Hacker uses Joomla registration to register

Guys

A strange thing happened on the way to the Forum! For the first time in years, someone managed to register as a user, obviously via the Joomla route as there was no CB plan selected, nor any CB required field, but yet they uploaded a photo of Leonardo di Caprio and the user shows as confirmed and approved.

The CB configuration is Yes, independent of global setting and the global setting for Allow User Registration is NO. CB Registration form has captcha so it did not come via that form.

Any ideas of another way this could have happened? What I also don't understand is that is seems he managed to log in to the site as well (see pic enclosed)


Thanks

Cliff

I did find this error log under Paid Subscriptions:

USER ERROR: cbpaid:onAfterUserRegistration: No free plan but no plan chosen ! in /web_local/docroot/mysite/components/com_comprofiler/plugin/user/plug_cbpaidsubscriptions/cbpaidsubscriptions.php on line 592
Trace:called in class cbpaidErrorHandler::_error_handler_callable(256, "cbpaid:onAfterUserRegistration: No free plan but no plan chosen !", "/web_local/docroot/mysite/components/com_comprofiler/plugin/user/plug_cbpaidsubscriptions/cbpaidsubscriptions.php", 592, array("user" => object(moscomprofilerUser), "rowExtras" => object(moscomprofilerUser), "bool" => true, "params" => object(cbpaidParamsConfig), "registrationPlansEnabled" => "1", "enableFreeRegisteredUser" => "0", "chosenPlans" => "Chosen plans combination is not allowed (you must choose coherent plans selection, e.g. mandatory subscription(s) must be active or mandatory plan(s) must be chosen)."))
called in function trigger_error("cbpaid:onAfterUserRegistration: No free plan but no plan chosen !", 256) on line 592 in file cbpaidsubscriptions.php
called in class getcbpaidsubscriptionsTab::onAfterUserRegistration(object(moscomprofilerUser), object(moscomprofilerUser), true)
called in function call_user_func_array(array(0 => object(getcbpaidsubscriptionsTab), 1 => "onAfterUserRegistration"), array(0 => object(moscomprofilerUser), 1 => object(moscomprofilerUser), 2 => true)) on line 583 in file plugin.class.php
called in class cbPluginHandler::call("513", "onAfterUserRegistration", "getcbpaidsubscriptionsTab", array(0 => object(moscomprofilerUser), 1 => object(moscomprofilerUser), 2 => true)) on line 541 in file plugin.class.php
called in class cbPluginHandler::trigger("onAfterUserRegistration", array(0 => object(moscomprofilerUser), 1 => object(moscomprofilerUser), 2 => true)) on line 912 in file cbconnect.class.php
called in class cbconnectSynchronize::registerUser(object(moscomprofilerUser)) on line 699 in file cbconnect.class.php
called in class cbconnectSynchronize::syncUser() on line 27 in file component.cbconnect.php
called in class CBplug_cbconnect::getCBpluginComponent(NULL, NULL, 1, array())
called in function call_user_func_array(array(0 => object(CBplug_cbconnect), 1 => "getCBpluginComponent"), array(0 => NULL, 1 => NULL, 2 => 1, 3 => array())) on line 583 in file plugin.class.php
called in class cbPluginHandler::call("569", "getCBpluginComponent", "CBplug_cbconnect", array(0 => NULL, 1 => NULL, 2 => 1, 3 => array()), NULL) on line 4187 in file comprofiler.class.php
called in class cbTabs::_callTabPlugin(NULL, NULL, "CBplug_cbconnect", "getCBpluginComponent", "569", array()) on line 4274 in file comprofiler.class.php
called in class cbTabs::tabClassPluginTabs(NULL, array(), "cbconnect", "CBplug_cbconnect", "getCBpluginComponent") on line 780 in file comprofiler.php
called in function tabClass("com_comprofiler", "pluginclass", 0) on line 275 in file comprofiler.php
called in function require_once("/web_local/docroot/mysite/components/com_comprofiler/comprofiler.php") on line 351 in file helper.php
called in class JComponentHelper::executeComponent("/web_local/docroot/mysite/components/com_comprofiler/comprofiler.php") on line 331 in file helper.php
called in class JComponentHelper::renderComponent("com_comprofiler") on line 178 in file site.php
called in class JApplicationSite::dispatch() on line 208 in file site.php
called in class JApplicationSite::doExecute() on line 255 in file cms.php
called in class JApplicationCms::execute() on line 40 in file index.php
$_GET = array (
'plugin' => 'cbconnect',
'action' => 'facebook',
'return' => 'aHR0cDovL21lbWJlcnN3ZWIuY28udWsvaW5kZXgucGhwL2VuLw..',
'task' => 'pluginclass',
)
$_POST = array (
)

They probably tried to register and when they got to the basket they cancelled the basket. They then attempted to login for whatever reason to try and bypass the purchase process, but CBSubs caught and blocked them. So nothing to really be alarmed about as CB, CBSubs, and Joomla all behaved as expected.

I did find this error log under Paid Subscriptions:

Ensure at least 1 plan is marked Default. They may have tried to modify the DOM to remove the input and submit without it, which CBSubs won't allow.

You cannot move even beyond the first screen without choosing a membership. The user record contains ALL blank fields, nothing was input at all.

I tired doing what you said, chose a paid subscription, then cancelled the basket, and CB creates a record but it is not approved, and not enabled and it contains all the fields I entered. PLus Cb created about 20 logs in the hsitory file. For the one I mentioned, only 1 log was created...

So not sure we have caught the issue to be honest..

Are there any other log files I could check?


Cliff

Just checked your site. You have CB Connect. That's how they registered. It completely bypasses registration and creates the user with the available social site data. It will not let them select a plan. It's designed to be single sign on. In your environment CB Connect doesn't make sense to use.

Ok, i was not aware of that! I thought that Cb-Connect allows a user to use their Facebook credentials to authenticate once they already have an account with us.. Single sign-on if you get my drift..

What a surprise!

Have disabled...

If you want them to use it for login only you'll need to disable registration for CB Connect so only the Linking feature will be used. That will allow them to link their social site to their CB account and be able to login with their the social site buttons.