Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.
Latest post by nicholas on Monday, 19 February 2024 01:15 CST
This weekend my new J4 site went live.
I notice large amounts of users being created. Normal users are only able to register at checkout of the Virtuemart cart. I do not have any register module made available to the FrontEnd.
Do you have advice on how to avoid this?
You do not need to have a menu item to the Users component, or a user module, in the frontend. You can always display Joomla's user page by visiting index.php?option=com_users&Itemid=999999999. If you allow user registration on your site there will be a link to register users. This means that spam user registrations by bots will, indeed, take place.
The first line of defence should be to set up a CAPTCHA for the user registration page. Set up the CAPTCHA plugin you want in System, Manage, Plugins. Then go to Users, Manage, Options, User Options and select it in the Captcha drop-down. This will kill most spam user registrations.
For those remaining, remember that they will not be active users if the New User Account Activation option in the Users component (Users, Manage, Options, User Options) is set to anything other than None. Yes, even though your site will send an email when it's set to "Self", the bots which try to create spam user accounts can't interact with that email, if that email address is even correct to begin with. This means that the spam user accounts you get are inactive, therefore you can use a Scheduled Task with Admin Tools to remove them.
Go to System, Manage, Scheduled Tasks. Make sure that Scheduled Tasks will be running. Since there is no Joomla documentation on that, please refer to ours: https://www.akeeba.com/documentation/admin-tools-joomla/php-file-scanner-joomlascheduled.html
You can now create a new scheduled task. Click on New in the toolbar and select the "Admin Tools - Delete Inactive Users" type. If you don't see it, please make sure the "Task - Admin Tools" plugin is enabled.
You can now set up the scheduled task. I recommend the following options.
This will wait for a user to activate their account for 7 days. If this does not happen, the user account will be deleted. DO NOT set this to anything below 3 days! Remember that VirtueMart might not activate a user account before the payment goes through, which can take a few days to take place. You don't want to delete the user account (and the associated transaction information!) while the payment is pending.
Nicholas K. Dionysopoulos
Lead Developer and Director
🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!
Working hours: We are open Monday to Friday, 9am to 7pm Cyprus timezone (EET / EEST). Support is provided by the same developers writing the software, all of which live in Europe. You can still file tickets outside of our working hours, but we cannot respond to them until we're back at the office.
Support policy: We would like to kindly inform you that when using our support you have already agreed to the Support Policy which is part of our Terms of Service. Thank you for your understanding and for helping us help you!