WordPress.org

Ready to get started?Download WordPress

Forums

[resolved] Mysterious registrations (9 posts)

  1. G Hinson White
    Member
    Posted 1 year ago #

    I've been getting one or two new registrations each week but there are no comments or posts by these people. Reading the blog/forum does not require registration but posting does. Since they are not posting, I'm wondering if somehow, this group is using my blog for some nefarious works. Is this something I should be worried about?

    My site is http://www.RBCForum.com

  2. linux4me2
    Member
    Posted 1 year ago #

    It could be spam bots registering on the site. Take a look at the user names and email addresses they're using. If the user names look like a bunch of random letters and numbers and the email addresses are from free email sites, they are more likely to be bots.

    It is a creepy feeling to have a bunch of such registrations, though if you keep your WordPress installation upgraded and use secure user names (not "admin" for the administrator account, for example) and passwords, you're probably okay. You are running the kind of site that is somewhat of a lightning rod for attacks. I would certainly have a backup routine in place for the site files and database so that if you do get hacked, you will be in a position to rapidly put things back to rights.

    You can try a plugin like Stop Spammer Registrations to try to prevent them from registering. It sure would be a good idea for a potentially controversial site.

  3. G Hinson White
    Member
    Posted 1 year ago #

    This is a dumb question, but what do the bots do?

  4. linux4me2
    Member
    Posted 1 year ago #

    That's not a dumb question at all. The most common thing they do once they register is start posting all kinds of spam comments containing links to sites, advertisements, and other garbage. There may be some that utilize hacks on vulnerable plugins or poorly maintained sites to actually get admin access and have their way with your site in a variety of ways I don't like to think about. :)

    The fact that they haven't done anything on your site just may mean they haven't been used yet or they didn't find the vulnerability they were looking for if they had more malign intent/more capability. These days, most of the registrations are automated, the successful ones go in databases that are then sold to spammers who use them for paid advertising campaigns. They may just be waiting until there is an advertiser that matches up with your site.

  5. G Hinson White
    Member
    Posted 1 year ago #

    Thanks a bunch. Time to install a CAPTHA plugin I guess. That should stop the registrations. Thanks so much for your responses.

  6. linux4me2
    Member
    Posted 1 year ago #

    Actually, all of the CAPTCHA's have long since been cracked by the spam 'bots. You really need something more. Plugins like Akismet and Stop Spammer Registration actually go way beyond a simple CAPTCHA, which is what you need these days.

  7. Gabe Young
    Member
    Posted 1 year ago #

    If you do not have a need for "users", simply turn off registrations.

    From admin, go to Settings, General and uncheck 'Anyone can register'.

  8. G Hinson White
    Member
    Posted 1 year ago #

    linux, I have Akismet installed but have now also installed 'Stop Spammer Registration' and so far, no new registrations.

    Gabe, I need the users because I want to generate discussion/debate but need to be able to keep it civil. Registration helps with that.

  9. linux4me2
    Member
    Posted 1 year ago #

    You should be in good shape now.

Topic Closed

This topic has been closed to new replies.

About this Topic

Tags

No tags yet.