Skip to content Skip to main navigation Skip to footer

Registration Security Features

Nucleus is an open registration platform which means there are no restrictions on who can create accounts and submit Entries unless specifically requested. The idea is that as Entrants are required to provide data and make payments there is little interest in anyone trying to break the system and putting up barriers to registration will discourage entries. This does unfortunately mean that malicious Users can try to take advantage of the inclusivity of the system. With this in mind, several features have been introduced to mitigate this.

Validating Email Addresses

Admins can turn on an option which forces Entrants to validate their email addresses before they can access their accounts. This feature is now standard in most systems and forces Entrants to confirm that they own an email address before they have access to an account. This prevents Users from spoofing email addresses and also ensures that Entrants register the correct address so that they receive all of the email correspondence. Once the Entrant has completed the Registration Form, they will be sent an email with a 6 digit code that must be entered on a page in Nucleus. Once the code has been entered, the email address will be considered validated and the Entrant will not be asked again, unless they change their email address in the account settings.

This feature must first be turned on. Once activated, the email template for verification must be generated and updated along with the CMS for the code page.

  1. Log into the Admin Interface
  2. Go to Actions>Misc
  3. Click on Configuration Values
  4. Search for Confirm Entrant Email on Registration
  5. Click Edit
  6. Set the Value to Yes
  7. Click Save and Close

The email validation has now been set up and the next step is to register for a test account so that the email template will be generated. Once you have registered a test account follow these instructions:

  1. Log into the Admin Interface
  2. Go to Actions>Misc
  3. Click on Email Templates
  4. Search for entrant/emailverification
  5. Click edit on the template
  6. Update the email template as required making sure you include the value @@verificationCode@@ as this will include the 6 digit code in the email. For more information see the How to Manage Email Templates guide.
  7. The code is valid for 60 minutes. It is advisable that this time limit is included in the email copy
  8. Once updated click Save and Close

The final step is to update the copy on the Code Confirmation page. This can be updated via the CMS. For more information on updating the CMS see this guide. These are the CMS variables that require updating:

  • Header email validation header (add to CMS)
  • Text email validation intro
  • Input field with text to the left email validation code text
  • Resend Code, button
  • Enter Code button

Limiting the number of Entrant Registrations

One approach taken by a malicious party is to register a high number of fake accounts which can then be used to cause issues. There is little interest in anyone doing this as the net result is that they will need to provide data and pay an entry fee. As fake Entries are easy to spot and there is no financial benefit, there is a very small security risk. If fake accounts are registered it can be an annoyance for Admins who then have to sift through accounts until they are deleted 18 months after the last login. Nucleus therefore automatically restricts the number of accounts that can be generated from one IP address to 10 a day. Once this threshold is hit no more accounts can be registered, preventing bots from registering hundreds of fake accounts.

If required the threshold can be increased or decreased in the Configuration Vales section.

  1. Log into the Admin Interface
  2. Go to Actions>Misc
  3. Click on Configuration Values
  4. Search for Number of registrations per IP address per day
  5. Click Edit
  6. Change the number of registrations in the Value field
  7. Click Save and Close

It is also possible to White List IP addresses if you know they are safe. Any whitelisted IP is not affected by the restriction settings.

  1. Log into the Admin Interface
  2. Go to Actions>Misc
  3. Click on Configuration Values
  4. Search for Registrations whitelisted IP address
  5. Click Edit
  6. Enter a comma-separated list of IP Addresses that you wish to whitelist in the Value field
  7. Click Save and Close