Come together with the global Drupal community in Rotterdam, 28 Sept – 1 Oct 2026. Sessions, contribution, connection, and Early Bird savings until 8 June.
By willi.firulais on
Hallo,
I realy love drupal, but there are some bad attackers out there in the big internet cloud.
Is it possible to rename the common attacking points in some central place?
If some of those destructive attackers have identified that's a drupal site, they are going strait to this URLs:
/user/register
/user/login
/user/password
Is it possible to configure this links for a site?
e.g. making /user/register to "/castle/door" or whatever?
Thx for helping, Willi
Comments
Renaming
Renaming URLs won't help; you'll still be getting hit by page requests. If you're having trouble with bots creating accounts, install any of the obvious CAPTCHA solutions.
ReCaptcha
I was getting a lot of spam and automated registrations, even with Captcha enabled, but since I enabled the recaptcha module, I haven't received one.
I'd strongly recommend it.
MC
============
Drupal Core Maintainer for "Out of the Box" Initiative.
It was exactly the links of
It was exactly the links of the CAPTCHA module they were attacking.
The possiblity to give the administrator the change to rename e.g. /register, /login, etc. to whatever he likes will make it more time consuming for hackers to get the right place. Currently I've seen they send exactly this URLs to see what reply is comming. Technically it would be realy difficult to do such a renaming of this central URLs in drupal. But argumenting it will not help only because its difficult is not a good argument.
Thx, Willi