Advanced search  

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Pages: [1]   Go Down

Author Topic: Unknown users registering in bulk  (Read 5702 times)

0 Members and 1 Guest are viewing this topic.

ranjul

  • Coppermine newbie
  • Offline Offline
  • Posts: 4
Unknown users registering in bulk
« on: December 07, 2011, 04:06:24 pm »

I had cpg1.5.10 installed when this issue occurred first. Since an upgrade was suggested on the forums, I upgraded to cpg 1.5.16.
But now the frequency of unknown/junk users registering and activating themselves has increased.

Following are the two emails I get:

Mail 1:

Subject: Ranjul's Photo Gallery - Registration notification
Body:
A new user with the username "WEWE782lcn" has registered in your gallery

Mail2:

Subject: Ranjul's Photo Gallery - Registration request
Body:
A new user with the username "WEWE782lcn" has registered in your gallery.
In order to activate the account, you need to click on the link below or copy and paste it in your web browser.
http://www.ranjul.com/coppermine1510/register.php?activate=5dd9d9e51364a7f7c7a7db8aca687bfb


If you notice, the user name seems to be system generated. I also see these users as valid users in the user list.
Am I missing something in the setup or is it still an open issue?

I have taken down my site temporarily as I don't know if this attack is harmful or not.

Appreciate any help that I can get.

Thanks,
Ranjul
======

Logged

Joe Carver

  • Dev Team member
  • Coppermine addict
  • ****
  • Country: us
  • Offline Offline
  • Gender: Male
  • Posts: 1543
  • aka 'i-imagine'
    • Home Page
Re: Unknown users registering in bulk
« Reply #1 on: December 08, 2011, 12:30:50 am »

The site in your link returns a 404...

So the question is - are you using the captcha feature built into cpg 1.5.x?

You should - read your docs and see the help icons in the Config menu.

ranjul

  • Coppermine newbie
  • Offline Offline
  • Posts: 4
Re: Unknown users registering in bulk
« Reply #2 on: December 08, 2011, 04:46:54 am »

Joe, I have enabled captcha and haven't received any junk user registrations in the last 10-15mins.

Thanks a lot for reminding me of this feature. It just didn't click to me to enable it.



Logged

ranjul

  • Coppermine newbie
  • Offline Offline
  • Posts: 4
Re: Unknown users registering in bulk
« Reply #3 on: December 08, 2011, 06:13:30 pm »

I have received 2 more mails for user registration, even after enabling captcha. Am I still missing something?

Thanks,
Ranjul
======
Logged

Joe Carver

  • Dev Team member
  • Coppermine addict
  • ****
  • Country: us
  • Offline Offline
  • Gender: Male
  • Posts: 1543
  • aka 'i-imagine'
    • Home Page
Re: Unknown users registering in bulk
« Reply #4 on: December 09, 2011, 01:12:59 am »

.... Am I still missing something?

Yes. please post a link to your Coppermine in the future as listed in the board rules. It will help to see if there is something wrong.

Yes again, if you search around the Support Forum you would find the reCaptcha plugin.
http://forum.coppermine-gallery.net/index.php/topic,57439.0.html
Review the thread.

Try to remember that no spam solution can stop human spammers from defeating a captcha.

Moving to Miscellaneous.

ranjul

  • Coppermine newbie
  • Offline Offline
  • Posts: 4
Re: Unknown users registering in bulk
« Reply #5 on: December 09, 2011, 03:31:39 pm »

sorry! My link: http://photos.ranjul.com

I will go through the reCaptcha plugin this weekend and try it out. since the user name is like qae121381, wxmjw035 and so. , I assumed its some kind of bots. But yes, nothing can stop human spammers.

As you can tell, I am new to this and still learning the features... Thanks for your patience.

Thanks,
Ranjul
=====
Logged

Αndré

  • Administrator
  • Coppermine addict
  • *****
  • Country: de
  • Offline Offline
  • Gender: Male
  • Posts: 15764
Re: Unknown users registering in bulk
« Reply #6 on: December 12, 2011, 02:48:55 pm »

Your website seems to have a limited user rage (family members & friends). Maybe you want to disable the registration process and instead add new users with the user manager manually.
Logged
Pages: [1]   Go Up
 

Page created in 0.022 seconds with 19 queries.