Registering new users (intrusions?)

  • Resolved Orsp

    (@orsp)


    5 months, 2 weeks ago

    Lately, despite the fact that on Worpress I have deactivated the option to register new users, new users are still being created. Even on your plugin I have deactivated the option to create new users, but I still get new user registrations, which are clearly intrusions, like:

    Inscription d’un nouveau compte sur votre site …?:
    Identifiant?: lover.cryaz
    E-mail?:?[email protected]

    I have also deactivated your plugin for now, awaiting your opinion.

    Best regards,

    Oriano

Viewing 10 replies - 1 through 10 (of 10 total)

  • WOW Hi, exactely the same was happend today to me,, same registration from lover.cryaz,, but another email address.. wow this is bad.. how this is happend? we has blocked new user registrations.. also we have the Login/signup Plugin in the newest version..
    please give me feedback about the danger of this situation. Should i deactivate the plugin?

    Best Regards Bruno

    • This reply was modified 5 months, 2 weeks ago by 3light.
    Plugin Author xootix

    (@xootix)

    Hello @orsp @3light

    Plugin does not create such users. Its the attackers/bots on your site.
    Since @orsp has disabled the registration form and still a new user got registered shows that the registrations are coming from somewhere else.
    I suspect its coming from => https://www.yourwebsite.com/wp-login.php?action=register
    Bots can simply visit this page and submit your form. There is no extra layer of protection.
    Please go to wp-admin -> general and disable “Anyone can register” option by the wordpress

    Now regarding plugin’s registration form, its less likely to be discovered by the bots ( due to JavaScript & Ajax based ) and most likely disabling the above option will prevent bots attack. However, if you still need a 100% attack proof solution, I suggest adding a reCAPTCHA to the forms.

    • This reply was modified 5 months, 2 weeks ago by xootix.
    • This reply was modified 5 months, 2 weeks ago by xootix.
    • This reply was modified 5 months, 2 weeks ago by xootix.

    Hi, thx for Feedback, the Settings disable “Anyone can register” option by the wordpress was already before disabled. also we had a gdpr compliance plugin.. maeby it comes from there.. in the past they had some risks.. but we had never a problem before.. i hope we can finde the problem..

    @orsp did You finde out already how the Attackers can make a Registration on Your Page ?
    Thx for Feedback. Best Regards to all

    Here Today was coming in a Update for: WPS Hide LoginHere Today was coming in a Update for:

    .9.16

    • Fix vulnerability : Login Page Disclosure

    Maeby this was the Problem..? then the Attacker can finde the Loginpage.. and maeby try from there..

    Thread Starter Orsp

    (@orsp)

    Hello @xootix I had already disable “Anyone can register” option by the wordpress ??

    @3light In my case, I am not using WPS Hide Login.

    In any case, since I deactivated the plugin, I have not had the creation of new accounts ??

    @xootix ok, I will try to add reCAPTCHA to the forms.

    @xootix i use the hide login plugin, and on the loginmask if anybody can finde it, the registration link is not visible.. i really wonder how the bots can create an account.Also the https://www.yourwebsite.com/wp-login.php?action=register function we has tested.. this will make a redirect to our 404 page. Please check your plugin again, because Orsp says if he turn off, he have no new user creations. from bots.. thx budys for feedback. best regards

    Plugin Author xootix

    (@xootix)

    If you’re getting multiple fake users registration and not just one random account, then its a spam bot & as per my knowledge, It doesn’t matter if you deactivate the plugin or not.
    This plugin is just a template for registration form, you can switch to some other form but if its a spam bot, it won’t matter unless you have some kind of reCAPTCHA protection or a plugin that protects your site from bots.
    Again, I could be wrong, you can try deactivating plugin.
    The one thing I can assure you is that this plugin does not contain any such code which will lead to auto create accounts. So you have nothing to worry about.

    @3light “i really wonder how the bots can create an account”
    – Yes, they surely can. Please google

    Hi all, @xootix @orsp

    thx for Info. I has deactivated the XML API for WordPress, via htaccess, and also blocked the function for new registrations via htaccess.. and some credentials more.. include Ninja Firewall.. now its silent.. but i can see they try many ways to get in.. i has scanned for a while the whole traffic.. its crazy..

    Thx again for Help and all the Best ! Bruno


    Plugin Author xootix

    (@xootix)

    I am glad you are able to fix it.
    You’re welcome ??

    davidgimenez

    (@davidgimenez)

    add_action(‘init’, ‘custom_redirects’);
    function custom_redirects() { global $pagenow;
    if (‘wp-login.php’ === $pagenow) { $actions = [‘login’, ‘register’, ‘lostpassword’];
    if (!isset($_GET[‘action’]) || in_array($_GET[‘action’], $actions)) { wp_safe_redirect(home_url(‘/change/’));
    exit();
    } } }

Viewing 10 replies - 1 through 10 (of 10 total)
  • You must be logged in to reply to this topic.