• Resolved mynedd

    (@mynedd)


    Issue : We have encountered a bombardment of attempts to gain access, and have strengthened security, reducing flexibility in Limit Login Attempts plugin and strengthening passwords. While this has greatly reduced the attacks, we have one id which is penetrating and creating user records without any reference to admin for approval (default).
    I have had 8 from this id [email protected] with different stops inserted in the email address. Google shows that this id is a problem elsewhere in the world too. I have deleted all instances, but I do not seem to be able to prevent any further instances. At this stage I have not found any contingent action which has caused damage to data within the website, additional pages/posts, etc.
    Is anyone able to advise how I may be able to control this specific id, and any others using a similar approach to register and avoid detection?
    I have raised the access as a question with the hoster – IONOS – but they have referred it back.
    Thanks for your help – I hope it is something that we will be able to deal with!

Viewing 4 replies - 1 through 4 (of 4 total)
  • Plugin Support Towhid

    (@cryptex_vinci)

    Hi @mynedd

    You can blocklist an email address by following below steps:

    1. Go to Ultimate Member > Settings
    2. Click on “Access” tab
    3. Navigate to “Other” tab.
    4. Insert the email address you want to block in “Blocked Email Addresses” field.
    5. Click on “Save Changes”

    Thanks

    Thread Starter mynedd

    (@mynedd)

    Hi Asif (@cryptex_vinci)

    many thanks for your reply. I am familiar with the blacklisting process, but this id is submitting variations, e.g. r.o.l.o.+, rolop.+, ro.l.opo.+ – so there is an enormous number of permutations that would need to be added, and of course, email addresses can be created at the drop of a hat! I may have been able to associate an IP address, and have blocked the IP range. Since then I have had no issues – but my primary concern is that if a user registration can suddenly appear with no intervention, fully formed and approved, then that is a concern. Can you advise how that may have occurred, and how we might take actions to prevent it? Thanks

    Plugin Contributor Champ Camba

    (@champsupertramp)

    Hi @mynedd

    Do you have a service like Cloudflare to prevent these attacks?

    Regards,

    Plugin Contributor Champ Camba

    (@champsupertramp)

    Hi @mynedd
    This thread has been inactive for a while so we’re going to go ahead and mark it Resolved….Please feel free to re-open this thread by changing the Topic Status to ‘Not Resolved’ if any other questions come up and we’d be happy to help. ??

    Regards,

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Rogue user registering without control’ is closed to new replies.