Users must be registered and logged in to comment – but I still get spammed!

  • jxm28788

    (@jxm28788)


    10 years, 12 months ago

    I’m just getting ridicuous amounts of spam and it is really getting to be a massive pain. I tried adding captures but that just slowed it for a little while.

    So now I’ve set “Users must be registered and logged in to comment” and deleted all the fake accounts.

    But I’m *still* getting spammed, even without the fake user accounts. So I figured maybe they hacked the admin account (the *only* account left), so I changed the password.

    But I’m *still* getting spammed!

    So how are the spammers still posting when supposedly they “must” be registered and logged in to post, but there are no users for them to log in as…?

    Or does wordpress have a different definition of “must” that I’m not aware of?

Viewing 14 replies - 1 through 14 (of 14 total)
  • Krishna

    (@1nexus)

    10 years, 12 months ago

    Can you post your site URL?

    Thread Starter jxm28788

    (@jxm28788)

    10 years, 12 months ago

    I’d prefer not to.

    If you try to comment it asks you to log in.

    Thread Starter jxm28788

    (@jxm28788)

    10 years, 12 months ago

    soooo… is it the case that spammers can somehow just ignore the “Users must be registered and logged in to comment” setting and post anyway? Or is it that they shouldn’t be able to so there must be something wrong with my setup?

    Is anyone else getting this problem?

    Pioneer Web Design

    (@swansonphotos)

    10 years, 12 months ago

    Are you allowing folks to register for the site? If so they can then login and comment…look at:

    Admin Dashboard>Users

    and also at:

    Admin Dashboard>Settings>General>Membership>Anyone can register>New User Default Role

    Thread Starter jxm28788

    (@jxm28788)

    10 years, 12 months ago

    ok, but my point was that I deleted all the users, and I was still getting spammed even though there were no user accounts existing (therefore the spammers couldn’t be logging in to comment, as there was nothing to log in to).

    Pioneer Web Design

    (@swansonphotos)

    10 years, 12 months ago

    If you allowed users to have a role where they can post, your site may have been compromised and deleting such users may not not help (they could install a backdoor then)…

    Either share a site link to review or scan at Sucuri or other web security site.

    Thread Starter jxm28788

    (@jxm28788)

    10 years, 12 months ago

    Sucuri results:

    status: Verified Clean
    web trust: Not Blacklisted

    Blacklisted: No
    Outdated software: Yes
    Malware: No
    Malicious javascript: No
    Malicious iFrames: No
    Drive-By Downloads: No
    Anomaly detection: No
    IE-only attacks: No
    Suspicious redirections: No
    Spam: No

    What are you hoping to discover by me posting a link? Is it something I can look for?

    Pioneer Web Design

    (@swansonphotos)

    10 years, 12 months ago

    I would quickly check the site at Sucuri, use W3 Validators, Check at Metrics sites, maybe even take a peak at the source code, all of which might reveal issues other forum users have seen before…

    This also tells us what theme you are using, we can review the CSS, perhaps some plugins in use, etc…

    There are very good reasons why this is generally requested…as noted here:

    http://codex.wordpress.org/Forum_Welcome#Include_as_much_information_as_possible

    Krishna

    (@1nexus)

    10 years, 12 months ago

    @jxm28788,
    I think you had this problem for quite some time now, if this thread can be anything to go by.
    http://wordpress.org/support/topic/bulk-spam-delete-by-keyword?replies=9

    However, if you do not want to reveal your site URL, it’s quite okay. But the problem is that the volunteers trying to help you can only make wild guesses that need not be correct.

    @seacoast,
    It’s okay, if jxm28788 does not want to provide the info that you ask for, given the limitations that I wrote above.

    Pioneer Web Design

    (@swansonphotos)

    10 years, 12 months ago

    We try πŸ™

    Thread Starter jxm28788

    (@jxm28788)

    10 years, 12 months ago

    http://www.dymo-labelwriter.com

    Thread Starter jxm28788

    (@jxm28788)

    10 years, 11 months ago

    soooo… after all that no-one actually looked at the site?

    WPyogi

    (@wpyogi)

    10 years, 11 months ago

    Seems weird that comments are still being left – I could not comment. Are new users being added still?

    Thread Starter jxm28788

    (@jxm28788)

    10 years, 11 months ago

    Yes, actually the addition of users seems to have accelerated, though they all say 0 posts.

Viewing 14 replies - 1 through 14 (of 14 total)
  • The topic ‘Users must be registered and logged in to comment – but I still get spammed!’ is closed to new replies.