Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Send spam through user registration #19438

Closed
yoerin opened this issue Jan 23, 2018 · 13 comments
Closed

Send spam through user registration #19438

yoerin opened this issue Jan 23, 2018 · 13 comments
Labels
No Code Attached Yet

Comments

@yoerin
Copy link

yoerin commented Jan 23, 2018
edited by joomla-cms-bot

Steps to reproduce the issue

Set user activation to 'Admin' and allow user registration.

Submit the registration form where the name of the user is spam text and enter an email to spam (use a test email for this ofcourse)

Expected result

No email send to the user

Actual result

The email that is used to register an account receives an email and because the name of the user contains spam text this text is placed in the email.

Additional comments

Ad an option to turn off all emails after registration or putt a variable limitation on the username
@joomla-cms-bot joomla-cms-bot changed the title Send spam through user registration Send spam through user registration Jan 23, 2018
@Fedik
Copy link
Member

Fedik commented Jan 23, 2018

just enable Captcha for registration:
screen 2018-01-23 15 25 47 494x270

@brianteeman
Copy link
Contributor

the username field is only 30 characters of text - not very useful for sending spam

@Quy
Copy link
Contributor

Quy commented Feb 1, 2018

While the username field has a size attribute of 30, it can be up to 150 characters long.

@brianteeman
Copy link
Contributor

@Quy the database table allows it to be 150 but the "spammer" can still only submit 30 characters

@Quy
Copy link
Contributor

Quy commented Feb 2, 2018

More than 150 characters can be entered but it will be truncated at 150. I created a 150 characters username.

@brianteeman
Copy link
Contributor

I only tested in the admin where you can only submit 30

@Quy
Copy link
Contributor

Quy commented Feb 2, 2018

Ok then the issue is the front end registration allowing up to 150 characters.

@brianteeman
Copy link
Contributor

So that's a bug and will cause issues if a long username is created on the fronted and then edited in the admin. I will take a look at fixing that

@brianteeman
Copy link
Contributor

Sorry my mistake you can enter 150 characters in both admin and frontend - I must have had a different error before that was unrelated

@sandewt
Copy link
Contributor

sandewt commented Feb 2, 2018
edited

The Name is up to 400 characters long. Could also be shorter.

Moreover, it can break the layout of the site (backend + frontend) .

See the image.

screen shot 2018-02-02 at 17 44 10

This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/19438.

@Quy
Copy link
Contributor

Quy commented Feb 11, 2018

Related #14275

This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/19438.

@joomla-cms-bot
Copy link

Set to "closed" on behalf of @Quy by The JTracker Application at issues.joomla.org/joomla-cms/19438

@Quy
Copy link
Contributor

Quy commented Feb 28, 2018

Lets discuss in #14275 as it relates to more control over username/email which would address spam abuse as mentioned in this issue.

This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/19438.

@sandewt sandewt mentioned this issue Apr 11, 2018
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
No Code Attached Yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@Quy @brianteeman @Fedik @yoerin @sandewt @joomla-cms-bot