user able to register, all site options disabled?

Reply·Subscribe
daihlo
daihloPremium
2315 posts
0
 

Have a site in build, was shelved for a year. Recently updated to 7.1.4

have set to invitation only, emails need confirming, recaptcha in place, additional human test block in place...

STILL getting hundreds of spam account registering every day!!! They are also able to confirm emails.

Almost seems like something has gotten in the back door to open direct link to the join process bypassing everything in the front end?

 

Anyone seen this before?

Any thoughts on what could be giving this vulnerability (if thats whats happening) or how to test to find it?

Quote · 9 Sep 2013
Nathan Paton
Nathan PatonUndefined
9604 posts
0
 

The invite system is pretty easy to break - http://example.com/index.php?idFriend=1

 

There.  Invite code from the admin account.

 

I'd recommend enabling the antispam tools in Dolphin, especially the China blocklist.  Deano also has his own antispam module in the market that has been well received.

BoonEx Certified Host: Zarconia.net - Fully Supported Shared and Dedicated for Dolphin
Quote · 9 Sep 2013
Reply ›
 
 
Home
Features
Pricing
Hosting
Support
About
StartDemo
Below is the legacy version of the Boonex site, maintained for Dolphin.Pro 7.x support.
The new Dolphin solution is powered by UNA Community Management System.

Blogs

Dolphin.Pro News
BoonEx News
Our Journey
Social Software World
Community Voice

Help

Support Forums
Documentation
BoonEx at GitHub
Knowledge Base
Contact Support Team

Product

Dolphin.Pro Features
Live Demo & Sandbox
Download Packages
Pricing & Order
Contact Sales Team

Company

Contact Us
About BoonEx
Privacy Policy
Terms & Conditions
© BoonEx Pty Ltd