This is an archived forum and the content is probably no longer relevant, but is provided here for posterity.
The active forums are here.
June 15, 2010 1:49am
Subscribe [4]#1 / Jun 15, 2010 1:49am
I’m on EE 1.6.6
Suddenly, there’s over a hundred new ‘members’ who have accounts. These accounts are totally bogus. Some are listed as ‘pending’ and some as ‘members’ but they’re all bogus. We use membership entirely for internal access / CMS control functions only.
Security breach of some kind has occurred, after over a year of no problems in this area.
Known issue?
#2 / Jun 15, 2010 2:26am
brainwave,
This looks like registration spam. Lisa has a blog post dedicated to this and offers useful tips in combating it.
EE Blog : Fighting Registration Spam
Let us know if that helps
#3 / Jul 23, 2010 2:50pm
It seems that most of my spam registrations are using the option to not specify a Screen Name. When that happens, the new member’s Screen Name ends up being whatever the username is.
Do we have the option to “require” a different Screen Name during registration?
#4 / Jul 23, 2010 5:46pm
Hi genehil, while that’s not currently an option, it’s unclear whether that would help.
The best course of action would be using a profile trigger word other than ‘member’ and looking over our blog post that John Henry linked to previously. It’s not a security breach.