You are missing our premiere tool bar navigation system! Register and use it for FREE!

NukeCops  
•  Home •  Downloads •  Gallery •  Your Account •  Forums • 
Readme First
- Readme First! -

Read and follow the rules, otherwise your posts will be closed
Modules
· Home
· FAQ
· Buy a Theme
· Advertising
· AvantGo
· Bookmarks
· Columbia
· Community
· Donations
· Downloads
· Feedback
· Forums
· PHP-Nuke HOWTO
· Private Messages
· Search
· Statistics
· Stories Archive
· Submit News
· Surveys
· Theme Gallery
· Top
· Topics
· Your Account
Who's Online
There are currently, 306 guest(s) and 0 member(s) that are online.

You are Anonymous user. You can register for free by clicking here
Nuke Cops :: View topic - userregistring must stop [ ]
 Forum FAQ  •  Search  •   •  Memberlist  •  Usergroups   •  Register  •  Profile •    •  Log in to check your private messages  •  Log in

 
Post new topic  Reply to topicprinter-friendly view
View previous topic Log in to check your private messages View next topic
Author Message
JallaBalla
Captain
Captain


Joined: May 01, 2003
Posts: 310

Location: Oslo, Norway

PostPosted: Tue Aug 01, 2006 11:07 pm Reply with quoteBack to top

I get random potential spammers everyday registred on my sites. I (the admin) want to accept ALL new accounts before their accounts are activated (manually). Is this possible?

_________________
JallaBalla
...a Paying customer of PHP-Nuke
8.0 / 2.20
Find all posts by JallaBallaView user's profileSend private messageICQ Number
spottedhog
Captain
Captain


Joined: Apr 30, 2004
Posts: 561


PostPosted: Wed Aug 02, 2006 3:35 am Reply with quoteBack to top

I would suggest a 2 part method..... One part is to block spammers in your .htaccess file with a list of known spammers, and part 2 to do the approve members like you suggest.

For the approve members, I think there is someone from the UK who has a module or hack for this. Do a search here on Approve Members and go from there.

_________________
SMF-Nuke admin

SMF and PHP Nuke integration is ready! Take a look at it by clicking on the link above.
Find all posts by spottedhogView user's profileSend private messageSend e-mailVisit poster's website
XenoMorpH
Lieutenant
Lieutenant


Joined: Aug 24, 2003
Posts: 187

Location: Coevorden, Netherlands

PostPosted: Fri Aug 04, 2006 1:08 am Reply with quoteBack to top

I'm havinf the same issue here...people posting crap stuff in the forums.
I have allowed guest posts, cuz I know pople don't always want to register...I know I don't Laughing

Is there a mod to display a code when posting without having to set the site/posting to registration only?

_________________
http://www.tdi-hq.com
MSN- status: Image
Find all posts by XenoMorpHView user's profileSend private message
spottedhog
Captain
Captain


Joined: Apr 30, 2004
Posts: 561


PostPosted: Fri Aug 04, 2006 4:11 am Reply with quoteBack to top

There is no such mod, hence, registration.

Since you do not wish to force registered users only to post, you could block spammers using the .htaccess file. This could eliminate some of your issue.

_________________
SMF-Nuke admin

SMF and PHP Nuke integration is ready! Take a look at it by clicking on the link above.
Find all posts by spottedhogView user's profileSend private messageSend e-mailVisit poster's website
deech
Nuke Soldier
Nuke Soldier


Joined: Jun 29, 2005
Posts: 32


PostPosted: Wed Aug 23, 2006 11:28 am Reply with quoteBack to top

I've recently been getting a lot of people registering on my site lately about 4-6 a day now. A lot of them have lotto or something like that in there name. My site requires registration and I haven't been getting any spam posts in the forums, but my question is ... is there anything I should be concerned about? Anything else they can do?
Find all posts by deechView user's profileSend private messageVisit poster's website
HalJordan
Support Staff
Support Staff


Joined: Aug 07, 2004
Posts: 1117

Location: Somewhere around Hunan, China

PostPosted: Wed Aug 23, 2006 5:44 pm Reply with quoteBack to top

They could overwhelm your host's server, launch a DOS attack on you or someone else, or maybe try other mischief. Do you require the security code to log in?

_________________
Obedezco, pero no cumplo.

Proprietor, www.computernewbie.info
Support staff, www.nukecops.com
Find all posts by HalJordanView user's profileSend private messageSend e-mailVisit poster's websiteAIM Address
deech
Nuke Soldier
Nuke Soldier


Joined: Jun 29, 2005
Posts: 32


PostPosted: Fri Aug 25, 2006 8:38 pm Reply with quoteBack to top

Yeah, we do require the security code to register. Anything else I need to do?
Find all posts by deechView user's profileSend private messageVisit poster's website
Supertex
Nuke Cadet
Nuke Cadet


Joined: Apr 27, 2003
Posts: 4


PostPosted: Thu Sep 28, 2006 1:27 pm Reply with quoteBack to top

Uh...let me warn you..

That is EXACTLY what preceeded my site getting hacked. I noticed several account names....names that begged to be deleted. I went to the forums, which sadly were 2.0.2, and began one by one removing them. From the very start of it, after the deletion, it went into debug mode. I thought that was strange, but continued to delete the accounts. After the 3rd one, I didnt think it was a good idea to continue in that way. So I then went straight to the DB, and began deleting the accounts there. Once I finished that, I went and did a complete DB backup. After the backup was done, I switched out of the admin panel, back to the main page...there I noticed that names VERY similar ( or perhaps the exact same) were suddenly logged into my site. I went back to the admin panel, only to find out that I'd been locked out...and I guess you can figure out what happened from that point forward. It ended up with complete deletion of my entire forum, and some of the block's contents as well. The guy replaced my forum with a single linked image, and left the image on the front page of the site as well.

It took some effort, but I had the site back up and completely restored in 4 hrs. My concern is whether or not the attack was qued from my deleting those accounts. When I look at my nuke_popsettings table, most of those user accounts (and curiously enough ONLY those user accounts) all have entries there. Very quickly after getting the site back up, I noticed more and more of the questionably named accounts began to show back up. I'm assuming that when the forum went into debug mode, that the DBNAME and DBPASS were snared and relayed back to the account owner. Or perhaps removing them on the phpMyAdmin side is what caused the compromise? I'm not sure exactly how this was done, but im fairly confident that this hack was somewhat automated, and was a response to my actions.

Question is...how do I safely remove these user accounts now?

At the time, I was using phpNuke v6.5, and have since moved to v7.6 + ChatServ 3.2 + NukeSentinel.

If they have a script that will report back to them an error when a username no longer exists, will the error report not specify the DBNAME and DBPASS in the body of the error report??
Find all posts by SupertexView user's profileSend private message
Display posts from previous:      
Post new topic  Reply to topicprinter-friendly view
View previous topic Log in to check your private messages View next topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



Powered by phpBB © 2001, 2005 phpBB Group

Ported by Nuke Cops © 2003 www.nukecops.com
:: FI Theme :: PHP-Nuke theme by coldblooded (www.nukemods.com) ::
Powered by TOGETHER TEAM srl ITALY http://www.togetherteam.it - DONDELEO E-COMMERCE http://www.DonDeLeo.com - TUTTISU E-COMMERCE http://www.tuttisu.it
Web site engine's code is Copyright © 2002 by PHP-Nuke. All Rights Reserved. PHP-Nuke is Free Software released under the GNU/GPL license.
Page Generation: 0.045 Seconds - 112 pages served in past 5 minutes. Nuke Cops Founded by Paul Laudanski (Zhen-Xjell)
:: FI Theme :: PHP-Nuke theme by coldblooded (www.nukemods.com) ::