Posting in the Magento forums has been disabled pending the implementation of a new and improved forum solution which should better serve the community.

For new questions please post at magento.stackexchange.com, the community-run support site for the Magento community. We will be providing updates on the new forum solution soon. For questions or concerns please email community@magento.com.

Magento Forum

Unauthorised passive automatically created user accounts ??? 
 
DJDENMARK
Sr. Member
 
Total Posts:  79
Joined:  2011-04-16
Denmark
 

It seems that I am struck by “hackers” who automatically creates user accounts in my magento-site (version 1.5),

It seems like they are not using the traditional registration process since there is only added:

- First Name
- Last Name
- Email

- and nothing more… however the system is sending them an e-mail with username and password.

It does not look like they are doing more harm than creating passive user accounts, but is there anything I should be aware of?

 
Magento Community Magento Community
Magento Community
Magento Community
 
DJDENMARK
Sr. Member
 
Total Posts:  79
Joined:  2011-04-16
Denmark
 

anybody who can help....

 
Magento Community Magento Community
Magento Community
Magento Community
 
DJDENMARK
Sr. Member
 
Total Posts:  79
Joined:  2011-04-16
Denmark
 

How can this SECURITY issue be allowed such silence ?

When I posted this I was using version 1.5, even upgrading to version 1.6 did not helped.

Still anonymous accounts is created… somehow...?

 
Magento Community Magento Community
Magento Community
Magento Community
 
daniel.ozean
Jr. Member
 
Total Posts:  2
Joined:  2010-08-12
 

Your form validation is only implemented on clientside.
To prevent such account creation you should implement a server-side validation e.g.:

/app/code/core/Mage/Customer/controllers/AccountController.php

Please note that you edit a magento core module by doing so.

 
Magento Community Magento Community
Magento Community
Magento Community
Magento Community
Magento Community
Back to top