Solved

Joomla sites I have created have got a rouge user registering.....I don't know how they got registered....HELP!!

Posted on 2008-10-29
3
440 Views
Last Modified: 2013-11-30
Something quite scary has happened.
I have developed a number of Joomla sites over the last 3 years.
I have just received about 6 emails from various sites telling me that a user has registered on these sites.
I have my email registered as the web administrator so I would receive these emails.
The BIG concern is:
These sites DON"T have a user login section so I don' t know how this person has become registered!!
There is NOTHING from the front end that allows a user to register.
The sites are all hosted on various servers so they are not all from one host.
The same username and password has been issued throughout so it appears as though one person has been tampering in the backend of my site.
I am really scared.
Can someone help shed some light as to what is going on?
TIA
0
Comment
Question by:Amanda Watson
3 Comments
 
LVL 4

Accepted Solution

by:
NetcastersDesign earned 300 total points
Comment Utility
This has happened to hundreds of Joomla websites over the last couple of days.  This seems to only effect Joomla 1.1x versions.  The user "margarittaes@free250host.com" It's just a spam bot.

If you wish to secure your sites, unpublishing the user registration page is simply not enough.  You will need to disable user registration.  Simply delete the user from the database and make that change in the configuration.

I also recommend updating your Joomla to the latest version. http://www.joomla.org/download.html

This has happened to about 9 of my own sites, so I am doing the same thing.  Just take a deep breath and make sure you are keeping your sites up to date.
0
 
LVL 15

Assisted Solution

by:MMDeveloper
MMDeveloper earned 200 total points
Comment Utility
disabling registration via the global configuration will stop it, unless you've hacked up the registration process in a manner that allows registration. That and if you require activation for each account, if someone had been registered, they still couldn't log into their accounts without supplying a valid email address, reading the email, and clicking on the activation link.
0
 
LVL 11

Author Closing Comment

by:Amanda Watson
Comment Utility
Phew, what a relief...Thank you very much!!
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Suggested Solutions

Data center, now-a-days, is referred as the home of all the advanced technologies. In-fact, most of the businesses are now establishing their entire organizational structure around the IT capabilities.
Nothing in an HTTP request can be trusted, including HTTP headers and form data.  A form token is a tool that can be used to guard against request forgeries (CSRF).  This article shows an improved approach to form tokens, making it more difficult to…
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now