| Author |
Message |
izone
Involved
Joined: Sep 07, 2004
Posts: 354
Location: Sweden
|
 Posted:
Mon Dec 11, 2006 1:06 pm |
|
Hi,
In few of our friends sites a user by name 4xman has registered as new user and not only once but 135 times or more!!! same username and same email (4xman@yahoo.com).
Nuke Sentinel is running and activation code is on. Using CNBYA 4.4.0
How can we stop him?
Best regards. |
| |
|
|
|
evaders99
Former Moderator in Good Standing
Joined: Apr 30, 2004
Posts: 3221
|
| Posted:
Mon Dec 11, 2006 1:50 pm |
|
Sentinel could probably block him using the String Blocker. I have no idea what features are in CNBYA to do that |
_________________
- Only registered users can see links on this board! Get registered or login! -
Need help? Only registered users can see links on this board! Get registered or login! |
|
|
|
izone
|
| Posted:
Mon Dec 11, 2006 2:36 pm |
|
evaders99, thanks.
String Blocker is On but String List is empty!
To block him what shall I put in the list? |
| |
|
|
|
|
evaders99
|
| Posted:
Mon Dec 11, 2006 4:49 pm |
|
well you could put his username, email, or both |
| |
|
|
|
|
kguske
Site Admin
Joined: Jun 04, 2004
Posts: 6437
|
| Posted:
Mon Dec 11, 2006 5:19 pm |
|
Were none of these users confirmed? It's surprising that 4.4.0 does not check the pending users for duplicates. |
_________________
I search, therefore I exist...
Only registered users can see links on this board! Get registered or login! |
|
|
|
|
hitwalker
Sells PC To Pay For Divorce
Joined:
Posts: 5661
|
| Posted:
Mon Dec 11, 2006 7:14 pm |
|
your correct kguske, pending users with same name and email cant be used twice... |
| |
|
|
|
|
kguske
|
| Posted:
Mon Dec 11, 2006 7:59 pm |
|
That's the question - how did this bypass that validation? |
| |
|
|
|
|
hitwalker
|
| Posted:
Tue Dec 12, 2006 1:06 am |
|
well i just installed it to be sure and its impossible..
or he's not looking right,or mistaken...etc..
as soon as i try to duplicate anything it stops me.
and is a bit weird huh..,whats the use (even if it is possible) to bypass any cause you still have to be approved. |
| |
|
|
|
|
izone
|
| Posted:
Tue Dec 12, 2006 3:29 am |
|
evaders99, Thank you.
kguske, hitwalker, Yes and no 
When you want to add two or more users with either same username or email or both you get error message that it is not possilble, thats what I told to these guys when they asked for help! But yesterday I run a search in phpmyadmin after this username and email and it was 135 of them in user table. I don't know how he doese it or if there is a bug in cnbya.
I think there's some other guys that hasn't deleted him from the db yet, if you want to look at the db just let me know. You have just to pay $9,99 to see must amazing thing in nuke's user table 
Unfortunatly and because of many confirmations emails goes to bulk, admins has turned off approval in cnbya. |
| |
|
|
|
|
hitwalker
|
| Posted:
Tue Dec 12, 2006 4:32 am |
|
| Quote: | | You have just to pay $9,99 |
huh?..explain.. |
| |
|
|
|
|
izone
|
| Posted:
Tue Dec 12, 2006 4:40 am |
|
just kidding hitwalker,
if I bill you 9,99 for only seeing a db then I think evaders99, must bill me 99,99 for giving me that help above  
I'm going to put his name and email on the string list in Sentinel and see if he can make another mass registration. I'm still waiting for cnbya 5 but I think I'm not only one that has to wait looooong time for it.
cheers |
| |
|
|
|
|
hitwalker
|
| Posted:
Tue Dec 12, 2006 4:45 am |
|
well im not convinced this has happend with cnbya,absolutely not..
there's also no attacks ,hacks known that this is possible..
as for the new cnbya version.....
you could have downloaded it as the link was in the cnbya forum....
 |
| |
|
|
|
|
kguske
|
| Posted:
Tue Dec 12, 2006 5:20 am |
|
My concern is that maybe he is using some sort of automated script that bypasses the check for duplicates. Have you looked at your access log? That might provide some insight. |
| |
|
|
|
|
izone
|
| Posted:
Tue Dec 12, 2006 6:19 am |
|
kguske, You are right, he has used automated script because he couldn't register 100's of users in few sites at the same time.
No I haven't yet. What shall I search for in the access log?
| Quote: |
as for the new cnbya version.....
you could have downloaded it as the link was in the cnbya forum....
|
was in the cnbya? it isn't now? |
| |
|
|
|
|
hitwalker
|
| Posted:
Tue Dec 12, 2006 6:24 am |
|
well my advice is simple....never set things to automated or auto-approve,best thing is to activate every account only when approved.
as for the link,if its gone then its gone... 
but im sure it will popup again,maybe even on my site just ti increase the tatal betatesters.... |
| |
|
|
|
|
evaders99
|
| Posted:
Tue Dec 12, 2006 8:18 am |
|
Do you have access logs to determine what was send to the server? That could help figure out what happened |
| |
|
|
|
|
kguske
|
| Posted:
Tue Dec 12, 2006 12:11 pm |
|
In the access log, search for the user name. |
| |
|
|
|
|
guidyy
Worker
Joined: Nov 22, 2004
Posts: 208
Location: Italy
|
| Posted:
Tue Dec 12, 2006 1:34 pm |
|
Just wondering: What's the purpose of registering same nick 135 times? |
| |
|
 |
|
kguske
|
| Posted:
Tue Dec 12, 2006 2:11 pm |
|
Good question - it wouldn't get into the real users table anyway. |
| |
|
|
|
|
Guardian2003
Site Admin
Joined: Aug 28, 2003
Posts: 6799
Location: Ha Noi, Viet Nam
|
| Posted:
Tue Dec 12, 2006 4:57 pm |
|
He/She was probably just attempting to auto register an account, hence the 100+ attempts. |
| |
|
|
|
kguske
|
| Posted:
Tue Dec 12, 2006 10:52 pm |
|
Could be, but why not test on your own site? Yes, I know - we've been down that road before... |
| |
|
|
|
|
|
|
![[Valid RSS]](https://www.ravenphpscripts.com/images/valid-rss.png "Validate my RSS feed"){kind=small}
