drupal 7 malicious users get registered

by Nilesh   Last Updated May 16, 2018 10:07 AM

I have a website in drupal 7, and have upgraded it to 7.59 for drupal security issue SA-CORE-2018-004

but somehow on 3rd may, i observed more than 1000 malicious uses created on site. malicious means without any roles. my website's user/register page can be accessed with valid tokens only, that i sent in an email. if any user tries to access user/register page without valid token, they will get access denied message.

I checked access logs, error logs but could not find any suspicious request for user registration.

I seen 1 request, but dont know how it can add 1000 users

xxx.xx.xxx.xxx 398254 - [24/Apr/2018:01:39:03 +0100] "POST /user/register?element_parents=account/mail/%23value&ajax_form=1&_wrapper_format=drupal_ajax HTTP/1.1" 302 - "-" "Mozilla/5.0 (compatible; MSIE 6.0; Windows NT 5.1)"

I deleted all malicious users, and there is no any such attack till now, but i want to find root cause of it, want to reproduce it.

I tried all exploits for here but no any luck

Thanks in advance

Tags : users security


Related Questions


public page on password protected site

Updated July 09, 2018 15:07 PM

Don't collect IP addresses in Drupal 7

Updated October 09, 2016 09:03 AM

How to delete first user (admin)

Updated March 15, 2017 11:07 AM

Drupal & Wordpress User Integration

Updated March 27, 2017 17:07 PM

Change in core module security risk

Updated March 30, 2017 18:07 PM