Forums

Joomla User registration feature may create a hole for spammers and bots?

oloccina 05 Sep, 2020
Hello,
I am using a Chronoform6 form and Joomla User registration feature to register users to the site (see here https://accademiainfinita.it/registrati)
But I receive almost 15 false registrations a day (they where a lot more before I blocked all Tor browsers from accessing the site)

Since I do have a Google recaptcha in place, I wonder if maybe using Chronoforms could be part of the issue. I have not really tested going back tot he Joomla default registration form, because it's a form with a lot of unecessary fields and makes the registration process painful (which is why I use chronoforms instead).

I did check my Google Recaptcha key and they are fine, I also tested the fomr several times and tehre is no way I can create a user if I don't pass the captcha, but maybe an hacker could spot a hole... is there any particular reason why using chronoforms6 coudl be less secure than using the default Joomla form?

here are my form views: https://nimb.ws/nyh1xH
and actions: https://nimb.ws/UoOJab

thanks for any thoughts on this!
Max_admin 06 Sep, 2020
Can you access the form submit url directly ?

If not then you may be targeted by human spammers, we use a Chronoform for registrations here and there is no issue, but still few users create accounts just to post promotional content!
Max
ChronoForms developer...
Did you try ChronoMyAdmin for managing your Joomla database tables ?
oloccina 06 Sep, 2020

Can you access the form submit url directly ?


I just tested and I cannot, I just get redirected to the registration form with the message that I have failed the captcha.
Must be real humans or someone who buys captcha solving services then... I'll try to block the countries maybe since my site is just in italian.
Max_admin 07 Sep, 2020
do you have any required form fields ? are they filled in or not ?
Max
ChronoForms developer...
Did you try ChronoMyAdmin for managing your Joomla database tables ?
oloccina 07 Sep, 2020
I only have 2 fields
email and password, they are both required and you cannot submnit the form unless you fill them out
This topic is locked and no more replies can be posted.