People Randomly Joining Forum

spitfire80 · June 27, 2018, 01:53:21 PM

Hello, all.

If this topic/question has been asked and addressed in another thread, Im happy to read those replies too, but didnt locate anything specific to the issue I want to ask about.

Im an admin of a forum, using SMF 2.0.15. Almost immediately after the creation of our forum, back in 2009, the owners/admins disabled the option for new members to join, because of the number of spambots that were joining.

So in early 2010, a system was set up whereby a potential new member had/has to send an email to a specified address set up for forum registrations only. That new member lets (me) know the user name they want. I then will go onto the Registration area of our forum and create an account, with that persons User ID and email address. They then log in and complete the process with selecting a new password, if wanted, etc.

Based on that, my question is this: lately we have had a number of people who have suddenly appeared as members, with a user ID and account, even though I never set these up.

How are these people able to register? I actually deleted one of these accounts, and about a day later, that same user was again showing as a member, with the same user ID and account set up.

Is there a way to prevent or block these folks? But more importantly, how are people able to breach the proper method of becoming a member? Is there a security issue ? Or what can i do?

Thanks much guys.

Illori · June 27, 2018, 01:56:04 PM

do you have tapatalk installed?

Aleksi "Lex" Kilpinen · June 27, 2018, 01:56:34 PM

A couple of questions:
What version are you on?
What mods do you have installed?
Have you tested and made sure your registration is disabled?
Anything else out of the ordinary that you've noticed?

spitfire80 · June 27, 2018, 02:12:11 PM

Yes, Tapatalk is installed.

As I mentioned in my first post, we are using SMF v 2.0.15

No added mods are installed.

Registration has been disabled. (I just checked again to verify that this setting is still selected).

As a matter of fact, I also have the box checked in the Registration area that Admins are to be notified when a new member joins (who has been registered the proper way). These 2 people who have joined, also did not trigger that email to be sent out.

And no, nothing else i out of the ordinary, as far as forum operations, etc.

I guess what Im asking is.. is there some "backdoor method" that these 2 people have used to gain access and create an account?

Illori · June 27, 2018, 02:13:33 PM

tapatalk can override having registration disabled. i am not sure if you can disable it in the settings for that or not. if you cant then your only option would be to uninstall it.

spitfire80 · June 27, 2018, 02:14:19 PM

Tho I did just check the Tapatalk settings, and the box that allows automatic approval for users registered with Tapatalk is checked.

Could this be the issue?

And would unchecking that box solve the problem, possibly?

spitfire80 · June 27, 2018, 02:16:14 PM

Quote from: Illori on June 27, 2018, 02:13:33 PM
tapatalk can override having registration disabled. i am not sure if you can disable it in the settings for that or not. if you cant then your only option would be to uninstall it.

I have the ability to uncheck that box in the Tapatalk setings.

Im going to do that, and also delete those 2 users and see what happens.

Thanks for pointing me in a direction that looks like what could be the culprit. I'll keep you all posted!

Aleksi "Lex" Kilpinen · June 27, 2018, 02:17:43 PM

Quote from: spitfire80 on June 27, 2018, 02:14:19 PM
Tho I did just check the Tapatalk settings, and the box that allows automatic approval for users registered with Tapatalk is checked.

Could this be the issue?

And would unchecking that box solve the problem, possibly?

Yes and Yes - Though be aware that the registration settings are known to be "broken" in many versions of Tapatalk, so that you can't actually control them. So make sure they stick.

To quote myself from earlier today:

Quote from: Aleksi "Lex" Kilpinen on June 26, 2018, 11:54:01 PM
I forgot about Tapatalk ages ago, when I realized it actually replaced parts of the stock source code completely with it's own files to work around intentional limitations in SMF. That was all I needed to know. I don't know if it still works like that, but I wouldn't trust Tapatalk with access to my coffee, let alone my server...

And sorry, I missed the version number in the first post. My bad.

spitfire80 · June 27, 2018, 02:22:32 PM

Thanks again.

One last question...

Since these 2 are registered Tapatalk users, then, really, they did nothing wrong. They were simply able to register by clicking on the Registration page, because that automatic approval for Tapatalk users was selected.

All of our other members were "signed up" manually, so I guess never opted to try the automatic registration, since we had created a board/thread indicating how Guests had to join, by sending a Request email.

We'll see what happens.

Thanks, guys!

Aleksi "Lex" Kilpinen · June 27, 2018, 02:28:36 PM

Quote from: spitfire80 on June 27, 2018, 02:22:32 PM
Since these 2 are registered Tapatalk users, then, really, they did nothing wrong. They were simply able to register by clicking on the Registration page, because that automatic approval for Tapatalk users was selected.

All of our other members were "signed up" manually, so I guess never opted to try the automatic registration, since we had created a board/thread indicating how Guests had to join, by sending a Request email.

This would be a possible scenario - Though, you've been lucky then to not see more Tapatalk registrations.

You're welcome, and let us know if there's something more you need assistance with

Steve · June 27, 2018, 02:34:20 PM

And when you're satisfied that the issue is resolved, please click the green 'MARK TOPIC SOLVED' button.

spitfire80 · June 27, 2018, 02:58:15 PM

As soon as I have verification of this, I'll be sure to mark it, Steve.

Steve · June 27, 2018, 03:07:27 PM

Appreciate that. Helps us tremendously.

Shambles · June 27, 2018, 03:43:26 PM

Yes, the Tapatalk default setting, that permits registered Tapatalk IDs to bypass your registration system, is most likely the culprit.

Beware, though, that subsequent updates to your Tapatalk forum plugin overwrite your change to that field - ie, it will revert to "checked" (allowing Tapatalk IDs into your system unverified again).

landyvlad · June 27, 2018, 08:22:20 PM

Spitfire for more on Tapatalk issues - have a look at these posts in one of my recent threads:

https://www.simplemachines.org/community/index.php?topic=560938.msg3977615#msg3977615

I'm about to remove tapatalk from mine too.

Aleksi "Lex" Kilpinen · July 14, 2018, 04:39:51 AM

Quote from: spitfire80 on June 27, 2018, 02:58:15 PM
As soon as I have verification of this, I'll be sure to mark it, Steve.

Any updates yet?

News:

People Randomly Joining Forum