CiviCRM Community Forums (archive)

*

News:

Have a question about CiviCRM?
Get it answered quickly at the new
CiviCRM Stack Exchange Q+A site
This forum was archived on 25 November 2017. Learn more.
How to get involved.
What to do if you think you've found a bug.



  • CiviCRM Community Forums (archive) »
  • Old sections (read-only, deprecated) »
  • Support »
  • Using CiviCRM »
  • Post-installation Setup and Configuration (Moderator: Dave Greenberg) »
  • possible hacking via username requests
Pages: [1]

Author Topic: possible hacking via username requests  (Read 817 times)

ldgpangeo

  • I post occasionally
  • **
  • Posts: 38
  • Karma: 0
  • CiviCRM version: 4.2.6
  • CMS version: drupal-7.17
  • MySQL version: 5.5.23
  • PHP version: 5.3.13
possible hacking via username requests
June 17, 2013, 07:56:37 am
We are encountering a large number of username requests that are clearly bogus.   

They take the form of a request for a login to drupal/civicrm where
the username is some random string  (e.g. kuhdesgv)
The name is malformed (e.g.:   "Velvet Cancino Waldo Bartlet ")
Address is clearly outside of our service area (e.g.   Virgin Islands, North Dakota, ...)

They don't get in because the accounts are blocked by default and I never enable them.   However, it's a nuisance since Civicrm automatically adds them to the contacts, creating a pollution that has be deleted. 

Longer term, I've disabled via Drupal the ability to request a login.  It's annoying that our legitimate users can not employ the "request a login" form any more.

My question:   Does anyone know what is really going on here?  Are they looking for some exploit? 

Hershel

  • Forum Godess / God
  • I’m (like) Lobo ;)
  • *****
  • Posts: 4640
  • Karma: 176
    • CiviHosting
  • CiviCRM version: Latest
  • CMS version: Mostly WordPress and Drupal
Re: possible hacking via username requests
June 17, 2013, 08:41:10 am
Yes, they are trying to make user accounts in order to post spam via robots.

Add a Captcha tool to avoid this.
CiviHosting and CiviOnline -- The CiviCRM hosting experts, since 2007

See here for the official: What to do if you think you've found a bug.
Pages: [1]
  • CiviCRM Community Forums (archive) »
  • Old sections (read-only, deprecated) »
  • Support »
  • Using CiviCRM »
  • Post-installation Setup and Configuration (Moderator: Dave Greenberg) »
  • possible hacking via username requests

This forum was archived on 2017-11-26.