No New Members

willie2 · January 07, 2016, 05:14:32 PM

It appears we have been hacked. All appears well now, but where we always have new registrations, we have had none for two months. Something is wrong. Any ideas where to look for hacks?

br360 · January 07, 2016, 05:23:13 PM

Have you tried registering for an account yourself and see what happens?

Kindred · January 07, 2016, 09:55:39 PM

What is your forum URL?

willie2 · January 08, 2016, 03:22:02 PM

I can register, I receive a notice that admin has to approve, which is correct. I generally wait for email notification of new members and another admin checks out the registration. I find that we do have a list waiting for approval. So, they are getting through, but I am not getting email notification. Where is this handled in software?

Kindred · January 08, 2016, 03:43:45 PM

Quote from: Kindred on January 07, 2016, 09:55:39 PM
What is your forum URL?

willie2 · January 10, 2016, 08:44:24 PM

The awaiting approval page has disappeared. And I have new registrations.

Kindred · January 10, 2016, 08:56:26 PM

Quote from: Kindred on January 08, 2016, 03:43:45 PM
Quote from: Kindred on January 07, 2016, 09:55:39 PM
What is your forum URL?

willie2 · January 10, 2016, 11:25:55 PM

I am a little sensitive since being hacked takes a lot of work to undo. I don't make public my url for those who are looking to hack smf sites. I appreciate SMF since moving from UBB many years ago.

All is well now except there is no email notification of new registration to admin anymore. where can I look to correct this?

nend · January 10, 2016, 11:51:07 PM

You haven't been hacked from the looks of it.

Since your getting the email that your account has to be approved by a admin means emails are going through and not being placed in your bulk mail.

I don't know if this controls new member notifications but in the registration settings in the admin panel make sure the notify administrator when member joins is active. Also check scheduled task, I believe there is a approval notification task in there. Make sure these are enabled and test again.

willie2 · January 11, 2016, 03:42:08 AM

Thanks nend. Appreciate the help. Yes, in registration there are switches for notification to admin. it is checked and not working.
send welcome is checked and is working.
But, no box for sending pw on approval by admin. And the box when admin does a registration, the box to send pw is grayed out and can't be checked.

I am requiring admin approval. Users are not getting their approval notice with pw.

Notify administrators when a new member joins
Send welcome email to new members

Can someone tell me where to find the code to fix this?

Kindred · January 11, 2016, 07:16:45 AM

well, first and foremost -- there are no known security issues with SMF - as long as you keep up to date with your versions. Additionally, hackers don't bother to look at links on this site to find sites -- they just randomly hit every site they can find with every hack that they know -- well, script-kiddies - who make up 90% of the "hackers" do that. The other 10% are targetted hackers who still don't use this site to find SMF URLs -- they are targeting a specific site or set of sites based on some specific action.

So, not sharing your url to "avoid hackers" is actually a rather silly argument.

your issue seems to be a mail issue - not a code issue.
http://wiki.simplemachines.org/smf/E-Mails_-_Why_are_members_not_getting_emails_sent_from_the_forum

Siirist · January 11, 2016, 09:48:36 AM

Quote from: Kindred on January 11, 2016, 07:16:45 AM
well, first and foremost -- there are no known security issues with SMF - as long as you keep up to date with your versions. Additionally, hackers don't bother to look at links on this site to find sites -- they just randomly hit every site they can find with every hack that they know -- well, script-kiddies - who make up 90% of the "hackers" do that. The other 10% are targetted hackers who still don't use this site to find SMF URLs -- they are targeting a specific site or set of sites based on some specific action.

So, not sharing your url to "avoid hackers" is actually a rather silly argument.

your issue seems to be a mail issue - not a code issue.
http://wiki.simplemachines.org/smf/E-Mails_-_Why_are_members_not_getting_emails_sent_from_the_forum

*nods in agreement*
Remain open to the advice of very experienced and honored senior members. They know things.
They cannot help if you don't let them help because you are so focused on an item that may not be the issue at all
Please check out READ FIRST: How to help us help you.

EDIT: Also spotted this after posting. It may be a solution.
Aha! I found out why activation email were not sent!

Siirist

willie2 · January 11, 2016, 03:34:19 PM

Thank you all for your help. I had already seen the topic re: Yahoo. I am using my domain email.

The problem was with hosting. It was an intermittent problem. Just happened to occur when malicious code had been found on the site.

SMF great! I am a senior user.

I have had my board for 16 years, most of which has been with SMF. As for publishing my url here, I understand, but I don't have time to fix problems created by clever hackers. If one of them decides coming here makes it easy to exploit an opening before it gets closed, I don't want to be on that list. And, yes, I don't use gmail or facebook like everyone else.

Just call me silly instead of cautious.

It would be wise to provide a way to share a url so there is not a public list created. It is appreciated that some warn others not to share their admin pw here with all wanting to help. It appears that everywhere we look there are those who are not very honest. I appreciate that many here are.

Thanks again for taking time to help resolve this most pressing issue at my site.

willie2 · January 11, 2016, 08:26:02 PM

There indeed was a problem with hosting, but it did not cure all of my problems.

I have in the source directory some files named *.php~

They are a second file for a number of files. ie managemail.php and managemail.php~ and manageregistration.php manageregistration.php~

why the php~ file?

br360 · January 11, 2016, 08:34:22 PM

Each time a file is edited it will be backed up and that "~" file is the one before the edits were done.

I'd be interested to know what was edited in your managemail.php and manageregistration.php files though.

a10 · January 12, 2016, 05:26:06 AM

QuoteIt would be wise to provide a way to share a url so there is not a public list created.

Charter (support) members got help forums not publicly available.

Steve · January 12, 2016, 09:00:37 AM

You can also ask if you can PM your url to whatever team member asked for it. But make sure you ask first.

willie2 · January 12, 2016, 01:54:00 PM

Thanks for the help. I will compare the files. I have not edited them.

Can I replace those files with clean ones from the same version? I am running 2.0.11

Or do I have to do a clean install of the whole site?

willie2 · January 12, 2016, 03:08:40 PM

Here is code from manageregistration.php~ 129-152

      )
   );
   if (allowedTo('admin_forum'))
   {
      $context['admin_tabs']['tabs']['agreement'] = array(
         'title' => $txt['smf11'],
         'description' => $txt['smf12'],
         'href' => $scripturl . '?action=regcenter;sa=agreement',
         'is_selected' => $context['sub_action'] == 'agreement',
      );
      $context['admin_tabs']['tabs']['reservednames'] = array(
         'title' => $txt[341],
         'description' => $txt[699],
         'href' => $scripturl . '?action=regcenter;sa=reservednames',
         'is_selected' => $context['sub_action'] == 'reservednames',
      );
      $context['admin_tabs']['tabs']['settings'] = array(
         'title' => $txt['settings'],
         'description' => $txt['admin_settings_desc'],
         'href' => $scripturl . '?action=regcenter;sa=settings',
         'is_last' => true,
         'is_selected' => $context['sub_action'] == 'settings',
      );
   }

njtweb · January 12, 2016, 03:10:41 PM

Probably commented out or removed all SMF verbiage or links.

News:

No New Members