Using DNN 7.2.2 with Data Springs Dynamic Registration. Noticed that the http://www.mywebsite.com/default.aspx... still points to the default registration creating a security hole!
The thread: http://www.dnnsoftware.com/forums/for...
mentioned that they had a similar problem with DNN 5.6.7.
They used a workaround of setting the portal to "none" in Site Settings->"User Account Settings".
Is there a better way?
Isn't the ctl=register supposed to point to the custom page set in Site Settings->Advanced Settings->Registration Page ?
Thanks Ahead of Time!
Previous thread copy below:
Hello - I've searched for over an hour now trying to find out if there is a way to either disable the default registration process or add captcha to it so that we can block a number of attempts that are trying to create accounts on our site.
I'm not looking to simply change the default registration process to my customized registration page (we have a registration page that connects with the Data Springs modules and that works great).
My problem is that even though we have a normal process for registration that is "secure" - hackers or junk mailers can still try to create accounts in the system by hitting the generic registration page \register.aspx or by adding the ?ctl=register to the URL.
This registration page does not have captcha and while new accounts don't have security to get into our other pages that are for validated users - it creates a flood of junk accounts in the system.
Seems like this must be a common issue and probably some sort of easy fix but I can't seem to find this information anywhere.
Thanks in advance
Hello Chris - thanks for the reply.
We are on DNN V 5.6.7 and yes under the site Admin settings the registration is pointing to our custom page that has not been broken into - we are assuming that the Captcha has defended these bulk attempts.
We seem to be set now as we have redirected the page that is hit via /register.aspx to our custom page and have turned off the general registration by changing the setting from "public" to "none". This seems to have fixed the back door that would be open if someone tried to put in ?ctl=register at the end of a URL string.
All good, or so it seems, from here and posting this so that others might find value.
Do appreciate the response with your questions.