Announcement

Collapse
No announcement yet.

Dual Registrations

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • [Forum] Dual Registrations

    I currently have an instances where one new member (spammer from China) has been able to register his username twice within 1 minute. He then proceeded to do 3 spam posts and then went on to changed his email address in second registration.

    First registration was deleted as spam and reported to Stop Forum Spam after he had posted.

    The second registration was then banned by moderator.... However it did not show as banned in his profile, but did in Banned Users list, whilst the first registration does not show up in the Banned Users list at all.

    I have tried to register 2 usernames the same and it won't allow it. Have tied a dozen different ways to do what this user has done and can't duplicate it.

    Is this a bug or known fault? If so is anything being done about it? If not can something be done about it?

    Like many forums we have been under span attack since late December 2010 we have only just upgraded to 4.1.2 after waiting for a really stable platform and being a bit hesitant to bite the bullet. As part of the fight against spam We have installed GlowHost - Spam-O-Matic. However there doesn't appear to be any conflict with this hack and vB4.

    Forum in question is Renovate Forum
    Any and all help or information regarding this problem would be appreciated.

    Cheers - Neil
    Last edited by ubeaut; Sat 9 Apr '11, 4:34pm.
    Woodworking Australia's
    Woodwork Forums
    Metalwork Forums
    Photo Forums

  • #2
    Doesn't anyone have any ideas about this possible security problem?
    Woodworking Australia's
    Woodwork Forums
    Metalwork Forums
    Photo Forums

    Comment


    • #3
      Today will mark 3 days and still no reply. Surely one of the developers must want to respond especially if this does turn out to be a security problem and something a little more than coincidence.
      Woodworking Australia's
      Woodwork Forums
      Metalwork Forums
      Photo Forums

      Comment


      • #4
        If you need an urgent response to an issue always create a support ticket, also remember that you posted over the weekend in a community (peer to peer) based forum. The tickets are monitored much more closely.

        First, users cannot register the same username twice, unless you're database encoding allows for it. The user tables default character encoding should be something_something_ci (case INsensitive) which means Chuck, CHuck, ChuCK are all the same. If it is set to something_something_bin or something_something_cs, it means that Chuck, CHuck, CHUCk, CHUCK, cHuck, etc are all DIFFERENT usernames, which vBulletin doesn't ever except to happen, and I'm not sure personally of any sane ways to make sure it doesn't happen. Since as far as mysql is concerned C and c are different since we're storing the binary or case sensitive versions of the characters.

        If your database is set to _bin or _cs change to to the same format of _ci and your users shouldn't normally be able to register multiple usernames again. Also make sure you're running the most up to date version of vBulletin for security and preformance reasons.

        Comment


        • #5
          Thank you Zachery - I'll have the guru check it out for me and see if the problem lies within your response.

          Much appreciated.

          Cheers - Neil
          Woodworking Australia's
          Woodwork Forums
          Metalwork Forums
          Photo Forums

          Comment


          • #6
            First, users cannot register the same username twice, unless you're database encoding allows for it. The user tables default character encoding should be something_something_ci (case INsensitive) which means Chuck, CHuck, ChuCK are all the same. If it is set to something_something_bin or something_something_cs, it means that Chuck, CHuck, CHUCk, CHUCK, cHuck, etc are all DIFFERENT usernames, which vBulletin doesn't ever except to happen, and I'm not sure personally of any sane ways to make sure it doesn't happen. Since as far as mysql is concerned C and c are different since we're storing the binary or case sensitive versions of the characters.

            If your database is set to _bin or _cs change to to the same format of _ci and your users shouldn't normally be able to register multiple usernames again. Also make sure you're running the most up to date version of vBulletin for security and preformance reasons.
            Everything was set as per the above, so that wasn't the problem.

            Anyone with other suggestions?

            Cheers - Neil

            PS we are now running v4.1.3 which has thrown up more problems than before, but that's nothing to do with this one.
            Woodworking Australia's
            Woodwork Forums
            Metalwork Forums
            Photo Forums

            Comment


            • #7
              I had the same problem, try this.

              Admin CP -> Settings -> Options -> User Registration Options -> Username Regular Expression -> ^[a-zA-Z0-9]+$

              Comment

              widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
              Working...
              X