By default for many Joomla websites, user registration is enabled. While this is useful for a site where users require an account to access content or interact, it can also be used for malicious purposes.
This is simply nuisance spam, where the registration emails are designed to clog someone else’s inbox.
To prevent, we highly recommend taking 3 actions:
- Disable user registration unless absolutely necessary. To do this, within your Joomla Admin you should go to User Manager: Users -> Options ->Allow User Registration and set this to No:
- Remove all existing spam accounts. These can still be exploited to send spam via password reset forms, so the issue may still be present unless this is corrected.
- To also help stop contact form spam, you should ensure a Captcha extension is properly installed and configured.