Response Time
24 — 48 hours
Hello,
Today i had a scary incident where someone from russia had registered on my website via easy social and was able to activate their own account. I have everything setup as secure as possible on my website so that when guests register on the website, it requires an admin approval. They cant even log in. I never would have known that this had happened, but i have my settings on the admin of the website so that when a guest registers on the website, they are required to validate their email address, an email goes to me, (the admin), informing me that they have registered and now require approval. I never got any of those emails. The only way i found out that this user had registered and gotten themselves activated was when an email had gotten delivered to me saying that they could not reach the new user email and it had bounced back to me. The only way i knew it was through easysocial (on my website) and not the joomla, is because it has a copy of the email that had failed being delivered and it had the successful activation email. I very quickly went into the admin panel and sure enough, that user had registered and logged in to the website. Obviously I deleted that user, but how in the heck could they do that with all the security settings i have enabled? My biggest concern is how can i keep this from happening again? It is absolutely critical and imperative that the security measure i have taken on my site remain in effect.
While I am on this topic, is there a way to block certain email domains from trying to register on the website, either through joomla or easy social? For example, any email domain ending in .ru or in .rr?
Today i had a scary incident where someone from russia had registered on my website via easy social and was able to activate their own account. I have everything setup as secure as possible on my website so that when guests register on the website, it requires an admin approval. They cant even log in. I never would have known that this had happened, but i have my settings on the admin of the website so that when a guest registers on the website, they are required to validate their email address, an email goes to me, (the admin), informing me that they have registered and now require approval. I never got any of those emails. The only way i found out that this user had registered and gotten themselves activated was when an email had gotten delivered to me saying that they could not reach the new user email and it had bounced back to me. The only way i knew it was through easysocial (on my website) and not the joomla, is because it has a copy of the email that had failed being delivered and it had the successful activation email. I very quickly went into the admin panel and sure enough, that user had registered and logged in to the website. Obviously I deleted that user, but how in the heck could they do that with all the security settings i have enabled? My biggest concern is how can i keep this from happening again? It is absolutely critical and imperative that the security measure i have taken on my site remain in effect.
While I am on this topic, is there a way to block certain email domains from trying to register on the website, either through joomla or easy social? For example, any email domain ending in .ru or in .rr?
5 Replies
The replies under this section are restricted to logged in users or users with an active subscription with us
