1

Topic: Account still getting created despite new account being OFF

Bots are creating users on my forum despite me having disabled new creations. I also changed the cookie to something random, to no effect.
I think they found a way to fake the account confirmation email or something, but they entirely bypass the register page.

Anyone has seen this ?

Any fix ?

I'm running 1.2.21, with very very little tweaks.

2 (edited by MattF 2009-04-11 13:23)

Re: Account still getting created despite new account being OFF

So new registrations are disabled? Have you got an old backup/version of the forums still knocking about somewhere on the webserver, perchance?

3

Re: Account still getting created despite new account being OFF

Yes I had a forum.old, but it's not publicised in an index... I moved it off to see if it helps. How could they reach a directory that is not indexed ?

In fact, I had renamed the register.php register.php.bak and I still got accounts creation.. Could it be some sort of SQL injection ?

4

Re: Account still getting created despite new account being OFF

Well, I can confirm that accounts get created even without the register.php script.

I /I/ try to register a new account with the link, I get 404, but somehow the bots have a way around it and can create a new account AND post.

Help !

5

Re: Account still getting created despite new account being OFF

What are the webserver logs saying? Check their I.P against the logs and see what they're doing.