veneamin1984

Same here.
User was created via regular registration. I blocked the user at admin/user/rules now. Also, I added another mandatory field to the registration form. I use content profiles for all other users and user activation by administrator.

Hi Bobby,

He tried to access our site twice over the past 2 weeks, and we manually deleted him.

We're using D7. Is there a way to block his IP?

Thanks,
Pete

I searched the name and dozens of sites turn up with registrations from this name and they all appear to be in the last couple of days/weeks. This doesn't just look like some random person goofing around. A couple of pages even seem to be hacked/hijacked.

Just got the hit myself a couple of minutes ago and I wasn't content believing someone just happened to fill out a user request. Especially not since it isn't even a visible option on this particular site.

Maybe someone should look further into this?

We further see, that this user breaks our replication somehow:

Error 'Duplicate entry '123' for key 1' on query. Default database: ''. Query: 'INSERT INTO users (name, mail, timezone, pass, init, status, created) VALUES ('veneamin1984', 'veneamin1984@mail.ru', 7200, '', 'veneamin1984@mail.ru', 1, )'

We found that the record before the replication broke was empty (with uid 123) and then the insert follows. Somehow odd because that should never happen (master should already through an error). Possibly a MySQL bug as well?

I got this as well today.

My user reg is set to administrator-approval.
I just turned off user reg anyways, I don't need it.

FYI, my site isn't very publicly visible either... I mean I have almost 0 traffic. And no apparent links to the user reg page or any login page.

New Spammer:
hisopolko166 has applied for an account.

Anyone else?

I also got that sign up a number of times across my sites I also have this one from 2 weeks ago, but they are logging in and out of my site at the exact same time.

diddiskefly[at]gmail.com

I have had both veneamin1984 and hisopolko166 hit several of our sites in the last three days. Our user registration requires approval so nothing happened but it is something to watch.

I also had someone try to register 'veneamin1984' today.

Subscribe.

Err, if I get this right, this script just create a user but does nothing?

• Type: user
• Date: Thursday, April 5, 2012 - 21:43
• User: Anonymous (not verified)
• Location: http://baluertl.com/?q=user
• Referrer: http://baluertl.com/?q=user
• Message: Login attempt failed for veneamin1984.
• Severity: notice
• Hostname:188.143.232.189

FYI, on another site of mine I don't frequently access, other fake users have been created:

veneamin1984
outmu1972
guckjoh1977
carolyn2e
leewebevy
timothyqr
francis6u
anthony1a
ericboyfb

As I understand it, the free version (it has a $ premium version also)
of the "Mollom" module can eliminate a chunk of those users by blocking their common IP addresses that are known sources of such bogus users...

http://drupal.org/project/mollom

or Search drupal.org or specifically the 'modules' area using the search keyword 'spam'.

Hello,

is this security issue solved?

Best regards
Frank

New update, this bot update content, appended <br><a href="#">viagra</a>.

Created numerous weird user account, 600 or more.

I checked permissions, registered user can't create or update Node, at least at the time when I did see the permission page.

Drupal version 6.13. :P

There is Captcha-6.x-1.0-rc2 but the registration form is not protected by captcha.