URGENT: Huge problem with registration security issue

Hi,
since a pair of weeks, how don't know how someone of them do it, people can register to my website just inserting username, email and password, even if there are a lot fields to fill.

I've tried to do the same thing but my browser, correctly, don't permit me to register 'couse miss all the field required... how can they do? how can solve this issue?

They are not hacker, just normal people...

Thank you for help

They're probably using Joomla registration, 3rd party extension registration, or CB Connect. CB Connect registrations bypass field checks unless you have it configured to use pre-filled. Joomla registration should be blocked unless you told CB not to within its system plugin in Extensions > Plugins or you unpublished it. As for 3rd party extension registrations there's nothing we can do about those and you'll need to see if any extensions you've installed have their own registration processes.

krileon wrote: They're probably using Joomla registration, 3rd party extension registration, or CB Connect. CB Connect registrations bypass field checks unless you have it configured to use pre-filled. Joomla registration should be blocked unless you told CB not to within its system plugin in Extensions > Plugins or you unpublished it. As for 3rd party extension registrations there's nothing we can do about those and you'll need to see if any extensions you've installed have their own registration processes.

Hi Krileon,
Joomla registration is set to NO, since the site born;
In CB Configuration is set the option "Register user even if joomla registration system is set to no";
I've no 3rd party component but Kunena that is set to integrate itself with CB;
I don't use CB Connect.

When I try to register me from the "registrati" button, or by the kunena button the browser correctly bring me directly to the normal registration form.
I've tried to compile only the email, username, password field but browser not register me and say I miss the required field...

Try: www.fareanimazione.it / www.fareanimazione.it/iscriviti.html

How many users have bypassed the required fields? Only way I can see for them to do that with CB is they put in empty characters (e.g. hit spacebar a bunch), which you can prevent with stronger validation rules on your fields and that'd really only work for text fields. Beyond that I don't know or see how they could bypass field validation except some sort of 3rd party registration. Are you using CB Auto Actions to act on registration in any way? It's possible their registration is being interrupted, which could prevent data from saving.

Ok, it could be for the text fields, but, for example, there are the first field "Animatore o Azienda" and other like the acception of term and conditions that are required and there is no possibility to insert blank space chars... and in their profile were shown not selected.

Since I've opened the website, just 2 persons, last 2 in the last 2 weeks.

I've set just 1 auto action by CB Autoaction: when an user register itself, the user is linked to the "basic" free subscription plan of CB Subscriptions

Today there is a new!

Another normal user is registered into joomla user db but not into community builder user db...

What's goin'on? Is there some bug in the last update of CB?

Since before Christmas everything worked good....