WordPress.org

Ready to get started?Download WordPress

Forums

[resolved] Anybody else see wp-register.php abuse? (8 posts)

  1. hetta
    Member
    Posted 8 years ago #

    I've disabled wp-register.php for now, as I've been getting fly-by-night registerings -- as in, they POST straight to wp-register without bothering to visit the site first.

    I see two possibilities: 1) a security hole, and 2) blog comment spammers, trying to circumvent the "only registered users can post comments" thing.

    If it's any help, they all come with the same user-agent: "Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0)".

    Any ideas?

  2. maerk
    Member
    Posted 8 years ago #

    Do they come from the same IP? If so you can just block it with .htaccess.

  3. hetta
    Member
    Posted 8 years ago #

    One IP per fly-by POST to wp-register.

  4. whooami
    Member
    Posted 8 years ago #

    yes and I manage to circumvent a good deal of it by doing this:

    RewriteCond %{HTTP_REFERER} !^http://([^.]+.)?mydomain.com/.*$ [NC]
    RewriteCond %{REQUEST_URI} ".*wp-register.php$"
    RewriteRule .* - [F]

    it doesnt take care of them all; I see maybe one registration every 2 weeks. Easily something I can manage.

    But then I also use mod_security, so if I see patterns i can take care of those 2 with that.

    Theres absolutely NO reason why anyone needs to hit that page without having the referer be your domain. And i couldnt give a crap less about ppl that refuse to send referers when they surf, far as Im concerned thats all the more reason to keep folks off my site, completely.

  5. hetta
    Member
    Posted 8 years ago #

    Thanks, whooami.

  6. whooami
    Member
    Posted 8 years ago #

    youre very welcome .. :)

  7. success-in-life
    Member
    Posted 7 years ago #

    RewriteCond %{HTTP_REFERER} !^http://([^.]+.)?mydomain.com/.*$ [NC]
    RewriteCond %{REQUEST_URI} ".*wp-register.php$"
    RewriteRule .* - [F]

    Sorry for the newbie question, but where do I add that? I need it, too.

  8. MarkMichon
    Member
    Posted 7 years ago #

    in your .htaccess file

Topic Closed

This topic has been closed to new replies.

About this Topic