WordPress.org

Ready to get started?Download WordPress

Forums

[resolved] [closed] Sudden flood of fake registrations. Anyone else? (35 posts)

  1. Mugsy
    Member
    Posted 10 months ago #

    Just wondering if anyone else has suddenly been receiving a flood of fake user registrations over the past few months... ALL from "@hotmail.com" or "@outlook.com"?

    While I have Captcha's (both visual and math) on my Registration page, I still get about two a day, always in the same format of "FirstnameLastname" with no space and an email address that looks totally randomly generated.

    Along with the Captcha's, I require new Registrations to verify their address by email, yet nothing seems to stop these fake registrations with no apparent way to block them. It would seem Microsoft changed something recently in the way Hotmail/Outlook handles Spambots and has a serious problem on it's hands.

    Anyone else experiencing this recently or does my blog just need tweaking?

  2. SickSquirrel
    Member
    Posted 10 months ago #

    Heh, I came to make the same post. On one site that isn't complete yet, I had 37 sign ups yesterday. All but one from hotmail. On three other sites that are done, I had a dozen in the same vein.

    The incomplete site has no spam-stop plugins installed yet as I didn't know which to use. The others have Captcha-style plugins or other plugins.

    They can't post until approved so it isn't a posting problem. I label as Spam Bot with no permissions. This way they can't register again. Someone explained to me about 12 years ago, when I began using WP that it puts less strain on my server to do it this way rather than a ban via .htaccess.

  3. SickSquirrel
    Member
    Posted 10 months ago #

    12 more from hotmail since I posted

  4. Mugsy
    Member
    Posted 10 months ago #

    Hey Sick,

    It appears my one or two fake registrations per day... while annoying... seems to suggest I have the problem slightly more under control. Here is what I'm doing:

    I have two separate Captcha plug-ins: the ubiquitous "WP-reCAPTCHA" and a separate basic math plug-in simply called "Captcha" from BestWebSoft (free). But the trick is NOT to use "digits" with the math captcha. Check the box to only use "words" (eg: "six + ___ = eight"). Most bots defeat numeric captcha's easily.

    I have the tougher (and more annoying) "reCaptcha" set to only display on the Registration page, while the easier math "Captcha" only appears for unregistered visitors posting comments.

    This results in almost no spam posts (very rare) and, as I noted, about two fake registrations per day.

    I also use a plug-in called "IP Blacklist Cloud" that proactively blocks known Spammers from accessing the site in the first place.

    Clearly my solution isn't perfect, but sounds like it would be a great improvement over what you're enduring now.

  5. SickSquirrel
    Member
    Posted 10 months ago #

    Mine can't post as I don't approve them. But I use a capthcha on posts only. Your math capthcha sounds wondearful. If I get it, which file do I edit on registration so they can't even register?

    I have an IP ban script but I only use it for those who post via reply,which I delete without approval . First I ban email until they try to post with a new one, I ban via C class. I try to not set B a it can keep out a lot of legit folks. I compare IPs manually but soon will have a script to do it.

    Since 5:00 pm I've had just two registrants so it must be late in whatever country they spam from. But their script finding open ports on connections is surely running.

  6. Mugsy
    Member
    Posted 10 months ago #

    I'm not sure I understand "can't post" but "use captcha's on posts".

    But no matter, the math "Captcha" plugin is downloadable from the WordPress Plugins page and easily configurable from the settings.

  7. SickSquirrel
    Member
    Posted 10 months ago #

    They can't post as I have to approve a registration before they can post Once approved, captcha is set for their first two posts. This way if someone slips by me, they can't spam I check their posts very carefully. If in doubt, I email and ask them to respond by typing out a sentence. So far not a single response has come back. I also set up a forum for spam bots. Hidden from viewing, they can spam all they want. ;)

    IF a legit user is relegated to posting there, they can email me.

  8. SickSquirrel
    Member
    Posted 10 months ago #

    Users
    All (64) | Administrator (1) | Subscriber (63)

    All hotmail but one .pl and one cheapEDITEDhostings.com (edited as they don't need publicity). On another blog they are almost xlxe.pl.

    I have a couple they haven't found though I've had 7k hits this month on one with NO ads or links out there yet. I swear there is a spammers forum out there where they trade blog names. They run scripts to grab name of new registered domains to attack.

  9. Mugsy
    Member
    Posted 10 months ago #

    There are plenty of plugins that allow you to block registrations from particular domains. I personally ban any email address ending in ".pl", ".ru", ".ck" (and a few more I forget.) And I have about four or five active plugins just for blocking Spam/Spammers.

    I think it is safe to assume no "legitimate" users from those countries are trying to comment on my blog.

    But my User numbers are also likely slightly inflated due to the flood of fake Registrations these past few months. I go through and delete the obvious ones (eg: "Chanel Bags"), but it's like sweeping back the tide. Very annoying.

  10. SickSquirrel
    Member
    Posted 10 months ago #

    Only 2 are not Hotmail. I banned them but I can't ban a major host like Hotmail.

    I'm looking for a script tells me a user's IP. I had such a script but ...

  11. leejosepho
    Member
    Posted 10 months ago #

    This might help a bit until you get a script:
    http://wordpress.org/plugins/search.php?q=ThreeWP+Activity+Monitor

  12. SickSquirrel
    Member
    Posted 10 months ago #

    Thanks. That logs the IP so it's exactly what I need.plus it does more. I have a script that limits login attempted snd I can ban their IP.

  13. Mugsy
    Member
    Posted 10 months ago #

    Squirrel, try the "IP Blacklist" plugin. That's what I use.

  14. SickSquirrelTwo
    Member
    Posted 10 months ago #

    Where do you get their IP?

  15. Mugsy
    Member
    Posted 10 months ago #

    If you use the "IP Blacklist" plugin, it automatically records the IP address of the user and adds it to a group list on their server. It also checks the IP Address of registrants against their list and bans those who match.

  16. SickSquirrelTwo
    Member
    Posted 10 months ago #

    Hm, can I ban or is it just their list they compare to?

  17. Mugsy
    Member
    Posted 10 months ago #

    While you can't physically type in an address by hand, it does list the IP Address of those it blocked from registering, which you can check and Submit.

    Since few users actually have "static" IP addresses, I only check-off those who were redirected back to the "wp-admin" page they tried to access and ignore the rest.

    It's not a complicated program. Try it.

  18. leejosepho
    Member
    Posted 10 months ago #

    If you want to see every hit, what kind of hit was tried and to block right then or after checking back later, take a look at "Live Traffic" here:
    http://wordpress.org/plugins/search.php?q=wordfence+security

  19. SickSquirrel
    Member
    Posted 9 months ago #

    Still getting signups from the same addresses. I ban them in ThreeWP but they have also moved to other sites. I'm now banning in each site which is a pain

  20. Mark Flint
    Member
    Posted 9 months ago #

    Our website has received 14 new user registrations in the last 11 days. 8 x outlook.com, 1 x .pl, 3 x hotmail.com, 1 x aol.com, 1 x lapost.net.
    Not a lot, but we've been live since June and only had one other registration (1 x .pl) previously, in early August.

    None of these users has attempted to make any comments or feedback on the blog.

    Our website is registered with WordPress Connect, i.e. has a WPCC Client ID etc. I'm wondering if this is linked to the new WordPress Connect functionality? Can anyone else see any connection between when the user registrations started and WordPress versions, or indeed turning on the WordPress Connect function? We're on 3.6.1 with latest updates on all plugins.

  21. Mugsy
    Member
    Posted 9 months ago #

    Mark, interesting thought on "WP Connect", but I'm not registered, so that's probably not it.

    If I had to guess, someone found... and is exploiting... a loophole in the new "Outlook Live" system (affecting both Outlook.com & Hotmail.com).

    I've recently had great success adding the math captcha plugin (mentioned above) to my registration page along with the classic "WP-reCaptcha" plugin. Using both together has reduced my fake registrations to ZERO.

  22. Sandeep Hegde
    Member
    Posted 9 months ago #

    Try using Better WP Security plugin.

  23. SickSquirrel
    Member
    Posted 9 months ago #

    I don't think a plugin can stop fake registrations. My plugins ban an IP if 3 registrations occur. Another bans via eMail address. But stopping spammers from registering is tough. Experience is best at knowing who not to approve.

  24. Mugsy
    Member
    Posted 9 months ago #

    Most fake registrations come from bots, which can be thwarted by a good Captcha.

  25. esmi
    Forum Moderator
    Posted 9 months ago #

    Oh - you must be joking!
    http://caca.zoy.org/wiki/PWNtcha

  26. Mugsy
    Member
    Posted 9 months ago #

    Esmi, I've cut my fake registrations to ZERO using good a Math captcha (properly tweaked.)

  27. esmi
    Forum Moderator
    Posted 9 months ago #

    That's not a captcha. The correct term for that is a "challenge".

  28. su27
    Member
    Posted 9 months ago #

    Anyone have any experience with WanGuard plugin against those registrations?

  29. onepack
    Member
    Posted 8 months ago #

    It's getting worse and worse even with capcha on the registration form. Any idea how they get past the captcha?

  30. WPyogi
    Volunteer Moderator
    Posted 8 months ago #

Topic Closed

This topic has been closed to new replies.

About this Topic