We use cookies to help make our site work properly and to analyze how our site is used. Some are optional, but none contain your personal information, and we don't use any for ads. You can view our cookies policy, manage your cookie preferences, or consent and dismiss this banner by clicking agree:

Agree
ExpressionEngine CMS
Open, Free, Amazing

Thread

This is an archived forum and the content is probably no longer relevant, but is provided here for posterity.

The active forums are here.

Member Registration - Something is Very Wrong!!

April 10, 2011 8:46am

Subscribe [3]

  • #1 / Apr 10, 2011 8:46am

    [email protected]

    13 posts

    I have recently received many new Member Registrations (only stumbled across this whilst looking in the View Members page). This may not sound odd but I do not have a Member Registration Form on my website! I do not have Members – only myself and two others which I created! How could many different people be registering?

    I suspect they are trying to register on a website(?) but their form is, somehow, being directed to my site where they are being registered. Could my website address be somehow included in another site’s registration system?

    I turned off ‘Allow New Members’ for a while and then back on and the same thing is happening. I have configured the site to ensure new members are labelled ‘Pending’ so as to disallow any further actions. I have emailed the individuals but with no response so far.

    Can anyone assist please, this is very perplexing!!
    http://www.quaywestliving.co.uk
    EE 1.6.4

    Denise

  • #2 / Apr 10, 2011 11:50am

    giusi

    94 posts

    Hi,

    this could be the cause:

    Profile Triggering Word
    When this word is encountered in your URL it will display your member profile area. The word you choose can not be the name of an existing template group. The default value of this is “member”. That means that a URL like the following would trigger ExpressionEngine to display the member profile area:
    http://example.com/index.php/member/profile/

    From Membership Preferences.

    In short EE has default member pages that spammers can use to access to registration. Those articles can help you alleviate or solve the problem.

  • #3 / Apr 11, 2011 3:13pm

    [email protected]

    13 posts

    Hi Giusi,

    Thank you for your very helpful & informative response. I have changed the ‘Profile Triggering Word’ and also turned off the Guest Member Group’s ability to view Public Profiles.

    This seems to have halted all New Registration attempts.

    Above all I have now disabled New Member Registrations (which I appreciate is the be-all-and-end-all of preventing this kind of intrusion in the first place) as I do not need this function for my site.

    Hopefully nothing untoward has occurred in the interim.

    Many thanks for your assistance in this matter

    Regards
    Denise

  • #4 / May 23, 2011 1:24am

    [email protected]

    13 posts

    Having carried out all of the preventative measures, outlined above in the previous posts, I have successfully prevented any new member registrations. However whilst checking my server error logs I am still getting many 404s for the following (non-existent) pages which someone is still trying to access such as the following:

    “GET /quaywestliving.co.uk//index.php/member/register
    “GET /quaywestliving.co.uk/products//index.php/member/register
    “GET /quaywestliving.co.uk//member/register
    “GET /quaywestliving.co.uk/products//member/register
    “GET /quaywestliving.co.uk/products/collections//member/register

    Could this be spammers still trying to access my site?

    I am also getting many, many 404s for non-existent pages which have been previously deleted, some many many months ago. Could there still be references to these pages left within EE, which I may not be aware of, or is it just Robots with out of date indices?

    Any suggestions would be gratefully received

  • #5 / May 23, 2011 1:48pm

    lebisol

    2234 posts

    Bots?

  • #6 / May 23, 2011 3:07pm

    [email protected]

    13 posts

    Thank You. That kind of very informative, articulate, lucid and eloquent response was very helpful… NOT

  • #7 / May 23, 2011 3:36pm

    lebisol

    2234 posts

    Any suggestions would be gratefully received

    I would say it met your requirement did not?

    Now, I think it would have been more appropriate to ask how to investigate if they are bots or visitors rather that being a smart a**.

    Start examining your server logs and then look up IPs that are hitting those URLs. Then determine the origin of IPs and find out if they are ISP or IPs registered to bots and search engines. You also have to look how they are landing on those pages, perhaps you have a link in your templates that lead to URLs above?
    Chances are it will just take time for engines to clear their own indexes.

  • #8 / May 23, 2011 3:50pm

    [email protected]

    13 posts

    Now that’s the kind of response that “would have gratefully been received” in the first place.

    As for your reference to “Smart A**”.... well… it takes one to know one.

  • #9 / May 23, 2011 4:11pm

    lebisol

    2234 posts

    Now that’s the kind of response that “would have gratefully been received” in the first place.

    As for your reference to “Smart A**”.... well… it takes one to know one.

    LOL so true hahaha 😊
    Well, hope this does help.

.(JavaScript must be enabled to view this email address)

ExpressionEngine News!

#eecms, #events, #releases

© Packet Tide, All Rights Reserved. Legal Notices

Username

Password

Forgot password?
or Register