Thread

It seems we have two problems on our site:

1 - Registration Spam (I’m trying some tips from another thread)
2 - we just found someone registered as a subscriber, who has no reason to be there at all. He has not made a purchase - which is required to become a subscriber.

We don’t have forums or even comments, but people do need to register to make a purchase.

How did he do this?
http://www.gazettejournal.net

Same user is in your member list, and in solspace, and in several other EE sites. All list him as joined the same day he joined our site - 9/27/10

Hi Gazette Journal,

ExpressionEngine has some pre-built templates for registration and the like, and unless you protect them, they can be accessed for spamming.  Is it possible that your spammer registered through the member/register template here:

http://www.gazettejournal.net/index.php/member/register

Or edited his profile through the template here:

http://www.gazettejournal.net/index.php/member/profile

Thanks for the assist, Will.

gazettejournal, does that help at all?

That’s exactly what happened. In fact, you’ll notice I just registered as EETest.

And the protecting solution could be to rename the “member” part of the URL into something_else. The actual link to your registration Template would be in that case: http://www.gazettejournal.net/index.php/something_else/register. And no-one guesses that. But do not forget to alter all the links in your Templates once you have “hidden” the Member Templates.

Hi gazettejournal,

Do you still need further assistance?

@atelier2, thanks for the assist.

Cheers

Greg

Sorry for the long delay in reply. I’ll make those changes.
Thank you everyone!

No worries, that’s what we’re here for. Don’t hesitate to post again as needed.