• Users registering without a registration form being published


    This is not always due to a hack, mostly, it is a site administrators failure.

    I have had a spate of new Users appearing in my User Manager.
    I am the only authorised user on my sites (Super User) - so how do these idiot spammers get in; and how to block them in future?

     I've received email messages from my website,  telling me that a new user has registered.

    1. There is no user registration form on the website
    2. These appear to be hacks

    The symptom checklist is as follows:

  • The Perils of the Default Settings


    Recently an issue was reported to the Vulnerable Extensions List team, which affected the blogging platform for Joomla, Easy Blog. After some thought we decided that it did not fall within the normal definition of a security issue that would merit listing on the VEL. It was reported to us by a site owner whose site had been hit by an unusually sophisticated spam attack: the spammer was taking advantage of Easyblog and Joomla default settings, the result was that they were able to set themselves up multiple accounts as bloggers and create blog posts containing spammy links. In this case these links ended up getting indexed by Google, even though they would not show up to a normal visitor to the site.