If you have been receiving daily new registrations to your dnn (dotnetnuke) site from invalid/spam users, your site is under by attack by spam bots.
Why do they do this?
These bots create users and populate the user profile with spam links/urls to gain "link juice" and help with the SEO of their own sites.
How do the bots do this?
First they search for sites that contain "Membership for this website is public" which is default text found in any new DotNetNuke installation
Then, when a site is found the bot will execute a request for http://domain.com/default.aspx?ctl=Register
The bot will then calculate the captcha if it is enabled and submit a registration for a new user with the "spammy" profile. Yes, the bots can break through the default built-in captcha module!
How do I prevent this?
If your site does not need registration enabled, the easiest and fastest way is to simply disable registration alltogether by going to the DNN Admin > site settings and choose None for User registration.
If you need to accept new user registrations, then the user registration should be set to Private so that each new user has to be validated by an admin.
Captcha should also be enabled, even though captcha can now be broken by bots, it may still prevent some registrations and at least block basic attacks.
If you absolutely need to have Public registration, the following steps should be taken to help prevent registration spam:
- Alter the text "Membership for this website is Public" in the file App_GlobalResources\SharedResources.resx. This will prevent bots from being able to find your site on search engines.
- Change the default registration page to a custom page and block requests going to the default registration page as described in this article: http://www.dnnsoftware.com/wiki/page/replacing-registration-page-with-custom-and-blocking-the-default-register-page
- Use reCaptcha DNN module from InteractiveWebs
My site already has thousands of bad users, how do I get rid of them?
Without spending hours manually deleting the users, there are some sql queries that you can run against your dnn database to delete these quickly.
Before running any queries on your database, make sure to take a complete backup.
http://www.dnnsoftware.com/community-blog/cid/155027/quick-tip-getting-rid-of-spam-users
