg_search_tags (3.0.0) | plg_search_contacts (3.0.0) | plg_search_content (3.0.0) | Search - K2 (2.7.1) | plg_editors-xtd_image (3.0.0) | plg_editors-xtd_article (3.0.0) | plg_editors-xtd_module (3.5.0) | plg_editors-xtd_pagebreak (3.0.0) | plg_editors-xtd_readmore (3.0.0) | plg_extension_joomla (3.0.0) |

Templates :: SITE :: protostar (1.0) | beez3 (3.1.0) | ja_university_t3 (1.1.5) |
Templates :: ADMIN :: hathor (3.0.0) | isis (1.0) |

[JAVesey]

Were these users created before or after you upgraded to v3.6.4?
What is the range of the account-created dates?
Have the accounts been activated?
What user-privileges do the accounts have?
Have these accounts actually logged in?
Have they been used to do/post anything on your site?

[aboarken]

Hi JAVesey,

1- I think all users are created after upgrading as everything was working fine before I upgrade.
2- Every day and every 15 minutes or less or sometimes every two minutes new user is registered (24/7).
3- Not all the accounts are activated but all others yes until I have installed an extension (Spambotcheck) that prevents the creation of new users.
4- The user-privileges the accounts have is registered.
5- Nop these users dont login. Just they are created.
6- Nop they dont post anything on my website...they are just created.

Regards,

Ahmad Moussa

[mandville]

do they sign up for the newsletter and get auto created a user account

[tonytranupc]

I've seen some kinds of automatic software that use CURL to sign up new account automatically. That could the one situation.

[aboarken]

Hi, I found the issue:

https://careers.tis.edu.sa/index.php/en ... gistration (This link should be hidden, how can I do that?) I am registering my users using another plugin (JS Login: https://careers.tis.edu.sa/index.php/en/register) ...Please how can I make joomla default registration link hidden or remove register button so spam users can not create users?

Thanks in Advance.

[fcoulter]

Hiding the link is not likely to help you, because the spam bots would still be able to reach the registration page as a native joomla url.

What you could try is to enable the recapchta plugin for the standard joomla registration so that if bots try to use it to sign up then it should defeat them. I am not sure if it is compatible with the js jobs registration though so it is not guaranteed to work. But worth a try.

[aboarken]

Thanks Fcoulter, but If I enabled Google Recaptcha JS Jobs Registration Form will not work.

[fcoulter]

I would check with the developer of js jobs about that. Looking at the JS Jobs registration plugin it looks as if it should be compatible with the Joomla Recaptcha plugin, it appears to be designed that way.

[aboarken]

The Problem is fixed:

The common way to avoid span registration is using the recaptcha on registration form . A 3rd party extension is used on my Joomla Default Registration form to show recaptcha. This will prevent public to create fake users.

The extension used is: ECC+ - EasyCalcCheck Plus - Joomla! 3

https://extensions.joomla.org/extension ... check-plus

Regards,

Ahmad

[drgarden]

Is this still working? I've tried different extensions and I'm still being attacked with hundreds of Spam Users in Joomla 3.6.4.

Yesterday I had to disable Registration all together. However, the attempts to access my Admin dashboard has not stopped, which now has caused my site to be shutdown due to an excessive number of invalid logins.

On top of that... today I'm not even able to log-out of the admin dashboard!? Now I need to find a fix for this too.

[JAVesey]

Yesterday I had to disable Registration all together. However, the attempts to access my Admin dashboard has not stopped, which now has caused my site to be shutdown due to an excessive number of invalid logins.

This will be because your /administrator login page is easy to find on a standard Joomla installation.

Try the AdminExile plugin; it allows you to choose your own administrator login page URL and provides front- and back-end brute force protection.

[drgarden]

Thank you John,

This sounds like a great fix. However, in looking this over, it's seems a bit intimidating for a novice like myself. Eight pages of mostly over-my-head information.

"keys" "penalties"

I've downloaded it and will see if I can pull this off.

[mandville]

Thank you John,


"keys" "penalties"

.

Please explain this

[drgarden]

Yesterday I had to disable Registration all together. However, the attempts to access my Admin dashboard has not stopped, which now has caused my site to be shutdown due to an excessive number of invalid logins.

This will be because your /administrator login page is easy to find on a standard Joomla installation.

Try the AdminExile plugin; it allows you to choose your own administrator login page URL and provides front- and back-end brute force protection.

I got it to work! And I'm happy to say, AdminExile has been steadily blocking several Brute Force attempts to access my site! Thanks so much John (JAVesey)! This is an excellent and well needed plug-in!

[aboarken]

Hi drgarden and Everyone,

For now everything is working fine but after all of these comments I will install AdminExile for sure. Thanks all for your great support.

Have a nice day.

Ahmad Moussa

[JAVesey]

I got it to work! And I'm happy to say, AdminExile has been steadily blocking several Brute Force attempts to access my site! Thanks so much John (JAVesey)! This is an excellent and well needed plug-in!

It is a fab plugin. It works really well with the standard Joomla Two-Factor Authentication too. Use both together to protect access to your admin

[aboarken]

Thanks you for your Help JAVesey. I will do that as soon as possible.

[stutteringp0et]

I love seeing success stories like this from people using my AdminExile plugin.

I was searching for anyone claiming to have defeated it, when I ran across this. It brings warm feelings to my heart to know that it makes such a big difference to so many people!

[JAVesey]

I love seeing success stories like this from people using my AdminExile plugin.

I was searching for anyone claiming to have defeated it, when I ran across this. It brings warm feelings to my heart to know that it makes such a big difference to so many people!

Happy to point users in its direction - peace of mind is a wonderful thing

[judygross]

The AdminExile plugin did not work on my website - I had to have the 'accounts' disabled to stop it -in the end, the bogus accounts were non stop for nearly 24 hrs.

[sozzled]

This is [kind of] one of my "favourite" subjects. There are several different ways I've used over the years to prevent unwanted account registrations on sites that I've created or on those that I help other people to manage. While I have no direct experience with AdminExile (and, therefore, I cannot comment on its effectiveness in this matter), there is one, almost 100% guaranteed mechanism to prevent unwanted registrations on any website (Joomla or non-Joomla) ...
.
.
.
.
.
... charge people a fee to register an account. In 30+ years of developing websites, I've never seen an unwanted account on any website where I've used this approach!

I wonder why this approach works when other ideas don't ... hmmmm?

[stutteringp0et]

My AdminExile plugin doesn't stop people from registering - it stops unauthorized access to /administrator

I do, however, have a Captcha that works quite well. Look up HashCash in the JED. It is the least annoying Captcha you'll ever see - because you'll never see it.

Not selling anything - HashCash is free.

[JAVesey]

I do, however, have a Captcha that works quite well. Look up HashCash in the JED. It is the least annoying Captcha you'll ever see - because you'll never see it.

If it's as good as your other plugins then it will work like a charm...

*goes to JED/Richeyweb*

[aboarken]

The common way to avoid span registration is using the recaptcha on registration form . A 3rd party extension is used on my Joomla Default Registration form to show recaptcha. This will prevent public to create fake users.

The extension used is: ECC+ - EasyCalcCheck Plus - Joomla! 3.

Good Luck stutteringp0et, also be noted that the AdminExile has been split to free version and paid version to get all features.

[stutteringp0et]

The paid version of AdminExile is for users who don't administer their own servers.

I run the free version on my own websites.

Server administrators can use things like fail2ban to achieve the bruteforce blocking, ipset with iptables to black and white list - I even graph attempts using the server logs.

Yes, I split it because I spend A LOT of time and money to give away free extensions.