WordPress.org

Ready to get started?Download WordPress

Forums

Someone registered as a user on my wordpress blog - possible hacker? (22 posts)

  1. jensmith2
    Member
    Posted 4 years ago #

    I received this email this morning:

    New user registration on your blog :
    Username: MisterX45881
    E-mail: JohnDillinger1903 AT gmx DOT com

    I have found another blog through google who posted about the same thing happening to her last night. Is this something to be worried about? Why would someone register as a user on a blog? Can they access anything?

    Mnay thanks

    Jen

    [moderator] Email address changed inline with the forum rules.

  2. underthegun
    Member
    Posted 4 years ago #

    I got them registered at my blog too. Any update on this?

  3. jensmith2
    Member
    Posted 4 years ago #

    I have been advised by a friend to go to general settings on my wordpress dashboard. I had 'anyone can register' ticked so have unchecked that now. Other than that I have changed my own password. I have no idea why this has been done. It doesn't look like a user can change anything, but I could be wrong.

  4. Kim09
    Member
    Posted 4 years ago #

    Hi guys,
    It happened with my blog too, but the username and email adrresses were more random, so i disable user registration as jensmith2 said.

  5. sarvasoap
    Member
    Posted 4 years ago #

    Happened to me too, same email/username:

    [moderated text]

    Glad I found this forum, thanks to all of you for discussing it! I posted this page to my Twitter account. No damage was done to my blog either. I deleted the user and disabled 'anyone can register'.

  6. lynnszen
    Member
    Posted 4 years ago #

    I got it as well. Other blogs have been hit, too. What is this fellow up to? Anybody?

  7. sparro
    Member
    Posted 4 years ago #

    They're using a bot to directly access your signup page - even if it's not linked from your site, they search for the standard location of that script. The comment spam bots do the same thing.

    Their looking for, I imagine, a blog that has a setting so that new registrations are instantly editors / admins. Then they'll spam like crazy.

    Just remove the option that readers can subscribe.

  8. mcschobert
    Member
    Posted 4 years ago #

    I had the same thing happen.

    [moderated text]

  9. jenniferthorne
    Member
    Posted 4 years ago #

    Thanks for posting about this! I wondered why anyone was bothering to register on my blog ;p

    Talk about a let-down... (:

  10. Samuel B
    moderator
    Posted 4 years ago #

    have you all deleted that user?
    also, you should log in to host's phpmyadmin and "browse" the wp-users table looking to see if an admin user has been added
    if so, you could be hacked - if not, you're likely ok

    in any case
    http://codex.wordpress.org/Hardening_WordPress

  11. totalgaz
    Member
    Posted 4 years ago #

    Thanks Samboll, I had a the new user register email come through for the first time for me this morning for:

    Username: jos
    E-mail: john AT chetkoe DOT tv

    Thankfully I had anyone can subscribe default as subscriber not admin so i have deleted them and unticked the anyone can subscribe option in general settings. I need to log into my php admin to check the user table now also.

  12. jockpost
    Member
    Posted 4 years ago #

    I got the same guy as totalgaz. I deleted the account and unchecked Anyone Can Subscribe. I'm checking myPhpAdmin now. Thanks everyone!

  13. CrabbieMasters
    Member
    Posted 4 years ago #

    Just got a New User Registration on our blog too!

    Username: jos
    E-mail: john AT chetkoe DOT tv

    Will research how to set settings to help avoid this junk...thanks all!!

    cmMike123

  14. YamaDan
    Member
    Posted 4 years ago #

    Same on my WordPress, just googled this guy and found this thread.
    jos john AT chetkoe DOT tv

    Thanks for tips on stopping further hackers etc...

  15. Mark / t31os
    Moderator
    Posted 4 years ago #

    If you absolutely must post email address please write them out like so.

    example AT example DOT com

    This ensures emails are posted inline with the forum rules.
    http://wordpress.org/support/topic/374352?replies=1

    Akismet is good for spotting known spam email addresses, if you're interested in reducing spam accounts and keeping them at bay, but require registration on your site, please do take a closer look at Akistmet. It comes with WordPress as standard, all you need do is obtain an API key to use the plugin, if you have a wordpress.com blog already, you only need obtain the API key from your account or alternatively you can register for a key on the Akismet site.

    http://en.wordpress.com/api-keys/ - General info on api keys
    http://akismet.com/personal/ - Registration for api key

  16. Tinytoes
    Member
    Posted 4 years ago #

    I use Saber and Lockdown on my site. They can register, but not do anything untill I comfirm them, it works great, I have not been hacked since I installed those two mods, I would like to see it coded into the WP Core, so everyone using WP would be automatically protected from these people.

  17. Skinny_Latte
    Member
    Posted 4 years ago #

    I just had the same john AT chetkoe DOT tv person register on my site. They somehow managed to become an admin as well!

    I deleted the account and unchecked the box that allowed anyone to register on my site. What else should I check for? Also, I don't know what that means for people using my site now that I have unchecked that setting. Will they still be able to comment on my posts?

    I also use Lockdown like Tinytoes but I think I'm gonna install Saber as well.

    This is all a bit worrying.

  18. Nolanimrod
    Member
    Posted 4 years ago #

    John gets around. I just looked. Yup.

  19. maggiesboy
    Member
    Posted 3 years ago #

    If the option for anyone to register is turned off, how are new subscribers added? My blog is hosted by my ISP now WP.com

    Thanks,

  20. maggiesboy
    Member
    Posted 3 years ago #

    make that "not" WP.com

  21. jonpf239
    Member
    Posted 3 years ago #

    I came to this post to see how others are doing allowing registrations to their blogs.

    First, the general settings are under your control, uncheck "anyone can register" and they wont be able to. If you do want them to register and subscribe, check that box and choose "subscriber" in the drop down menu, that can allow people that want to subscribe to your blog to do so. I think they would do that to get links back to their site when they comment, you will moderate the comment and approve or delete it anyway.

    Set the check box to "anyone can register" and the drop down to: author, and now you allow people to join your blogging community, that is what I am doing, this can be beneficial, Mike Liebner from Article Underground, literally has thousands posting to his blogs as authors it helps his blog show up on page one of search for many different keywords with their articles, if your blog gets popular well then, like Mike says "words equal money"

    If you are blogging private then just uncheck that box and get the security plugin.

    Still wondering how anyone else is doing allowing user author registrations, guess I can keep looking aroung.

    Jon

  22. Morphim
    Member
    Posted 3 years ago #

    I have (as 'maggiesboy' mentions) 'anyone can register' UNCHECKED and someone is still able to register (stev.e.nlee233 at gmail)
    This email has registered several times but with a role of 'none'

    How is this happening when all legitimate users have to be created by admin?

    I've checked and there are no other admin roles other than me.

Topic Closed

This topic has been closed to new replies.

About this Topic