Hi all, I was just not sure how to address this. so here it is. I came home from spending the weekend out camping in the bush and checked my email, there were two new signups at one of my drupal sites. then i noticed that the same username was attempting to create an account on two of my seemingly unrelated drupal installs. So I googled the username and low and behold, I was shocked to find this person signed up to dozens of drupal sites accross the internet simultaneously with bogus information. I dont know what this is called or what the security ramifications are but the two usernames of note are:
StivRichardOff and naremannis. just google the names and you will see a barage of new useraccounts on drupal installs with the same tombstone data.
Anyone care to comment?
Comments
Similar thread
This sounds similar to joe-the-web accounts mentioned in this topic:
http://drupal.org/node/101168
You might want to add an access rule to block users from the IP address that setup the account.
JM
My Bad more joe-the-web
I missed it, but yes, thanks. I already have administration required for new accounts, but Captcha sounds like a plan. However this run was 6 days ago. so these two names are the new JOE-THE-WEB I guess....
My thoughts are, where are they getting the lists of drupal sites?
here is new info for this:
new bad guys
StivRichardOff meta2zz@gawab.com 66.246.220.53
naremannis killerspm@runbox.com 195.175.37.6
the referrer was: http://alti.asu.edu/
this one filled in custom profile info as follows:
Course naremannis
Year of Study naremannis
Date of birth 2 Feb 1901
Country of Citizenship Afghanistan
Country of Residence Afghanistan
Bio I agree with it
Preferred email address killerspm@runbox.com
MSN address naremannis
Skype name naremannis
Phone Number naremannis
Mobile Phone Number naremannis
on some sites replying to posts with:
I agree with it. It is true.