Issue with hacker

Are you using an sort of captcha? you can add googles recaptcha which works well.

You can also use hidden inputs and check those to see if modified. I have added three hidden inputs on some of my forms. One empty value, one set to 1 and one set to a string. if any  value is altered, the form does not get processed.

Hi Nmsinc,

If you need them there are recipes on implementing Google recaptcha in the CMSBCookbook.

Stay safe,

Jerry Kornbluth

Create a honey pot for those pest to taste. Add the code below "before" your mysql insert into table lines of code on the page that your sign up form exist. You can spin off additional honey pots or various types for almost any type of pest control.

//Pest Control
$pest = $_POST['your_accesscode'];
  if($pest) {
  //#kill pest
  $url='https://www.usa.gov/stop-scams-frauds';
  header ("Location: ".$url);
  exit();
  } else {
    // Process form like normal
  }

Then add a hidden input to your sing up form.

<div class="accesscode"><input type="text" name="your_accesscode" class="accesscode" placeholder="Access Code"></div>

Then a little CSS to make the input field hidden.

.accesscode {
    display: none !important;
    }

Hope you find this helpful.

Zicky

Hey nmsinc,

There are some great suggestions in this thread about how to detect and suppress malicious users from signing up to the site. But I'm wondering why the user account num is being set to 8,9,10 or 11. Could you give me more details on what method users are using to subscribe, is this using the default Website Membership user-signup.php page?

Thanks,

Hi Greg,

Yes, i'm using the membership plugin!

Hey nmsinc,

If you're interested, I can review the sites sign up page to see if I can find why those num values are being reused. If you send an email to support@interactivetools.com with a link to the sites login page along with FTP details, I can take a closer look.

Cheers,

Greg