Print Page | Close Window

registration exploit??

Printed From: Web Wiz Forums
Category: Web Wiz Web App Support Forums
Forum Name: Web Wiz Forums
Forum Description: Support forum for Web Wiz Forums application.
URL: https://forums.webwiz.net/forum_posts.asp?TID=29681
Printed Date: 01 April 2026 at 4:28am
Software Version: Web Wiz Forums 12.08 - https://www.webwizforums.com


Topic: registration exploit??
Posted By: redhawk
Subject: registration exploit??
Date Posted: 23 August 2011 at 10:43am
I moderate on a forum running webwiz software version 9.70
These past days it has been under attack by someone or group of hackers who have been registering accounts approximately 1500 per day.
IP addresses seem to be totally random which would indicate a bot-net attack or x-host exploit making IP banning in effective.
While some accounts are registered with hotmail.com they've found a way to register accounts without any email address.
I'm also guessing that they've bypassed the Captcha Phrase screen considering the speed of account registrations
Furthermore these email-less account are also capable of logging on to the forum thus making their presence known to the active list.
Fortunately they're not activated accounts however it does beg the question how they managed to register in the first place.

Is there some known exploit in version 9.70 that allow this kind of activity??

Will a forum update prevent such attacks??

Is it possible to set a limit on the amount of accounts created in a given time period??

Richard S.


Replies:
Posted By: WebWiz-Bruce
Date Posted: 23 August 2011 at 11:24am
There are no known exploits to get around the CAPTCHA and I can not see how this would be possible to get around.

I suspect that these people are doing this in a different way, possibly through a modification to your forum, or another application on your website that uses the same database, but with out forensically examining your sites log files and website files as well as server security it would be imposable to tell how they would have done this.

In the meantime you can do things in the admin area like ban hotmail.com email address, enable email activation, disable new registrations, enable admin activation of new accounts, as well as other techniques to stop them.

You should also check your websites log files and see where they start on your website, you may find that they are coming in through a back door through a modification or another file on your website.


-------------
https://www.webwiz.net/web-wiz-forums/forum-hosting.htm" rel="nofollow - Web Wiz Forums Hosting
https://www.webwiz.net/web-hosting/windows-web-hosting.htm" rel="nofollow - ASP.NET Web Hosting


Print Page | Close Window

Forum Software by Web Wiz Forums® version 12.08 - https://www.webwizforums.com
Copyright ©2001-2026 Web Wiz Ltd. - https://www.webwiz.net