Support » Fixing WordPress » Am I being used for spam?

  • My settings are that comments are allowed, but that a user must be registered AND comments are held for approval. No comments are submitted or waiting for approval.

    New users are registering all the time, but it seems obvious the names and email addresses are fake.

    So if they are not trying to spam via comments, is it possible for a spammer to use the blog for spam in some other way?

Viewing 9 replies - 1 through 9 (of 9 total)
  • Sometimes the Spammers register with a benign comment then carpet bomb your site with Spam – I have seen it done on other sites several times – they could also be seeing if they would get enough privileges to upload dangerous files to your site – A few times for jokes I have taken the info from Spammers caught in the filters and do a Google search on them – and they put the exact same comments all over the web they tried on my site. Some of it is also an attempt to trick the search engines.

    This forum is also a target but there are so many people watching that they get spotted and deleted quickly –

    New users are registering all the time, but it seems obvious the names and email addresses are fake.

    They probably are fake. If you determine a user is fake you want to delete those users profiles. Taking it a step further, you can also investigate their ip’s to see if their ip is linked to spamming, email harvesting, dictionary attacks etc by doing Google searches.

    At a minimum defense, you should be using some plugins like Bad Behavior, Akismet, WP Spam free etc., even then it’s not a perfect solution to keep them all out. There’s also Ask Apache Password protect (you may need to check with your host to see if it’s compatible with their server configuration).

    Simply requiring individuals to register in order to comment will not keep the spammers and hackers out! By requiring registration, you’ll probably discourage far more legit people and comments, than you will the spammers and potential hackers. Registration requirement is not meant to really protect your site much from potential threats.

    Thanks for the replies. In addition to requiring registration to comment, comments are moderated and must be approved before posting. So I guess I’m not seeing what they are after.

    Perhaps they are registering in hopes of making a spam comment, but after seeing the comment is subject to approval, they go away.

    Nonetheless, with user info from the one who registered just minutes ago:

    Username: totaldrugs
    E-mail: [moderated]

    there is no question in my mind that is a spammer.

    [moderator] Please don’t post email addresses on the forum or alternatively just swap the @ for AT and .(periods) for DOT.

    Hi Canned_Heat,
    Generally the email addresses you see with the .ru are going to be spammers. They are not always looking to leave spam. Sometimes they’re looking for a potential door into your website to break your database, leave urls that go to their sites hidden in your template files or other files, use scripts to gain access etc. Who knows what all they are up to!

    You want to set up a line of defense to not only reduce the amount of time you’ll have to put into fighting them off manually, but especially to help protect your site from getting hacked. Not all of the people who register as a user are looking to leave spam. Some are looking for the opportunity to do far worse.

    my settings work well:

    1. i use the akismet plugin. it catches dozens of spam comments every day.

    2. i don’t require registration to comment and i don’t moderate comments, but i do get an email of every comment so if anything sneaks through akismet [about 1 every few months], i can narc it.

    3. i recently enable the meta widget for people to register as subscribers. in the last week i got 10 registering. 8 are obvious fake emails. so that experiment proved useful: i’m killing it. 🙂

    Check out this plugin: SABRE.

    I installed it and it cut the bot registrations (thats what I call them anyway) from 2-3 per day to less than 1 per month if that.

    Are you being used for spam? HE,HE 🙂 we are all being used spam
    Sad to say. here is a 3 month stat – Akismet has protected your site from 13,971 spam comments already, and there’s 1 comment in your spam queue right now. 🙂 Welcome to blogging

    I use Disqus where you leave a comment validated by logging in to twitter, facebook etc:, no spam at all!

    The only comments I now get are from people with a relevent comment or question, not many because of the validation, but then I do not want a rolex or medication.

    There is a WordPress Plugin if you are not interested in comments that are not relevent to your blog, checkout my post comments section.

    HTH

    David

    Does it seem to be cutting down on bots crawling also?

Viewing 9 replies - 1 through 9 (of 9 total)
  • The topic ‘Am I being used for spam?’ is closed to new replies.