AI Search

Classic Search

Search Phrase:

Search Type:

Advanced search options

Search in Forums:

Search in date period:

Sort Search Results by:

AI Assistant

Notifications

Clear all

[Closed] Intruder signing in to wpforo without approval

Summarize Topic

Page 1 / 2 Next

Bug Reports - wpForo 2.0

Last Post by dimalifragis 4 years ago

9 Posts

3 Users

0 Reactions

2,751 Views

RSS

Posts: 16

plaurits

Topic starter

Translate ▼

Jun 28, 2022 11:26 pm

(@plaurits)

Eminent Member

Joined: 4 years ago

[#22607]

I wonder how I avoid user signing into to my forum in www.tisvildelunde.dk without my manual approval.

See example below, where this user “bnky” apparently managed to get in. I have blocked him now and deleted him and his posts.

Also I have now disabled XML-RPC via wordfence -> login security -> settings.

Br Peter

Details:

Activity Detail

Singapore, Singapore left https://www.tisvildelunde.dk/forum/?foro=signin&redirect_to=https%3A%2F%2Fwww.tisvildelunde.dk%2Ffor… and logged in successfully as "bnky". https://www.tisvildelunde.dk/forum/?foro=signin&redirect_to=https%3A%2F%2Fwww.tisvildelunde.dk%2Fforum%2F…

6/28/2022 7:53:55 PM (40 minutes ago)

IP: 13.214.42.163 Hostname: ec2-13-214-42-163.ap-southeast-1.compute.amazonaws.com UNBLOCK IP

Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36

Topic Tags

user approval

8 Replies

Posts: 3610

Chris

Translate ▼

Jun 29, 2022 1:18 pm

(@chris)

Famed Member

Joined: 5 years ago

Hi @plaurits,

Try this plugin for manually approving user registration in the forum.

In case you want to say thank you !)
We'd really appreciate and be thankful if you leave a good review on plugin page. This is the best way to say thank you to this project and support team.

Posts: 16

plaurits

Topic starter

Translate ▼

Jun 29, 2022 1:33 pm

(@plaurits)

Eminent Member

Joined: 4 years ago

Thanks Chris.

Which plug-in should I use instead of wpforo?

br Peter

1 Reply

dimalifragis

(@dimalifragis)

Joined: 6 years ago

Famed Member

Posts: 2600

Jun 29, 2022 1:58 pm

Reply to

plaurits

Translate ▼

@plaurits

https://wordpress.org/plugins/wp-approve-user/

https://wordpress.org/plugins/new-user-approve/

I do not use any of those, i have no idea if they work ok or not. But others do use them.

Posts: 3610

Chris

Translate ▼

Jun 29, 2022 2:14 pm

(@chris)

Famed Member

Joined: 5 years ago

@plaurits,

My bad, try this: https://wordpress.org/plugins/new-user-approve/

In case you want to say thank you !)
We'd really appreciate and be thankful if you leave a good review on plugin page. This is the best way to say thank you to this project and support team.

Posts: 16

plaurits

Topic starter

Translate ▼

Jun 29, 2022 2:32 pm

(@plaurits)

Eminent Member

Joined: 4 years ago

Ok, hope somebody will look into this bug, which the intruder used as backdoor to get in without my approval. As mentioned I think it is related to xml RPC.

1 Reply

dimalifragis

(@dimalifragis)

Joined: 6 years ago

Famed Member

Posts: 2600

Jun 29, 2022 2:35 pm

Reply to

plaurits

Translate ▼

Posted by: @plaurits

Ok, hope somebody will look into this bug, which the intruder used as backdoor to get in without my approval. As mentioned I think it is related to xml RPC.

There is no bug or backdoor or anything into wpForo.

Registrations/login/emails/RPC are all handled by Wordpress. wpForo provides just some forms for easyness.

Page 1 / 2 Next

Forum Jump:

Previous Topic

Next Topic