My site is being overwhelmed by spam user accounts being created on my Joomla site and I am having trouble preventing them from being created. Normally in the region of 10 to 30 bogus accounts per day, with high usage of bandwidth.
I have tried a number of things to increase security but have failed to stop these accounts being created.

I'm currently running Joomla 2.5.8 which uses Community Builder 1.7, CB Profile Pro and Kunena Forum 1.7.

Registration is not allowed through Kunena forum and the CB Profile Pro uses reCaptcha on its registration page.

I've noticed some trends in the problem:

• Firstly, the bot is bypassing reCaptcha (or able to break it).
• The page with the most hits is /index.php/component/comprofiler/ which, when I look at the page, just says 'Please log in or register to view or modify your profile' regardless of my logged in status.
• IP's from China have visited 12547 pages with 12547 hits (recent stats). Thats odd that they are the same number!
• My site is set to confirm your account by email link. However, almost all bogus accounts are marked as enabled and activated, with no 'last visit date'.

So from this information I gather that the bot is accessing the registration plugin directly and signing people up.

Like i said, I use reCaptcha on the site and have require email confirmation enabled.
I have tried to block IP addresses via the web.config file Joomla uses but the rules are ignored. I also created a web.config file in the root directory of my host (as recommended by my service provider) but this just caused an internal server error and my site went offline. (It did stop registrations though lol) I am waiting on a reply from support.

Now I have hit a wall and I need to get over it. Can anybody recommend any suggestions as to how this problem can be solved??

Thanks for any help you guys can give me!

File: Attached is some stats for my site.



PS: I have upgraded CB to v1.9 but waiting to see any effects it may have.

Hi there,

I have the same issue on one of my sites. I also have re-captcha. I installed it when we started to have fake registrations coming in. I thought that by installing re-captcha, it would solve the issue, but it did not.

Joomla: 1.5.26
CB: 1.9

Your help would be appreciated.

Thanks