Learn More





New Community Website

Ordinarily, you'd be at the right spot, but we've recently launched a brand new community website... For the community, by the community.

Yay... Take Me to the Community!

Welcome to the DNN Community Forums, your preferred source of online community support for all things related to DNN.
In order to participate you must be a registered DNNizen

HomeHomeUsing DNN Platf...Using DNN Platf...Administration ...Administration ...?ctl=register fails to point to custom page?ctl=register fails to point to custom page
New Post
5/13/2014 6:28 PM

Using DNN 7.2.2 with Data Springs Dynamic Registration.  Noticed that the still points to the default registration creating a security hole!

The thread:

mentioned that they had a similar problem with DNN 5.6.7.

They used a workaround of setting the portal to "none" in Site Settings->"User Account Settings".

Is there a better way?

Isn't the ctl=register supposed to point to the custom page set in Site Settings->Advanced Settings->Registration Page ?

 Thanks Ahead of Time!

Previous thread copy below:

Hello - I've searched for over an hour now trying to find out if there is a way to either disable the default registration process or add captcha to it so that we can block a number of attempts that are trying to create accounts on our site.

I'm not looking to simply change the default registration process to my customized registration page (we have a registration page that connects with the Data Springs modules and that works great).

My problem is that even though we have a normal process for registration that is "secure" - hackers or junk mailers can still try to create accounts in the system by hitting the generic registration page \register.aspx or by adding the ?ctl=register to the URL.

This registration page does not have captcha and while new accounts don't have security to get into our other pages that are for validated users - it creates a flood of junk accounts in the system.

Seems like this must be a common issue and probably some sort of easy fix but I can't seem to find this information anywhere.

Thanks in advance


Hello Chris - thanks for the reply.

We are on DNN V 5.6.7 and yes under the site Admin settings the registration is pointing to our custom page that has not been broken into - we are assuming that the Captcha has defended these bulk attempts.

We seem to be set now as we have redirected the page that is hit via /register.aspx to our custom page and have turned off the general registration by changing the setting from "public" to "none".  This seems to have fixed the back door that would be open if someone tried to put in ?ctl=register at the end of a URL string.

All good, or so it seems, from here and posting this so that others might find value.
Do appreciate the response with your questions.

New Post
5/14/2014 12:47 PM
you can enable captcha easily enough - . However my impression was that if a page was set as a custom registration page that ?ctl=Register would redirect to that. If this is not the case please log it to

Buy the new Professional DNN7: Open Source .NET CMS Platform book Amazon US
New Post
5/20/2014 12:17 PM
Sadly, I received a promise of help from Navin Nagiah, CEO, DNNSoftware that never materialized.

Happily the folks at Data Springs showed me the work-around.

The original problem was that: ?ctl=register would not point to the custom registration page set in site settings. Instead it points to the default registration page. This allows hackers/pranksters to create bogus accounts ad nauseum..

Set the Site Settings->User Account Settings->User Registration to: "None"

This of course requires that you have a custom registration system that does not require the "core functions."
New Post
5/20/2014 4:21 PM
I had the same issue, I fixed it using the request filtering.

If you are using IIS 7, you can turn on the request filtering and add the following code in web.config.

<    system.webServer    >
    <    security>
        <    requestFiltering>
            <    denyQueryStringSequences>
                <    add sequence="ctl" />
            </    denyQueryStringSequences>
        </    requestFiltering>
    </    security>
</    system.webServer   > 


This will deny the querystring "?ctl=register"
New Post
5/21/2014 5:45 PM

I enabled "request filters" in Host Settings->Other Settings->Enable Request Filters

I added the code to <system.webserver>:

              <add sequence="ctl" />
!!!!! Notice the space between add and sequence in the <add sequence="ctl" />

Otherwise you get an error when the site tries to load:-)

Thanks for the help!!!!:-)

HomeHomeUsing DNN Platf...Using DNN Platf...Administration ...Administration ...?ctl=register fails to point to custom page?ctl=register fails to point to custom page

These Forums are dedicated to discussion of DNN Platform and Evoq Solutions.

For the benefit of the community and to protect the integrity of the ecosystem, please observe the following posting guidelines:

  1. No Advertising. This includes promotion of commercial and non-commercial products or services which are not directly related to DNN.
  2. No vendor trolling / poaching. If someone posts about a vendor issue, allow the vendor or other customers to respond. Any post that looks like trolling / poaching will be removed.
  3. Discussion or promotion of DNN Platform product releases under a different brand name are strictly prohibited.
  4. No Flaming or Trolling.
  5. No Profanity, Racism, or Prejudice.
  6. Site Moderators have the final word on approving / removing a thread or post or comment.
  7. English language posting only, please.

Content Layout

Subscribe to DNN Digest

Subscribe to DNN Digest

DNN Digest is our monthly email newsletter. It highlights news and content from around the DNN ecosystem, such as new modules and themes, messages from leadership, blog posts and notable tweets. Keep your finger on the pulse of the ecosystem by subscribing.  

What is Liquid Content?
Find Out
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out