Well, let us get started to fight DNN Bugs again. This is the forth post we discussed about DNN bugs and share workarounds with you. The last posts as follows below:

  1. Fighting DNN Bugs: All Handlers Not Work
  2. Fighting DNN Bugs Ⅱ: Why Can't Remove Google Analytics
  3. Fighting DNN Bugs Ⅲ: Why Non-Administration Users Logged Out

which you also are interested in reading.

Today we would like to share the bug is about spammer, mainly about spammer registrations/login attempts. When looking/monitoring Admin -> Event Viewer, there are a ton of event log recorded off type "Login failure" or "New user", then your website should have been hit by an old robot-script written specifically to target DNN website.

How to fix it

You should check out all the resources links in the end of this article or just follow up the steps for our website running DNN7.4:

  1. Created a custom login page (for example signin)
  2. Configure the site to use the custom login page.
  3. Add a request filter to reject the default register URLs. Follow up the step 6 mentioned in the Guideline with the following configuration:

Server Variable : HTTP_URL

Operation : Regex

Match Value : (?<=\?)ctl=register|(?<!\?)/register |(?<=\?)ctl=login|(?<!\?)/login

Action : NotFound

Location : (empty)

Useful resources below:

Spammer registrations

Replacing Registration page with custom and blocking the default Register Page

iwebs-Register extension from InteractiveWebs