community.aegirproject.org

Hello,

I just installed Aegir for the first time on a Linode instance, and created a Drupal 7 site using one of the vanilla profiles. I immediately turned off user registrations for the site since it was new and not ready for public consumption, and I didn't want to deal with spam registrations at this time.

Since the site has been up, I have had over 20 registrations, even though I have configured the site in such a manner that only the administrator can create new accounts. I have never had this problem with a Drupal site installed using Drush, or via a tarball.

Does Aegir create some sort of "backdoor" registration process that will allow users with knowledge bypass the site configuration and create accounts anyway?

Lisa