Please help me, I make two website for two client by DNN one for www.kindcare.ae it’s clinic in Dubai and one www.yaghoubi.ae is advertising company both are hacked I think because dayly I receive 200 Registered User and send several notification emails and I check registered it was automatic generated by real database and some of them contact us that they never register and why you register us? We don’t register them and some automatic generator come and hacked DNN and register 2000 people in 5 days…..!!!!

I add CAPCHA, maybe reflect to control this attach but not effected and now I Close my Register from site setting NONE radio button on registering item….. I hope be answer to stop it.

 

Please help me how can finish it and how can remove these users? Its about 4000 now…. HELP PLEASE……

 

Hi Armin,

Every DNN site appears to be suffering from this bot madness to greater and lesser degrees. It sounds like you're really getting hit hard.

There are some things to look at...

1) Make sure your Site is set to only allow Verified registrations.
2) Make sure that user profiles and similar pages (member listing pages, for instance) are only accessible by Registered Users.
3) DNN's CAPTCHA won't do squat.

This won't stop the bots but will help ensure your user data is more secure and your site isn't being hit to aid in link farming.

Next, I would try setting up Custom Registration. Note that this won't help in most cases because DNN is still allowing registrations through the default, built-in register URL. Though I did read recently in DNN's JIRA that this had been fixed. It would be worth checking out and possibly upgrading.

I was having this problem at my site, dnndev.com. I'm running DNN Social, so my needs were somewhat different. However I went through the steps I've outlined. When that didn't work, I ended up using XMod Pro (Disclaimer: XMod Pro is my product but I'm sure some of the others forms modules may allow something similar) to create a custom registration form. This put the registration form on a different page that the bots didn't know about. Next I added Google's ReCAPTCHA to the form. This also gives me the option to implement an "honey pot" if needed in the future.

That ensured no new spam bots were registering through my custom form. However, I was still getting spam registrations - not through my new form but from the DNN default form. I couldn't set up any URL routing to avoid it because it is hard-coded into DNN (though this may be corrected in 7.3). What I ended up doing is using the Custom URL Rewriter module in IIS and redirecting the default DNN registration URL's to my custom form. I haven't had any spam registrations since.

HTH,
Kelly

---

Create simple forms or build complete module solutions XMod Pro is the best-selling forms and views module of all time.

For me, using Validated membership is an adequate solution. The bot accounts never verify, so occasionally I go to my Users admin screen and click Delete Unauthorized Users followed by Remove Deleted users.

ATM the volumes are low enough for this to be OK. Even at a few hundred per day it would likely be OK.

Is there any estimate from DNN Corp on when there might be a solution baked into the core?

---

Best wishes,
- Richard
Agile Development Consultant, Practitioner, and Trainer
www.dynamisys.co.uk