Come together with the global Drupal community in Rotterdam, 28 Sept – 1 Oct 2026. Sessions, contribution, connection, and Early Bird savings until 8 June.
By yelvington on
One of our sites has been hit by a scripted spam attack aimed at inserting malware links into user profiles via automated registrations. It appears that all of the fake accounts are using a series of mailboxes @spam.ru, and I'd recommend anybody with a Drupal system block registrations using that domain for email addresses.
Comments
Thanks for letting us know.
Thanks for letting us know. Do you have CAPTCHA's installed? If so, did the spam script get past those ?