Unknown users registering in bulk Unknown users registering in bulk
 

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Main Menu

Unknown users registering in bulk

Started by ranjul, December 07, 2011, 04:06:24 PM

Previous topic - Next topic

0 Members and 2 Guests are viewing this topic.

ranjul

I had cpg1.5.10 installed when this issue occurred first. Since an upgrade was suggested on the forums, I upgraded to cpg 1.5.16.
But now the frequency of unknown/junk users registering and activating themselves has increased.

Following are the two emails I get:

Mail 1:

Subject: Ranjul's Photo Gallery - Registration notification
Body:
A new user with the username "WEWE782lcn" has registered in your gallery

Mail2:

Subject: Ranjul's Photo Gallery - Registration request
Body:
A new user with the username "WEWE782lcn" has registered in your gallery.
In order to activate the account, you need to click on the link below or copy and paste it in your web browser.
http://www.ranjul.com/coppermine1510/register.php?activate=5dd9d9e51364a7f7c7a7db8aca687bfb


If you notice, the user name seems to be system generated. I also see these users as valid users in the user list.
Am I missing something in the setup or is it still an open issue?

I have taken down my site temporarily as I don't know if this attack is harmful or not.

Appreciate any help that I can get.

Thanks,
Ranjul
======


Joe Carver

The site in your link returns a 404...

So the question is - are you using the captcha feature built into cpg 1.5.x?

You should - read your docs and see the help icons in the Config menu.

ranjul

Joe, I have enabled captcha and haven't received any junk user registrations in the last 10-15mins.

Thanks a lot for reminding me of this feature. It just didn't click to me to enable it.




ranjul

I have received 2 more mails for user registration, even after enabling captcha. Am I still missing something?

Thanks,
Ranjul
======

Joe Carver

Quote from: ranjul on December 08, 2011, 06:13:30 PM
.... Am I still missing something?

Yes. please post a link to your Coppermine in the future as listed in the board rules. It will help to see if there is something wrong.

Yes again, if you search around the Support Forum you would find the reCaptcha plugin.
http://forum.coppermine-gallery.net/index.php/topic,57439.0.html
Review the thread.

Try to remember that no spam solution can stop human spammers from defeating a captcha.

Moving to Miscellaneous.

ranjul

sorry! My link: http://photos.ranjul.com

I will go through the reCaptcha plugin this weekend and try it out. since the user name is like qae121381, wxmjw035 and so. , I assumed its some kind of bots. But yes, nothing can stop human spammers.

As you can tell, I am new to this and still learning the features... Thanks for your patience.

Thanks,
Ranjul
=====

ΑndrĂ©

Your website seems to have a limited user rage (family members & friends). Maybe you want to disable the registration process and instead add new users with the user manager manually.