Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
By bobbydonohue on
Hi all,
Has anyone had a new user create an account on their site: veneamin1984?
I'm running several Drupal sites and within a few hours of each other, all had requests to create an account for this user. I did a Google search on the username and found Member Profiles for all kinds of sites with this user name, all made within the last 2 days.
I'm not sure if this is something to keep an eye on, or if it's just some spider out there making accounts for no apparent reason. Just thought I'd ask what's up with this? Thanks.
Best,
Bobby Donohue
Comments
Same here. User was created
Same here.
User was created via regular registration. I blocked the user at admin/user/rules now. Also, I added another mandatory field to the registration form. I use content profiles for all other users and user activation by administrator.
veneamin1984
Hi Bobby,
He tried to access our site twice over the past 2 weeks, and we manually deleted him.
We're using D7. Is there a way to block his IP?
Thanks,
Pete
Sinister
I searched the name and dozens of sites turn up with registrations from this name and they all appear to be in the last couple of days/weeks. This doesn't just look like some random person goofing around. A couple of pages even seem to be hacked/hijacked.
Just got the hit myself a couple of minutes ago and I wasn't content believing someone just happened to fill out a user request. Especially not since it isn't even a visible option on this particular site.
Maybe someone should look further into this?
MySQL replication breaks as well...
We further see, that this user breaks our replication somehow:
Error 'Duplicate entry '123' for key 1' on query. Default database: ''. Query: 'INSERT INTO users (name, mail, timezone, pass, init, status, created) VALUES ('veneamin1984', 'veneamin1984@mail.ru', 7200, '', 'veneamin1984@mail.ru', 1, )'
We found that the record before the replication broke was empty (with uid 123) and then the insert follows. Somehow odd because that should never happen (master should already through an error). Possibly a MySQL bug as well?
I got this as well today.My
I got this as well today.
My user reg is set to administrator-approval.
I just turned off user reg anyways, I don't need it.
FYI, my site isn't very publicly visible either... I mean I have almost 0 traffic. And no apparent links to the user reg page or any login page.
hisopolko166 has applied for an account.
New Spammer:
hisopolko166 has applied for an account.
Anyone else?
Same here
I also got that sign up a number of times across my sites I also have this one from 2 weeks ago, but they are logging in and out of my site at the exact same time.
diddiskefly[at]gmail.com
so, is Drupal safe still?
so, is Drupal safe still?
I got his ip @
I got his ip @ 188.143.232.189. Did a ip lookup and found its located somewhere in russia, see http://whatismyipaddress.com/ip/188.143.232.189.
veneamin1984
I have had both veneamin1984 and hisopolko166 hit several of our sites in the last three days. Our user registration requires approval so nothing happened but it is something to watch.
I also had someone try to
I also had someone try to register 'veneamin1984' today.
blog
0.0
Subscribe.
Err, if I get this right, this script just create a user but does nothing?
Seems like the case to
Seems like the case to me.
They probably want to do more, and working towards that.
He/she were around my site too
FYI, on another site of mine
FYI, on another site of mine I don't frequently access, other fake users have been created:
veneamin1984
outmu1972
guckjoh1977
carolyn2e
leewebevy
timothyqr
francis6u
anthony1a
ericboyfb
Look into module "Mollom"; or search "spam".
As I understand it, the free version (it has a $ premium version also)
of the "Mollom" module can eliminate a chunk of those users by blocking their common IP addresses that are known sources of such bogus users...
http://drupal.org/project/mollom
or Search drupal.org or specifically the 'modules' area using the search keyword 'spam'.
All the best; intended.
-Chris (great-grandpa.com)
___
"The number one stated objective for Drupal is improving usability." ~Dries Buytaert *
Hello, is this security issue
Hello,
is this security issue solved?
Best regards
Frank
this bot update content
New update, this bot update content, appended
<br><a href="#">viagra</a>
.Created numerous weird user account, 600 or more.
I checked permissions, registered user can't create or update Node, at least at the time when I did see the permission page.
Drupal version 6.13. :P
There is Captcha-6.x-1.0-rc2 but the registration form is not protected by captcha.