Hello. I'm not new at this, the captcha is used. Further, using forms isn't possible as security will block that.

Hi,

There are a few things that you can try here.

1. Adding captcha field to the quick registration form.
2. Switch the quick registration to full registration form.

Im not using the quick registration for !
Im using the full registration form

Hi,

I see. In that case adding captcha field is the way to go then.

Sorry, but maybe you missed my previous reply......im using captcha.

Hi,

Yes I noted that. Unfortunately that is the only way to go.

I doubt that. Obviously something isn't secure in the registration forms as most fields are required. Bypassing that shouldn't be possible.

Hi,

I am not sure what do you refer to as "insecure" because forms are just forms. Does any of the required field gets bypassed? If so please do point out which field you are referring to because we don't have much information here to go from.

@babylon, I suggest attempting to register to your site without filling out the required info. Ignore the validator if it highlights and see if you can proceed. If you can't get past it on your end, then something is being bypassed.

@babylon

It is a general problem, not really a Stackideas problem, the free Spambotcheck component will stop almost all fake registrations.

You can see my more detailed suggestion in this thread

Seems like a cool plugin. How do they manage to bypass the validators?

@Richard, thanks for sharing.

Well, i did registered myself and the first they skip is the avatar, then favorite drink, food, birthdate, something about yourself...
So none of that is given during registration, but is required..

Are you saying that it's required and your still able to register without filling in that info? Just trying to understand what you mean.

Well i do apologize, as i now did checked my registration form in full, it didnt showed the captcha. Now it does.
But shouldnt there be a setting where i can set how many digits people have to type as security code?
Now it shows just 4.

Is it possible they are fake registering using Facebook Authentication? With FB doesn't it bypass all of ES registration? The same goes for JFBConnect.

James

I dont know James, all fakers have listed email addresses known for spam, so its unlikely they use my facebook connect.

@Babylon, in that case then please provide me your site's access so that I can check on the field configuration to see why are the fields being by passed.

Also, please take note that you have to specifically set the field as required in backend -> EasySocial -> Profile Types -> Custom Fields.

Well, access isnt posible at this moment, nor required i think ...all required fields are set in the configuration per field.So that part is ok..
To bad the registration doesnt show the ip used when registering...that could help to see if the fakers do visit the site or not.

IP logging is on my wish list for ES some day. The stacked team is getting quite busy which is why I'm holding back. The maintenance releases have been going quite well, certainly holding me over for ES 1.4.

Hi,

I tested all the fields with "required" set to on and nothing is bypassable.

Without access to your site, I cannot provide you with a concrete answer/solution to your situation.

All of you are probably looking into wrong place.
The very common mistake people often do is to install multiple components that have their own registration flows and then blame one they use most.

Even Joomla have its own registration flow, and you need to secure all of those first and make sure people can use nothing but ES to register on your site.

That's not the case in my situation. I tried to reach my site going to default registration url but It goes to ES.
But all is set properly so see how it goes.

Hi,

Do let me know how it goes.

Well, i had a legitimate registration from someone i know. But when logged in as admin and viewing her profile some fields are empty and thats not possible ! You cannot register without the info required.....

So i counted 5 fields that are empty but should show info...
So how the is that possible?

Check and see if it was a Facebook registration

jeez...never thought of that..., that *****.(was indeed F)..would be nice if ES syncs the field...so whatever is missing the user has to add...

Ok, its clear that its done on remote. i just received a registration coming from china. according to my jrealtimeanalytics the user was 0 seconds online. so that means by remote. none of the required fields were used.....so meaning empty..

Hi,

You can force Facebook registration to go through Full Registration by setting it in backend -> Profile Types. That way user who registers through Facebook will be bounded by the required fields.

bounded by the required fields? How you figure that?
My previous registered member did it through facebook leaving my required fields empty....

And i dont see the >> Full Registration by setting it in backend -> Profile Types.
I dont see a setting that forces anyone to register with facebook.....but if thats a good idea...

Or is something like JFBConnect a good idea?
Now, as far as i can tell....the registration of easysocial is open wide to spammers looking to push fake accounts..

Hi,

Go to backend -> EasySocial -> Settings -> Facebook and set the Registration Type to normal.