We had well over 100,000 spam user registrations on our server. One site alone had over 47,000 spam registrations. Here's the steps we've taken to prevent new registrations BUT they are still trying to login and also create other issues that has our server resources MAXED out.
Steps we did on ALL dnn sites on our server.
1. Set user registration to "None" in Admin-Site Settings-User Accounts
2. Set all user profile pages permissions to "Admin" only in view page permission settings.
3. Hard deleted all users
4. Cleared Admin-Event Viewer (some sites this log file was over 3gb).
While this has prevented them from making new registrations and also has blocked profile pages so the spam links in the profiles can't be visible, our server is consistently maxed out. We're running twice the ram as most servers, and the total sites on the server should only use about 45% of it's resources, however since the spam registration stuff has begun in the past 2 months or so, our server resources stay maxed at 95-100%, which makes it SUPER slow, especially when trying to work on a site. Just logging into a website can sometimes take over 2 minutes.
When I go to one of the sites that had a ton of spam registrations, then go to Admin -> Event Viewer, I see page after page of login attemps and other errors. Because I deleted all users, they can't login, but their bots keep trying. So, I clear the event viewer. Wait only 5 seconds, refresh the event viewer page, and within those 5 seconds there's 6 pages of even issues.
Half of these events are login failures, I've tried to block the login ip addresses through Host-Settings, but they're logging in from everywhere, USA, NY, France , Phillipines, etc, etc.
There other half of the events are "General Exceptions" which I don't fully understand. What concerns me is the statement of "Module Injection."
I have copied below this General Exception. Does ANYONE PLEASE have any idea how to fix, or help on this. I've been awake for almost 5 days battling this, and it's ONLY on my DNN sites. Some are running DNN6 and some DNN7. I'm about to lose some hosting clients due to long loading times. PLEASE anyone have any ideas.
Besides the attempted logins into accounts I've deleted, here's the other event that keeps being shown, at least 3 times EVERY SECOND.
AssemblyVersion:7.3.1
PortalID:0
PortalName:Honolulu & Oahu Cleaning by Distinctive Homes Hawaii Cleaning Services
UserID:-1
UserName:
ActiveTabID:56
ActiveTabName:Home
RawURL:/?ctl=register
AbsoluteURL:/default.aspx
AbsoluteURLReferrer:http://www.dhhics.com/
UserAgent:Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1500.72 Safari/537.36
DefaultDataProvider:DotNetNuke.Data.SqlDataProvider, DotNetNuke
ExceptionGUID:93e0b670-dae8-46f8-aed9-657ce8f51f92
InnerException:Unhandled Error Adding Module to ContentPane
FileName:
FileLineNumber:0
FileColumnNumber:0
Method:System.Threading.Thread.AbortInternal
StackTrace:
Message:
DotNetNuke.Services.Exceptions.ModuleLoadException: Unhandled Error Adding Module to ContentPane ---> System.Threading.ThreadAbortException: Thread was being aborted.
at System.Threading.Thread.AbortInternal()
at System.Threading.Thread.Abort(Object stateInfo)
at System.Web.HttpResponse.AbortCurrentThread()
at DotNetNuke.Modules.Admin.Users.Register.OnInit(EventArgs e)
at System.Web.UI.Control.InitRecursive(Control namingContainer)
at System.Web.UI.Control.InitRecursive(Control namingContainer)
at System.Web.UI.Control.AddedControl(Control control, Int32 index)
at System.Web.UI.Control.EnsureChildControls()
at DotNetNuke.UI.Containers.Container.get_ModuleControl()
at DotNetNuke.UI.Containers.Container.ProcessModule()
at DotNetNuke.UI.Skins.Pane.InjectModule(ModuleInfo module)
--- End of inner exception stack trace ---
at DotNetNuke.UI.Skins.Pane.InjectModule(ModuleInfo module)
at DotNetNuke.UI.Skins.Skin.InjectModule(Pane pane, ModuleInfo module)
Source:
Server Name: onewave