Mantis Bug Tracker - Forums

I have the latest 1.1.2 version of Mantis install on a Linux host, and get a continuous stream of bogus account registrations. Up to 10 per day and on occasion what looks like a bot registering once every 5 minutes or so.

I assume this would only be done if there was some benefit for the perpetrators. Are there current or old exploits that would allow people to send spam or gain access to my host by simply creating accounts, but never actually logging in?

Does anyone else see this happening?

Do you have captcha ON on signup? We don't see happening on our bug tracker / we haven't heard of anyone else having this issue.

Turning captcha on did fix the issue, but I still wonder what the purpose was for automating account creation.