Support » Everything else WordPress » Anybody else see wp-register.php abuse?

  • Resolved hetta

    (@hetta)


    I’ve disabled wp-register.php for now, as I’ve been getting fly-by-night registerings — as in, they POST straight to wp-register without bothering to visit the site first.

    I see two possibilities: 1) a security hole, and 2) blog comment spammers, trying to circumvent the “only registered users can post comments” thing.

    If it’s any help, they all come with the same user-agent: “Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0)”.

    Any ideas?

Viewing 7 replies - 1 through 7 (of 7 total)
  • maerk

    (@maerk)

    Do they come from the same IP? If so you can just block it with .htaccess.

    hetta

    (@hetta)

    One IP per fly-by POST to wp-register.

    whooami

    (@whooami)

    Member

    yes and I manage to circumvent a good deal of it by doing this:

    RewriteCond %{HTTP_REFERER} !^http://([^.]+.)?mydomain.com/.*$ [NC]
    RewriteCond %{REQUEST_URI} ".*wp-register.php$"
    RewriteRule .* - [F]

    it doesnt take care of them all; I see maybe one registration every 2 weeks. Easily something I can manage.

    But then I also use mod_security, so if I see patterns i can take care of those 2 with that.

    Theres absolutely NO reason why anyone needs to hit that page without having the referer be your domain. And i couldnt give a crap less about ppl that refuse to send referers when they surf, far as Im concerned thats all the more reason to keep folks off my site, completely.

    hetta

    (@hetta)

    Thanks, whooami.

    whooami

    (@whooami)

    Member

    youre very welcome .. 🙂

    RewriteCond %{HTTP_REFERER} !^http://([^.]+.)?mydomain.com/.*$ [NC]
    RewriteCond %{REQUEST_URI} “.*wp-register.php$”
    RewriteRule .* – [F]

    Sorry for the newbie question, but where do I add that? I need it, too.

    in your .htaccess file

Viewing 7 replies - 1 through 7 (of 7 total)
  • The topic ‘Anybody else see wp-register.php abuse?’ is closed to new replies.