I've just started using RSFirewall. So far it seems to be a great help. One of the things I saw was that it was possible to use the lockdown facility so that "any backend user that is added will get deleted immediately". One of my Joomla sites keeps being attacked by users who create unauthorized accounts. I get an email as an administrator and go in and delete manually but I thought this lockdown feature would save me doing this.

Unfortunately even with lockdown on the same attacks continue.

I have found in the server log file that they are using a command of the form:

/index.php?option=com_user&task=activate&activation=a213665f770d412869c23f23d2887ff3

Should RSFirewall be able to detect this and if so what have I not configured correctly?

Thanks

Steve

Hello,

If users can create accounts without any captcha, activation then you need to fix your Joomla!.
Update to newer version within the version you are using or use the newest version for example 2.5
It's only possible with a bug in Joomla! to create backend users or something like that.
It's not logical that RSFirewall needs to block user creation.

What you can do is disable the user extension in RSFirewall! and setup that only your account can create users.

Thanks for the suggestions.

In order to disable the user extension do I go into Firewall configuration and enable the backend user access option, selecting the extension from the list?