Intruder signing in...
 
Notifications
Clear all

wpForo 1.x.x [Closed] Intruder signing in to wpforo without approval

9 Posts
3 Users
0 Reactions
1,195 Views
Posts: 16
Topic starter
(@plaurits)
Eminent Member
Joined: 3 years ago

Hi

I wonder how I avoid user signing into to my forum in www.tisvildelunde.dk without my manual approval.

See example below, where this user “bnky” apparently managed to get in. I have blocked him now and deleted him and his posts.

Also I have now disabled XML-RPC via wordfence -> login security -> settings.

Br Peter

 

Details:

 

Activity Detail

 Singapore, Singapore left  https://www.tisvildelunde.dk/forum/?foro=signin&redirect_to=https%3A%2F%2Fwww.tisvildelunde.dk%2Ffor…  and logged in successfully as "bnky".  https://www.tisvildelunde.dk/forum/?foro=signin&redirect_to=https%3A%2F%2Fwww.tisvildelunde.dk%2Fforum%2F…

6/28/2022 7:53:55 PM (40 minutes ago)  

IP: 13.214.42.163 Hostname: ec2-13-214-42-163.ap-southeast-1.compute.amazonaws.com UNBLOCK IP

Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36

Topic Tags
8 Replies
Chris
Posts: 3647
(@chris)
Famed Member
Joined: 3 years ago

Hi @plaurits,

Try this plugin for manually approving user registration in the forum.

Posts: 16
Topic starter
(@plaurits)
Eminent Member
Joined: 3 years ago

Thanks Chris.

Which plug-in should I use instead of wpforo?

br Peter

1 Reply
dimalifragis
(@dimalifragis)
Joined: 4 years ago

Famed Member
Posts: 2615

@plaurits 

https://wordpress.org/plugins/wp-approve-user/

https://wordpress.org/plugins/new-user-approve/

I do not use any of those, i have no idea if they work ok or not. But others do use them.

Chris
Posts: 3647
(@chris)
Famed Member
Joined: 3 years ago

@plaurits,

My bad, try this: https://wordpress.org/plugins/new-user-approve/

Posts: 16
Topic starter
(@plaurits)
Eminent Member
Joined: 3 years ago

Ok, hope somebody will look into this bug, which the intruder used as backdoor to get in without my approval. As mentioned I think it is related to xml RPC.

1 Reply
dimalifragis
(@dimalifragis)
Joined: 4 years ago

Famed Member
Posts: 2615
Posted by: @plaurits

Ok, hope somebody will look into this bug, which the intruder used as backdoor to get in without my approval. As mentioned I think it is related to xml RPC.

There is no bug or backdoor or anything into wpForo.

Registrations/login/emails/RPC are all handled by Wordpress. wpForo provides just some forms for easyness.

 

Page 1 / 2