Posted 1 year ago #
I received this email this morning:
New user registration on your blog :
Username: MisterX45881
E-mail: JohnDillinger1903 AT gmx DOT com
I have found another blog through google who posted about the same thing happening to her last night. Is this something to be worried about? Why would someone register as a user on a blog? Can they access anything?
Mnay thanks
Jen
[moderator] Email address changed inline with the forum rules.
Posted 1 year ago #
I got them registered at my blog too. Any update on this?
Posted 1 year ago #
I have been advised by a friend to go to general settings on my wordpress dashboard. I had 'anyone can register' ticked so have unchecked that now. Other than that I have changed my own password. I have no idea why this has been done. It doesn't look like a user can change anything, but I could be wrong.
Hi guys,
It happened with my blog too, but the username and email adrresses were more random, so i disable user registration as jensmith2 said.
Posted 1 year ago #
Happened to me too, same email/username:
[moderated text]
Glad I found this forum, thanks to all of you for discussing it! I posted this page to my Twitter account. No damage was done to my blog either. I deleted the user and disabled 'anyone can register'.
Posted 1 year ago #
I got it as well. Other blogs have been hit, too. What is this fellow up to? Anybody?
Posted 1 year ago #
They're using a bot to directly access your signup page - even if it's not linked from your site, they search for the standard location of that script. The comment spam bots do the same thing.
Their looking for, I imagine, a blog that has a setting so that new registrations are instantly editors / admins. Then they'll spam like crazy.
Just remove the option that readers can subscribe.
Posted 1 year ago #
I had the same thing happen.
[moderated text]
Posted 1 year ago #
Thanks for posting about this! I wondered why anyone was bothering to register on my blog ;p
Talk about a let-down... (:
have you all deleted that user?
also, you should log in to host's phpmyadmin and "browse" the wp-users table looking to see if an admin user has been added
if so, you could be hacked - if not, you're likely ok
in any case
http://codex.wordpress.org/Hardening_WordPress
Posted 1 year ago #
Thanks Samboll, I had a the new user register email come through for the first time for me this morning for:
Username: jos
E-mail: john AT chetkoe DOT tv
Thankfully I had anyone can subscribe default as subscriber not admin so i have deleted them and unticked the anyone can subscribe option in general settings. I need to log into my php admin to check the user table now also.
Posted 1 year ago #
I got the same guy as totalgaz. I deleted the account and unchecked Anyone Can Subscribe. I'm checking myPhpAdmin now. Thanks everyone!
Posted 1 year ago #
Just got a New User Registration on our blog too!
Username: jos
E-mail: john AT chetkoe DOT tv
Will research how to set settings to help avoid this junk...thanks all!!
cmMike123
Posted 1 year ago #
Same on my WordPress, just googled this guy and found this thread.
jos john AT chetkoe DOT tv
Thanks for tips on stopping further hackers etc...
Posted 1 year ago #
If you absolutely must post email address please write them out like so.
example AT example DOT com
This ensures emails are posted inline with the forum rules.
http://wordpress.org/support/topic/374352?replies=1
Akismet is good for spotting known spam email addresses, if you're interested in reducing spam accounts and keeping them at bay, but require registration on your site, please do take a closer look at Akistmet. It comes with WordPress as standard, all you need do is obtain an API key to use the plugin, if you have a wordpress.com blog already, you only need obtain the API key from your account or alternatively you can register for a key on the Akismet site.
http://en.wordpress.com/api-keys/ - General info on api keys
http://akismet.com/personal/ - Registration for api key
Posted 1 year ago #
I use Saber and Lockdown on my site. They can register, but not do anything untill I comfirm them, it works great, I have not been hacked since I installed those two mods, I would like to see it coded into the WP Core, so everyone using WP would be automatically protected from these people.
Posted 1 year ago #
I just had the same john AT chetkoe DOT tv person register on my site. They somehow managed to become an admin as well!
I deleted the account and unchecked the box that allowed anyone to register on my site. What else should I check for? Also, I don't know what that means for people using my site now that I have unchecked that setting. Will they still be able to comment on my posts?
I also use Lockdown like Tinytoes but I think I'm gonna install Saber as well.
This is all a bit worrying.
Posted 1 year ago #
John gets around. I just looked. Yup.
Posted 1 year ago #
If the option for anyone to register is turned off, how are new subscribers added? My blog is hosted by my ISP now WP.com
Thanks,
Posted 1 year ago #
make that "not" WP.com
Posted 1 year ago #
I came to this post to see how others are doing allowing registrations to their blogs.
First, the general settings are under your control, uncheck "anyone can register" and they wont be able to. If you do want them to register and subscribe, check that box and choose "subscriber" in the drop down menu, that can allow people that want to subscribe to your blog to do so. I think they would do that to get links back to their site when they comment, you will moderate the comment and approve or delete it anyway.
Set the check box to "anyone can register" and the drop down to: author, and now you allow people to join your blogging community, that is what I am doing, this can be beneficial, Mike Liebner from Article Underground, literally has thousands posting to his blogs as authors it helps his blog show up on page one of search for many different keywords with their articles, if your blog gets popular well then, like Mike says "words equal money"
If you are blogging private then just uncheck that box and get the security plugin.
Still wondering how anyone else is doing allowing user author registrations, guess I can keep looking aroung.
Jon
Posted 1 year ago #
I have (as 'maggiesboy' mentions) 'anyone can register' UNCHECKED and someone is still able to register (stev.e.nlee233 at gmail)
This email has registered several times but with a role of 'none'
How is this happening when all legitimate users have to be created by admin?
I've checked and there are no other admin roles other than me.
This topic has been closed to new replies.
