I have the latest 1.1.2 version of Mantis install on a Linux host, and get a continuous stream of bogus account registrations. Up to 10 per day and on occasion what looks like a bot registering once every 5 minutes or so.
I assume this would only be done if there was some benefit for the perpetrators. Are there current or old exploits that would allow people to send spam or gain access to my host by simply creating accounts, but never actually logging in?
Account registration flood
Moderators: Developer, Contributor
Re: Account registration flood
Does anyone else see this happening?
Re: Account registration flood
Do you have captcha ON on signup? We don't see happening on our bug tracker / we haven't heard of anyone else having this issue.
Migrate your MantisBT to the MantisHub Cloud
Re: Account registration flood
Turning captcha on did fix the issue, but I still wonder what the purpose was for automating account creation.