Solved

Joomla sites I have created have got a rouge user registering.....I don't know how they got registered....HELP!!

Posted on 2008-10-29
3
441 Views
Last Modified: 2013-11-30
Something quite scary has happened.
I have developed a number of Joomla sites over the last 3 years.
I have just received about 6 emails from various sites telling me that a user has registered on these sites.
I have my email registered as the web administrator so I would receive these emails.
The BIG concern is:
These sites DON"T have a user login section so I don' t know how this person has become registered!!
There is NOTHING from the front end that allows a user to register.
The sites are all hosted on various servers so they are not all from one host.
The same username and password has been issued throughout so it appears as though one person has been tampering in the backend of my site.
I am really scared.
Can someone help shed some light as to what is going on?
TIA
0
Comment
Question by:Amanda Watson
3 Comments
 
LVL 4

Accepted Solution

by:
NetcastersDesign earned 300 total points
ID: 22836737
This has happened to hundreds of Joomla websites over the last couple of days.  This seems to only effect Joomla 1.1x versions.  The user "margarittaes@free250host.com" It's just a spam bot.

If you wish to secure your sites, unpublishing the user registration page is simply not enough.  You will need to disable user registration.  Simply delete the user from the database and make that change in the configuration.

I also recommend updating your Joomla to the latest version. http://www.joomla.org/download.html

This has happened to about 9 of my own sites, so I am doing the same thing.  Just take a deep breath and make sure you are keeping your sites up to date.
0
 
LVL 15

Assisted Solution

by:MMDeveloper
MMDeveloper earned 200 total points
ID: 22836963
disabling registration via the global configuration will stop it, unless you've hacked up the registration process in a manner that allows registration. That and if you require activation for each account, if someone had been registered, they still couldn't log into their accounts without supplying a valid email address, reading the email, and clicking on the activation link.
0
 
LVL 11

Author Closing Comment

by:Amanda Watson
ID: 31511457
Phew, what a relief...Thank you very much!!
0

Featured Post

Free camera licenses with purchase of My Cloud NAS

Milestone Arcus software is compatible with thousands of industry-leading cameras for added flexibility. Upon installation on your My Cloud NAS, you will receive two (2) camera licenses already enabled in the software. And for a limited time, get additional camera licenses FREE.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Learn by example how to specify CSS selectors for Selenium WebDriver test automation software.
Developer portfolios can be a bit of an enigma—how do you present yourself to employers without burying them in lines of code?  A modern portfolio is more than just work samples, it’s also a statement of how you work.
This tutorial walks through the best practices in adding a local business to Google Maps including how to properly search for duplicates, marker placement, and inputing business details. Login to your Google Account, then search for "Google Mapmaker…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

947 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now