Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Joomla sites I have created have got a rouge user registering.....I don't know how they got registered....HELP!!

Posted on 2008-10-29
3
446 Views
Last Modified: 2013-11-30
Something quite scary has happened.
I have developed a number of Joomla sites over the last 3 years.
I have just received about 6 emails from various sites telling me that a user has registered on these sites.
I have my email registered as the web administrator so I would receive these emails.
The BIG concern is:
These sites DON"T have a user login section so I don' t know how this person has become registered!!
There is NOTHING from the front end that allows a user to register.
The sites are all hosted on various servers so they are not all from one host.
The same username and password has been issued throughout so it appears as though one person has been tampering in the backend of my site.
I am really scared.
Can someone help shed some light as to what is going on?
TIA
0
Comment
Question by:Amanda Watson
3 Comments
 
LVL 4

Accepted Solution

by:
NetcastersDesign earned 300 total points
ID: 22836737
This has happened to hundreds of Joomla websites over the last couple of days.  This seems to only effect Joomla 1.1x versions.  The user "margarittaes@free250host.com" It's just a spam bot.

If you wish to secure your sites, unpublishing the user registration page is simply not enough.  You will need to disable user registration.  Simply delete the user from the database and make that change in the configuration.

I also recommend updating your Joomla to the latest version. http://www.joomla.org/download.html

This has happened to about 9 of my own sites, so I am doing the same thing.  Just take a deep breath and make sure you are keeping your sites up to date.
0
 
LVL 15

Assisted Solution

by:MMDeveloper
MMDeveloper earned 200 total points
ID: 22836963
disabling registration via the global configuration will stop it, unless you've hacked up the registration process in a manner that allows registration. That and if you require activation for each account, if someone had been registered, they still couldn't log into their accounts without supplying a valid email address, reading the email, and clicking on the activation link.
0
 
LVL 11

Author Closing Comment

by:Amanda Watson
ID: 31511457
Phew, what a relief...Thank you very much!!
0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Most of the applications these days are on Cloud. Cloud is ubiquitous with many service providers in the market. Since it has many benefits such as cost reduction, software updates, remote access, disaster recovery and much more.
3 proven steps to speed up Magento powered sites. The article focus is on optimizing time to first byte (TTFB), full page caching and configuring server for optimal performance.
This video teaches users how to migrate an existing Wordpress website to a new domain.
Video by: Mark
This lesson goes over how to construct ordered and unordered lists and how to create hyperlinks.

789 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question