Solved

Joomla sites I have created have got a rouge user registering.....I don't know how they got registered....HELP!!

Posted on 2008-10-29
3
448 Views
Last Modified: 2013-11-30
Something quite scary has happened.
I have developed a number of Joomla sites over the last 3 years.
I have just received about 6 emails from various sites telling me that a user has registered on these sites.
I have my email registered as the web administrator so I would receive these emails.
The BIG concern is:
These sites DON"T have a user login section so I don' t know how this person has become registered!!
There is NOTHING from the front end that allows a user to register.
The sites are all hosted on various servers so they are not all from one host.
The same username and password has been issued throughout so it appears as though one person has been tampering in the backend of my site.
I am really scared.
Can someone help shed some light as to what is going on?
TIA
0
Comment
Question by:Amanda Watson
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 4

Accepted Solution

by:
NetcastersDesign earned 300 total points
ID: 22836737
This has happened to hundreds of Joomla websites over the last couple of days.  This seems to only effect Joomla 1.1x versions.  The user "margarittaes@free250host.com" It's just a spam bot.

If you wish to secure your sites, unpublishing the user registration page is simply not enough.  You will need to disable user registration.  Simply delete the user from the database and make that change in the configuration.

I also recommend updating your Joomla to the latest version. http://www.joomla.org/download.html

This has happened to about 9 of my own sites, so I am doing the same thing.  Just take a deep breath and make sure you are keeping your sites up to date.
0
 
LVL 15

Assisted Solution

by:MMDeveloper
MMDeveloper earned 200 total points
ID: 22836963
disabling registration via the global configuration will stop it, unless you've hacked up the registration process in a manner that allows registration. That and if you require activation for each account, if someone had been registered, they still couldn't log into their accounts without supplying a valid email address, reading the email, and clicking on the activation link.
0
 
LVL 11

Author Closing Comment

by:Amanda Watson
ID: 31511457
Phew, what a relief...Thank you very much!!
0

Featured Post

Increase Agility with Enabled Toolchains

Connect your existing build, deployment, management, monitoring, and collaboration platforms. From Puppet to Chef, HipChat to Slack, ServiceNow to JIRA, Splunk to New Relic and beyond, hand off data between systems to engage the right people.

Connect with xMatters.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article discusses how to implement server side field validation and display customized error messages to the client.
When the s#!t hits the fan, you don’t have time to look up who’s on call, draft emails, call collaborators, or send text messages. An instant chat window is definitely the way to go, especially one like HipChat. HipChat is a true business app. An…
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…
Video by: Mark
This lesson goes over how to construct ordered and unordered lists and how to create hyperlinks.

717 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question