Are 'web robots' testing my wordpress security? (24 posts)

  1. Tignarius
    Posted 8 years ago #

    Everyday now I get between ten and fifteen new registrations (subscribers) on my wordpress site. All of them have dodgy names and equaly dodgy email addresses. I have no doubt in my mind that these registrations are testing the security of my site. This activity seems to have increased substancially in the last couple of months. Are other WordPress users experiancing similar registrations and are there any security issues I should be looking at to ensure no-one gets in! I have Akismet 2.1.5 loaded and activated. Is there anything else I should have done but not...?

  2. Chris_K
    Posted 8 years ago #

    First question that pops to mind: Do you have a compelling need to allow registrations? Why not just disable them?

  3. Tignarius
    Posted 8 years ago #

    I do have a compelling reason to allow regisrations from folk who are interested in the topics discussed on the blog.

    Today I have have had over twenty bogus registrations and the problem is getting worse...

    So I ask again;
    Are other WordPress users experiancing similar overert registrations? If so, what has changed in WordPress to attract these idiots/robots?

  4. Ivovic
    Posted 8 years ago #

    why does something need to have changed in wordpress? and what kind of twisted logic do you apply to suggest that anything is attracting them?

    I'd love to get a grip on that.

    Maybe it's what you're writing. Have you posted a picture of yourself on your about page? I bet that's attracting them.

    Automated hacking attempts have been around since the the internet went live. Google the term "script kiddie" for some insight.

    If you don't like the automated registrations, do something to make it harder for robots to register. Either a) disable registrations since they're pretty much pointless for the VAST majority of cases, or... b) install a user-registration plugin which employs 'captcha' or another method of human-verification.

  5. void
    Posted 8 years ago #

    Actually, they're trying to get access so that they can post ED pill and pron advertisements all over your site. Do you have the bad behavior plugin?

  6. Tignarius
    Posted 8 years ago #


    Why has something changed in WordPress.... Quite simply because until I upgraded from version 2 to version 2.5.1, I got maybe one suspicious registration a month, if that, and upon upgrading I am suddenly and instantly swamped with them. That is why I believe something has changed in WordPress. (I hope you can get get your head around that!)

    My blog is very boring, heraldry, no pictures of me or anything provocative to attract anyone other than those interested in the grentle science. Also the site has been around for six years and has been a WordPress blog for well over a year.

    I am fully aware of auto-hacking but I have never been subjected to it on this site (or any others come to that). Interestingly enough, I still have two WordPress 2 blogs and neither of them is being hit by phoney registrations.

    I will be installing a verification plugin but wanted to make the point that there appears to be something in the code of the newer version of WordPress which is attracting the undesirables like a magnet!

    Thanks 'void', I had worked out what their intention might be....

  7. Carlos SEO
    Posted 8 years ago #

    ReCAPTCHA fixes this problem.

  8. whooami
    Posted 8 years ago #

    its just spam bots, and any sort of extra field, aka a captcha will offset their registrations.

    fwiw, the popularity of your blog doesnt matter, to spammer or hackers.

    I know about a blog on a site that gets 60k unique visitors a day, thats running an extremely insecure version of wp -- not an issue, _yet_.

  9. Tignarius
    Posted 8 years ago #

    Thank you for your comments

  10. Ivovic
    Posted 8 years ago #

    well, its not *just* spam bots... saying that is misleading. It is also hackbots looking for privilege elevation.

    it is MOSTLY spambots...

    I think anyone who spends a minute thinking about this though, will realise why the latest version is more affected then some prehistoric one though.

    If you're making a bot, and the registration form changes a little, what do you do? stick to the old 2.0 version of your bot, or change your bot to increase your chances?

    how that constitutes an invitation by wordpress is beyond me. Get your head around that.

  11. whooami
    Posted 8 years ago #

    It is also hackbots looking for privilege elevation.

    bullshit, and i have months of logs to prove that, sorry.

    registrations spam is just that - registration spam, it started on forums, and its carried over to blogs.

    Compare your next 20-30-50 spam registrations to this chap's list:


  12. Ivovic
    Posted 8 years ago #

    you have months of logs to prove it for your own site(s) (maybe).

    don't throw that term around with me Whoo, I'm not one of these rag dolls. People aren't hacking their own sites, you know.

  13. whooami
    Posted 8 years ago #

    People aren't hacking their own sites, you know.

    And you think that you have to be registered to do .. what? Very few wordpress exploits require you to be registered member.

    And honestly, you think you can back up what youre saying, please do -- I would love to see something thats verifiable, that shows a fake registration followed by some sort of attempted exploit, from the same IP.

    Not gonna happen.

    Furthermore, no, I have logs to prove it for my site(s) and the 15-20 sites Ive helped get unhacked.

  14. Ivovic
    Posted 8 years ago #

    Oh for crying out loud, obviously it isn't a requirement to be registered to be hacking, but if you think they're not trying that *as well* you're miles off course.

    I also love that you said "Very few wordpress exploits require you to be registered member" That's a gem. So we should just ignore those few and tell everyone that its "just spam?"

    It's happened historically, and it'll probably happen again. The fact that there isn't a current exploit based on subscriber-level access doesn't mean they won't find one.

    And just because you threw the term 'bullshit' at me, I'm going to have a quiet giggle about your 20 websites being any kind of representation of the internet, that is, assuming you could even identify an attempt at privilege execution from a registered user via your extensive logs from websites you haven't controlled until after the mess occurs.

    Whoo, you were wrong... occasionally defending your wrongness until your ears bleed isn't the best course of action.

    All I said was that you shouldnt speak in absolutes, because its misleading.

    As for your request for proof, you could have included that instead of crying 'bullshit' earlier. Now I'm not really inclined to do your googling for you, especially since you KNOW there have been exploits in the past relating to registered users.

    And even if there NEVER WAS an exploit relating to registered users, you can bet you ass it's being tested every day, which makes your "its just spam..." comment that much worse.

    It's never *just* anything.

  15. whooami
    Posted 8 years ago #

    aww cmon ivovic ..

    I'm going to have a quiet giggle about your 20 websites being any kind of representation of the internet,</blockquote

    And yours is? what?

    but if you think they're not trying that *as well* you're miles off course.

    where? where your evidence?

    I will give you one concession, the "just" wasnt a good word to use, of that I agree.

    Like this better?

    99.9999999999999999999999999999999999999999999999999999% of those are spambots.

  16. Ivovic
    Posted 8 years ago #

    whoo, you're a bigger person than this.... I hope.

    I'm not going to argue with you... I'm not even going to bother guessing which of these links you'll deem reputable enough.


    And before you come at me again, think about the plugins and their stringent user-security checking.... or better yet, just pull your head in, you're starting to piss me off.

    you...were...wrong to say that it's just spam... it's never *ever* just spam.

  17. Ivovic
    Posted 8 years ago #

    "I will give you one concession"

    I don't need your concessions, I've just jammed your comments up your arse. I maintain that what you said was misleading.

    Instead of saying "yeah, you're right, its just MOSTLY spam" like even *I* said myself up there when I corrected you... you went on a bloody undeserved rampage because someone had the balls to suggest you were wrong.

    Get over yourself.

    Whatever percentage you think it is... its still significant, given the nature of the attempts.

  18. whooami
    Posted 8 years ago #

    Talk about going on a rampage -- I REPLIED because I disagree with you on a "whole".
    You wanna be semantically correct -- ok, the possibility exists that a registered user could attempt an exploit -- of course that exists.

    Do I personally find that to be a threat? No. Was it a mispeak to use the word "just"? Yes, but not because I dont find it threatening, but because someone else might.

    As for the rest of your remarks -- I'm thinking maybe you are the one who needs to get over themself. Here I thought I was cutting off an argument by saying you were right, and you act like a pr*ck after that.


  19. Ivovic
    Posted 8 years ago #

    please don't pretend you didn't edit your posts repeatedly.

    this "even after that" stuff is meaningless when you futz with the timeline, as is pretneding that you're offering concessions, when the truth is I had to pull it from you with pliers.

    You're only now agreeing that you could have expressed yourself differently, instead of doing so directly after I pointed it out. That's actually not particularly insightful or conciliatory of you.

    but it's GREAT, don't get me wrong, better late than never.

    I doubt anyone here is going to call me a meanie for drumming it into you, after all the fire you spew on everyone. Take your medicine, and perhaps next time you won't be so quick to insult people by labeling their well-reasoned attempts to provide full-disclosure as 'bullshit'.

  20. whooami
    Posted 8 years ago #

    I DID edit my posts repeatedly. I never said otherwise. I didnt edit any of them AFTER you had posted. Except to try and fix the damn blockquotes.

    And I said THREE posts back in the blockquote one the JUST was wrong. Follow? And if you didnt see it, its because I was editing and you were posting at the same time.

    you're offering concessions, when the truth is I had to pull it from you with pliers.

    Thats kind of funny. You think you know me well enough to say that? Hahaha. I assure you I can argue for much longer, wrong or right.

    And since you want to be so sematically correct:

    concession: the admitting of a point claimed in argument

    that was a concession - youre taking it the wrong way. I respect you, and while like I said, I dont tend to buy into the registration from bots leads to hacks thing, I respect your opinion enough to have said you were right. Take it or leave it, I dont care.

  21. Ivovic
    Posted 8 years ago #

    Like I said, the timeline is meaningless, so you really should allow for a couple of posts of lag, before you decide I'm sinking the boot in.

    edit: since we're editing, I'm well aware of the definion of the term concession, as well as the tone in which it was given. We've certainly both been around long enough to tell the difference between conciliatory concessions and otherwise.

    I appreciate your respect. The feeling is mutual, but really that enters into it long before points are scored in arguments. Respect is supposed to make you think about what was said before you start arguing against it.

    I'm sorry if you think I'm harping on about this, but I really would prefer this to be the last time we have an exchange like this. If you think I'm going overboard, it's because I never want to do this again.

    Anyway, this is all moot, I appreciate your willingness to allow for a point of view which you consider to be a statistical anomaly. I don't think it's the most likely outcome either, but worth mentioning nevertheless.

  22. elorgwhee
    Posted 8 years ago #

    Tignarius: It's not the wordpress upgrade. I've been getting those on my site (as well as friends) for over a year now. It looks like they just finally found your site.

    On another note, take a look through the code in your posts if you have time. I started to notice that around the same time I started getting new bogus registration requests, I was also being hit by sql injections that were putting code in my blog entries. I'm not sure if that was related or not, I just happened to notice it around the same time because one of the injections actually broke my site which made it obvious.

    I'd either disable registrations or setup some sort of captcha.

    Good luck!

  23. WarAxe
    Posted 8 years ago #

    Yes, I too have been experiencing the same thing. Recently... all of a sudden... I've been getting a surge in user registrations from shady folks. And if I search on the offending userid or email I get Google popping up MANY brand new registrations for the same "indivudal" over the course of two or three days (game forums, jazz portals, weight loss discussion boards, blogs, chatrooms, social networking, etc)... and all profiles are completely empty... all activity is zero.

    Every thread you join here seems to turn to poison. I have a picture for you, though.

  24. naijaecash
    Posted 7 years ago #

    Thanks for the info. I just experienced a similar thing. Funny characters turning up in my post. I guess I will simply turn of users registration.

    Please is there any way I can clean the blog of code injected without my knowledge? Thanks.

Topic Closed

This topic has been closed to new replies.

About this Topic