Ask Your Question
0

How do unauthenticated users get onto our site?

asked 2014-12-13 19:15:56 -0600

tim gravatar image

updated 2014-12-21 21:04:10 -0600

We have a site that requires validation with an outside authentication service (a wiki/LDAP) but yet we see users with obvious bad names on our site and "posting" questions with nonsense in them.

It is apparent that there are others who use AskBot with similar issues.
I have a few questions:

  • How did these users create accounts for themselves if they did not use our (what we thought was a) sinlge external authentication?

  • How can we stop this from happening?

  • How did these bots find the site? (we don't publish it - it is a closed site)

EDIT Note that I was able to reproduce the ability to sign in with nonsense accounts by navigating to [mysite]/account/signup/?login_provider=local there is no way to get there from a UI as far as I could tell, but the url works and allows a person to signup.

edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted
0

answered 2014-12-19 03:13:27 -0600

Evgeny gravatar image

It could be that you have login methods available that bypass your LDAP or you have allowed making posts without registration.

Are you hosting this site on your own/organizations' server? Is anything customized on your instance?

edit flag offensive delete link more

Comments

The attempts apparently just came through the usual registration page. Although it was not possible to get to that page through the UI, the url still worked. We are hosting on our own server. Users must be registered to see content/post. We fixed this by using the domain whitelist for emails in order to register.

tim gravatar imagetim ( 2014-12-21 12:59:45 -0600 )edit

Which url was that?

Evgeny gravatar imageEvgeny ( 2014-12-21 13:52:36 -0600 )edit

.../account/signup/?login_provider=local

tim gravatar imagetim ( 2014-12-21 21:02:57 -0600 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2014-12-13 19:15:56 -0600

Seen: 127 times

Last updated: Dec 21 '14