This is a very very stupid problem: My website is more or less useless now I can't use the user registration feature. The minute I keep it open to the public some geek with a script floods my mail server with 5000 fake registrations.
This sucks because its a website where new users come to ask questions. They can't without registration, because if I keep it open for anyone they will flood the site that way.
Sooooo... any ideas??
Thanks
Login
Donate to Zikula
Core Modules & Blocks
::
Postnuke useless: hackers that flood user registration
-
- rank: Freshman
- registered: June 2002
- last visit: 14.01.07
- Posts: 20
-
Posted: 02.03.2003, 16:04
-
- rank: Moderator
- registered: March 2002
- last visit: 26.08.08
- Posts: 7720
-
Posted: 02.03.2003, 17:28
palaceplanet
This is a very very stupid problem: My website is more or less useless now I can't use the user registration feature. The minute I keep it open to the public some geek with a script floods my mail server with 5000 fake registrations.
This sucks because its a website where new users come to ask questions. They can't without registration, because if I keep it open for anyone they will flood the site that way.
Sooooo... any ideas??
Thanks
There is any way currently with in PN to achieve this but you can ban an ip address using a .htaccess file.
See this link for information on banning ip address (or ip ranges).
I'm look at features of a security script from http://www.cafecounterintelligence.com/ with a view to incorporating these features in a future release of PN. This security script doesn't work out of the box so the .htaccess method is your best bet currently.
All of the above only works if your using apache as the web server.
Hope this helps.
-Mark -
- rank: Freshman
- registered: June 2002
- last visit: 14.01.07
- Posts: 20
-
Posted: 02.03.2003, 18:06
Thanks Mark,
The .htacces link is a good info site, the only prob is they used around 500 different ip's. So theyr probly a lot of fakes or abusing pc's with open ports. So I'm afraid user registration will be turned off and I will have to look for alternatives.
Thanks for your help
Maarten -
- rank: Moderator
- registered: March 2002
- last visit: 26.08.08
- Posts: 7720
-
Posted: 02.03.2003, 18:08
palaceplanet
Thanks Mark,
The .htacces link is a good info site, the only prob is they used around 500 different ip's. So theyr probly a lot of fakes or abusing pc's with open ports. So I'm afraid user registration will be turned off and I will have to look for alternatives.
Thanks for your help
Maarten
If the IP's are on the same network(s) you can ban the entire subnet range. Also take a look on mods.postnuke.com for either xuser or pncuser hack. These both add functionality to the registration process (include admin approval) which may help you.
-Mark -
- rank: Moderator
- registered: March 2002
- last visit: 26.08.08
- Posts: 7720
-
Posted: 02.03.2003, 18:13
palaceplanet
Thanks Mark,
The .htacces link is a good info site, the only prob is they used around 500 different ip's. So theyr probly a lot of fakes or abusing pc's with open ports. So I'm afraid user registration will be turned off and I will have to look for alternatives.
Thanks for your help
Maarten
I've had another thought as well. KingRichard (a long time PN coder) has just published this article on news.postnuke.com (as a follow up to one on mods.postnuke.com. This may help.
http://news.postnuke.com/modules.php?op=modload&name=News&file=article&sid=2374
-Mark -
- rank: Freshman
- registered: March 2003
- last visit: 04.03.03
- Posts: 3
-
Posted: 03.03.2003, 03:46
I just made this hack this morning, and it works excellent.
Make a file and name it ban.php.
Put this code in the ban.php file:
Code
THIS IS IMPORTANT
Make sure you don't have any trailing lines or spaces after the ?> or it will give you errors.
Next insert this into the index.php file right after the
Users online
- Guite,
- HalbrookTech,
- Simon,
- ToonDawg,
- bartl,
- billthecat,
- jaenosjelantru,
- nestormateo,
- pheski,
- whiskey-town
