We launched new forums in March 2019—join us there. In a hurry for help with your website? Get Help Now!
MODX Community Forums Archive

Answered Getting lots of fake registrations using the Login.Register extra

    • 53432
    • 46 Posts
    zenpixel Reply #1, 5 years, 3 months ago
    Hello! Every day, our site gets 20-30 fake/spam user registrations. I have put a reCaptcha on the user registration form. I have put a honeypot field on that form as well. These measures had zero effect.

    I then put a postHook on the registration snippet which logs all submissions to the Modx error log. To my surprise, the only things logged are the legitimate registrations. The fake/spam registrations do not get logged. How are they bypassing my registration form?

    The spam users usually have a matching "name" and "fullname". Also, their email often ends in “.ru” or contains “yandex”

    I’m running Modx 2.7.0.

    Has anyone else seen this kind of thing? How are they doing this and how can I stop it?

    This question has been answered by markh. See the first response.

    • discuss.answer
      Mark Hamstra Reply #2, 5 years, 3 months ago
      I then put a postHook on the registration snippet which logs all submissions to the Modx error log. To my surprise, the only things logged are the legitimate registrations. The fake/spam registrations do not get logged. How are they bypassing my registration form?

      Any chance there's another leftover signup from elsewhere on your site that spammers are using to signup instead of the nicely protected/logged one you have been focused on? Perhaps match when the spam signups happen with your access log to track down the source.
        Mark Hamstra • Developer spending his days working on Premium Extras and a MODX Site Dashboard with the ability to remotely upgrade MODX and extras to make the MODX world a little better.

        Tweet me @mark_hamstra, check my infrequent blog at markhamstra.com, my slightly more frequent ramblings at MODX.today or see code at Github.
        • 53432
        • 46 Posts
        zenpixel Reply #3, 5 years, 2 months ago
        Thanks, Mark! That was it. I dumped the DB to SQL and searched it, since this site has over 10,000 resources. I then found a very old instance of the Register snippet which apparently had been sitting on a seldom-updated interior page for quite some time. Can’t believe it was that simple! Thanks for the advice.