I have an older 2.6x site that I can’t upgrade because plugin dependencies won’t work.
Anyway today I discovered 195,000 user registrations on the site. Despite cleaning them they were coming in at about one registration every 3 seconds. I installed a whole bunch of devotee plugins to no avail and even tried locking the member group (which failed).
In the end I looked up the server log and noted the attack was focussed on:
/member/register (the stupid fking ee themes directory).
I locked that down with .htaccess but it wasn’t enough. The form was auto posting using the act id of register_member. I changed the act_id to a new name and it now seems to be ok.
Is there a way to disable those theme pages (like /?/member/register) through the front end of the site?