SOLVED Not sure what happened...possible security issue.
-
-
- Twiggliscious
- Elite Rocketeer
- Posts: 568
- Thanks: 0
- Joomla KungFu!!!
-
RT,
I had something interesting happen last night, I got a newly registered user on a joomla install, it was a spam bot or something like that... The only thing is...I hadn't setup any login access on the front end. I logged in, deleted the user...I know it was only a registered user, but still, I was confused as to how they managed to initiate a registration.
____________________________________________________
I'm using Vermilion - Responsive - Latest Template:
System Information
Setting Value
PHP Built On Linux server288.com 3.2.42-grsec #1 SMP Thu May 16 05:33:05 EDT 2013 x86_64
Database Version 5.5.32-percona-sure1-log
Database Collation utf8_general_ci
PHP Version 5.3.28
Web Server Apache
WebServer to PHP Interface cgi-fcgi
Joomla! Version Joomla! 3.3.0 Stable [ Ember ] 30-April-2014 14:00 GMT
Joomla! Platform Version Joomla Platform 13.1.0 Stable [ Curiosity ] 24-Apr-2013 00:00 GMT
User Agent Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
The site is live and has no user module setup...the only thing I found in settings that could have allowed this is the "Allow User Registation" in the "Users Manager." But, how can someone initiate a registration if there is no published login module.
If I'm over reacting that's cool. I just don't understand Joomla at this level and thought I'd ask the RT team.
Appreciate any insight.
Mike- - Last Edit: 10 years 11 months ago by Twiggliscious. Reason: DanG explained it...all is good in the universe.
-
Mike-
"Nobody cares who your father was, only the father you'll be." – Mandalorian saying...
-
-
-
- DanG
- Preeminent Rocketeer
- Posts: 36750
- Thanks: 3229
- Custom work done
-
Twiggliscious wrote:
But, how can someone initiate a registration if there is no published login module.
If I'm over reacting that's cool. I just don't understand Joomla at this level and thought I'd ask the RT team.
Cool?????????? We're all PARANOID
here!
Try this link on your site -> http://www.xxxxxx.com/index.php?option=com_users&view=login
and you'll get this (Please check the SECURE part of my reply.)
I checked Honeypot and they don't believe the IP address is malicious. (Please check the SECURE part of my reply.) -
The following users have thanked you: Twiggliscious
-
-
-
- Twiggliscious
- Elite Rocketeer
- Posts: 568
- Thanks: 0
- Joomla KungFu!!!
-
DanG,
Yeah, I ran the name the bot used through google and duckduckgo that night and had several security threat warnings pop up...both refused links due to threats...LOL. Now it's not showing anything. But the interesting links pointed back to several chinese sites...
No worries. I get the jist of your secure info...actually a nice trick to login to the front end.
Glad to know it wasn't a security bug.
Appreciate your taking the time to help.
Mike- -
Mike-
"Nobody cares who your father was, only the father you'll be." – Mandalorian saying...
-
Time to create page: 0.081 seconds