WordPress.org

Ready to get started?Download WordPress

Forums

Can't stop spam registrations (13 posts)

  1. Robg48
    Member
    Posted 8 months ago #

    Hey Everyone,

    I'm running 3.7.1 with BuddyPress 1.8.1 - and tons of plugins on the BP Social theme. But none of that matters because I turned off all the plugins and switched to the 2013 theme, activated "Stop Spammers" and "SI Anti-Spam" and "AlphaOmega Captcha" - and the registrations keep coming.

    The thing is, they don't look like "normal" emails I get from known, real, registrations and they are not showing up as users or members. I'm just getting these emails:
    ___________
    Subj: New user joined
    New user Francisca with email [ redacted ] has joined, his/her ID is 162
    HealthITLink mail delivery system!!!
    Auto-generated e-mail, please, do not reply!!!
    ___________
    The other thing - they are coming to my "admin@" email address. Known, good, registrations come to a different address and look different - like this:

    Subj: [HealthITLink] New User Registration
    New user registration on your site HealthITLink:
    Username: Louis35
    E-mail: [ redacted ]

    Nothing I do seems to be able to block/stop this from happening. Any ideas? Anyone getting those "New user joined" messages that shows an ID #?

    Thanks!
    Rob

  2. bemdesign
    Member
    Posted 8 months ago #

    Is your WordPress install hacked?
    http://codex.wordpress.org/FAQ_My_site_was_hacked

  3. Robg48
    Member
    Posted 8 months ago #

    Doesn't appear to be. Like I mentioned, these "users" aren't even showing up as users or members, they aren't appearing anywhere within the site - I'm just getting the emails. The site is working fine - I've scanned it for exploits, malware, hosting provider says everything looks good.

  4. bemdesign
    Member
    Posted 8 months ago #

    An automated bot directly calling the function perhaps? Might be preventable through some .htaccess magic (i.e. don't let anything outside of your domain call the registration function directly). Check out http://perishablepress.com/5g-blacklist-2013/ and see if that might help.

  5. Robg48
    Member
    Posted 8 months ago #

    I don't think that's it either - nobody is actually being registered. I have no new users and the email that I'm getting is not being sent to the notification email address I have setup in "settings".

    Actually, I don't think that address exists anywhere on my site or any plugins.

    I'm also running "Stop Spammer Registrations Plugin" - and using that, I have the hotmail domain blocked as well as "hotmail" blocked as a keyword.

    If you try to register on my site using a hotmail address you will be blocked. But these emails that keep coming in, saying "new user joined", are showing most as having a hotmail address.

  6. Daniel Kanchev
    Member
    Posted 8 months ago #

    Hmmm, are you sure that the email messages are coming from the same server which hosts your site? You should check the full email headers and find out the IP address or hostname of the server which has sent the messages to your address. It is possible that the email messages are originating from another SMTP server and not from the same server which hosts your site.

    If this is the case you need to find the SMTP server which sends the messages and then the problematic app that generates them. This is just a suggestion. If you're using Mozilla Thunderbird – go to View > Message Source; you can also use Ctrl + U.

  7. Robg48
    Member
    Posted 8 months ago #

    Hey Daniel,

    I had checked the headers - they all seem to be coming through just like my "normal" registrations, no strange servers or domains listed.

    They show as coming from "me" and being sent to "me" - both the from and to address are my "admin@healthitlink.com" email - the email that I don't think is anywhere on my site - I use "Robertg@…." for the site.

  8. aloncarmel2k
    Member
    Posted 8 months ago #

    I've gotten tons of spammy "wordpress like' registration emails from my admin account which originated in different account all together.

    I'd poke around in the email headers themselves and see if they are actually coming from your server or not. they might just be spam targeting blog owners.

  9. Robg48
    Member
    Posted 8 months ago #

    I've gotten that kind of spam too but this is definitley coming from my host's servers - the headings look identical to "normal" emails I get.

    I just took the site down - changed the path - well see now if it's even originating on the site or not.

  10. Whitegoodshelp
    Member
    Posted 7 months ago #

    Did you get to the bottom of this Robg48? I'm having the exact same problem and it's driving me mad.

    Getting spam registrations every half an hour. I have "anyone can register" turned off. Register Plus, Limit login attempts and Stop Spammer registrations plugins all activated but nothing stops them.

    They never post any comments (I moderate comments anyway) and they don't show up as members.

    I even have WordPress set to only send notification emails once members have been validated plus I've removed any links to register but nothing is stopping them. The emails announce -
    "You have received this email because a new user has completed their registration!" but there are no new members showing.

    I also have 4 other wordpress installations on same server which are not affected.

  11. Tanishas
    Member
    Posted 7 months ago #

    Yes i am also facing the same problems, I'm also running "Stop Spammer Registrations Plugin" - and using that, I have the hotmail domain blocked as well as "hotmail" blocked as a keyword.

  12. Whitegoodshelp
    Member
    Posted 7 months ago #

    UPDATE: I've just discovered it could be forum registrations I'm getting notified about and not WordPress because I searched for a phrase in the emails "You can turn off user notification in the Admin Control Panel. Have a super day!" and can see articles about IP Board and I have a forum on the same domain.

  13. Whitegoodshelp
    Member
    Posted 7 months ago #

    I can confirm that I had mistakenly thought all the emails were coming from WordPress but in fact they were from my forum - DOH!

Reply

You must log in to post.

About this Topic