Hi,

I can not figure out how spammers are able to register on my site:
Sailing website

I have disabled all possible login modules there,like custom, module_login, k2_login but still they are registering on my site as users?
how is that possible??? where on the site are the finding that? I have searched and all that has a login suffix is disabled?

Hi Johnnie,

Looks like you've disabled it now, but previously they might have been going through:
www.adriatic-challenge.com/index.php?option=com_login
or
www.adriatic-challenge.com/component/user/register

Are you still having issues now that those areas are disabled?

Kind regards,
Nick

I dont know how to disable those links you gave me, but even after all login modules are disabled I get some user registered...which is weird to me?

and yes after I have disabled everything Iam still getting registered users (mostly russian @yandex.ru)

Hi Johnnie,

Those users are using bots to test every possible vulnerability on your site.They are persistent and never get tired. The criminal developers keep coming up with new ways to get at the site, and eventually figure out a new one as soon you figure out how to stop them.

The best thing to do is to review our course on security and consider a firewall or proxy server.
www.ostraining.com/courses/class/joomla-25/security/view/

Some helpful resources
Akeeba Admin Tools Pro - www.akeebabackup.com/products/admin-tools.html

RS Firewall can help.www.rsjoomla.com/joomla-extensions/joomla-security.html

Or a proxy service like Incapsula. www.ostraining.com/blog/general/incapsula/

You should check these out and see if any fit your needs. There are lots of others as well.

cheers,
ed

actually I do have RS Firewall installed...
I will check with their support

Fighting spam and sploggers is a never ending battle. Good luck.

Cheers,
Ed

I want to reopen this question, I have found pages where people (spam register new users) :
www.adriatic-challenge.com/create-an-account.html
then:http://www.adriatic-challenge.com/index.php?option=com_user&lang=de&view=register
or www.adriatic-challenge.com/de/neuen-account-anlegen.html
how do I disable these pages??? I can find any such page in the backend, where should I locate them???
thanks for helping

Hi Johnniek2

Have disable new user registration inside Global Configuration?

Or are you still allowing people to register on the site by other means?

Hi Steve, thanks a lot!!! I hope this will solve my problem...this was the only place where they could still register?

I made a mistake, the option is actually in Users > User Manager > Options > Allow User Registration.

Yes, this will turn off any chance they have to register.