This has happened three times on my Drupal sites (hosted by Godaddy). These are all test sites that I have created for myself as I learn my way around Drupal. Bogus users with names like "finder7x" appear in my users list. Sometimes (LOTS of) bogus content appears, sometimes bogus comments. In one case, so much content was created that I got a warning from Godaddy about the database exceeding their size limits. I know very little about hacking, but it appears that a machine, not a person, is creating all of this stuff. At first I thought it as a Drupal 6 issue, as it had not occurred on my Drupal 7 site.
Then yesterday, I added a brand new virgin untouched Drupal 7.17 installation to one of my test domains. Within 10 minutes, I got an email notification that "finder7x" would like to register. I played with some user/permission settings and, at this point, the potential "users" do not appear on my user list... but I have received EIGHT requests from various "users" requesting registration approval in less than 24 hours.
Does anyone else have this problem? Any explanation? Any way to prevent this? Godaddy was no help.
Here's the email I get ("sender" is the address I used as admin contact when I requested that Godaddy install Drupal 7.17):
finder7x has applied for an account.
http://www.MYTESTSITE.com/drupal/user/7/edit
(clicking on the link gets a PAGE NOT FOUND error)
Comments
It does happen. You could
It does happen. You could completely disable registration if you do not need it.
That's probably simple... but I don't know how.
Could you walk me through it?
Thanks
Visit Home » Administration »
Visit Home » Administration » Configuration » Account Setting
Under "Who can register accounts?" select "Administrators only" then only an administrator can register new users.
thanks 1,000,000!
thanks
And when you are building a
And when you are building a real site, you might wanna consider some module like mollom to take care that spam bots are not involved.