I'm running into a problem with a Drupal site I've taken over where spurious registrations are being created - one or two every day or so. Current version of Drupal, all installed modules up to date. Looks like some form of automated junk - message at the end of this.
I've set Drupal so that only the only the site admin can create accounts - email verification had been turned on, and I've now turned that off. Still, we get the spams.
I've also found that the previous webmaster had enabled all the permissions to do with system access for anonymous users. I've turned that off as well and am waiting to see if that has any effect - should it? Trying to access user and registration pages didn't work when I tried to do this.
The site is hosted with GoDaddy. I'm at a loss right at the moment, as I've reviewed the posts here and tried everything I can think of that would resolve this including installing captcha, mollom, akismet, and spamicide.
Here are the message details:
Messages show as subject: "Website/New Customer Registration". We have Ubercart installed, current version - is there anything there that might be causing this - no spurious orders are being created.
Hello Administrator ,
A new user has registered at (the client's site) This e-mail contains their details: Name :businesscoachcoursebusinesscoachcourse Username:businesscoachcourse
User email: businesscoachcourse@mailinator.com Please do not respond to this message. It is automatically generated and is for information purposes only.
Comments
_
The first thing to do is make sure drupal is completely up to date to eliminate the possibility that spammers are exploiting known security issues.
_
Don't be a Help Vampire - read and abide the forum guidelines.
If you find my assistance useful, please pay it forward to your fellow drupalers.
Done, as indicated in my
Done, as indicated in my original post.
Never delete spam accounts
Never delete spam accounts, only block them. If an account is deleted they can re-use the email address to try again whereas they cannot if it is blocked.
Look for patterns in the email address for the accounts. One of my sites had a lot of accounts created and spam postings from gmail accounts. All the email accounts were different but the names were similar (they just generated unique names by adding/moving dots in the addresses). I used the account email filter to block the patterns.
john.smith@gmail.com
j.ohnsmith@gmail.com
johns.mith@gmail.com
All these and more combinations are blocked if you use the filter
j%o%h%n%s%m%i%t%h@gmail.com
Add captchas to the account registration. This will stop all automated spam account generation and just leave the manual ones.
-- SweeneyTodd
Thanks Sweeney, and good luck
Thanks Sweeney, and good luck with your job search.
Captcha, mollom, etc. are already installed and captcha is already activated on the registration and user login pages.
Unfortunately there's no consistency in the names from one attempt to the next. I'm not getting boatloads of them either - one or two a day maybe.
Also, as I mentioned, registration is turned off, so they seem to be getting in some other way. I'm still wondering if it had to do with the permissions issue I mentioned. Nothing since I turned the permissions off, but I have a feeling I won't know for sure for a couple more days.
One additional note - all these registrations show up as having been registered for 40 years and 36 weeks.
Cheers
Chris
The date sounds like it is
The date sounds like it is the start of 1970. I can't remember, but don't some operating systems use this as timestamp 0?
Sounds like they were created directly into the database rather than via the user registration.
-- SweeneyTodd
Yeah, that strikes me as what
Yeah, that strikes me as what may be happening as well. Now that I've adjusted permissions things seem to have been quiet so far. Here's hoping.
Thanks for that.
Chris