Support » Plugin: Wordfence Security - Firewall & Malware Scan » Does WF block spam bot registrations?

  • My WP site’s subscriber registration page gets attacked by spam bots that create fake subscribers. I can get as many as 20 an hour.

    Is WF supposed to block such spammers? If so, what setting do I need to make? I installed WF thinking it would block these bots, but apparently it doesn’t (at least not out of the box).

    Help appreciated.

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Support wfdave

    (@wfdave)

    Hi @toolsavvy,

    Are these spam bots all from the same IP address (or similar IP addresses)?

    If they are all from different locations, with no discernible differences between them (such as their hostname, user-agent, referrer, username registered, etc) -> then there is nothing you can do about this.

    Do you have a captcha setup on your registration page?

    Dave

    As far as IP addresses, this is what I don’t understand. Last night, I went to Tools >> Live Traffic and I saw that WF was blocking all these bots, most of them have IPs from Turkey.

    There I have the option to block them, so I blocked all of them. But this only blocks them for a time, so then I went to Firewall >> Blocking and blocked them all permanently. So now all these bots/ip addresses are blocked permanently and when I go to my live traffic, they all show as blocked and I have the option ti “unblock ip” on any one of them.

    Yet, I still get spam signups. Well, if WF is blocking them, then how are they signing up? It appears to me that bots are getting through that WF isn’t blocking or showing in Live Traffic or WF isn’t really blocking them. I’m baffled at this point.

    Here are 2 screen shots….

    Live Traffic today, thus far

    Firewall Blocking page

    The blocking page shows that 2 bots came back today and I am showing 3 new spam signups for today in WP users.

    Here’s a list of IPs from that site that are supposedly “blocked permanently” with live traffic showing no new bot traffic from other IPs, in case they are hard to see on the pics…

    211.216.58.204

    211.54.74.50

    185.220.101.49

    185.86.164.10

    185.86.164.100

    185.85.239.110

    185.86.164.98

    185.86.164.102

    185.86.164.99

    185.119.81.50

    185.86.164.107

    185.86.164.104

    185.86.164.101

    185.85.239.195

    185.86.164.109

    185.86.164.106

    185.119.81.11

    185.86.164.111

    185.86.164.103

    185.86.13.213

    185.85.238.244

    185.85.191.196

    185.85.190.132

    185.86.167.4

    185.86.164.110

    177.19.165.26

    149.28.45.185

    125.140.33.198

    111.85.15.103

    118.62.9.2

    104.207.145.5

    97.74.228.115

    94.230.208.147

    94.200.120.238

    60.6.223.191

    Can you please shed some light onto this?

    If live traffic is only showing IP/Bot traffic that I have permanently blocked at this point, then how am I still getting spam signups? I don’t know that the signups are coming from these specific bots I see in Live Traffic since WP does not seem to log IPs of subscriber signups (I looked in the database and did not see any IP addresses in the subscribers’ data).

    And as far as Captcha/Recaptcha, no I do not have it implemented on my signup page because I have not found a plugin that I feel is trustworthy, but I am looking into it, believe me. But captcha is a just bandage on a large wound and the mafias that send these bots out are collectively smarter than captcha…and google.

    Similar problem. Implemented the usual security steps last year and fake registrations stopped. Beginning two weeks ago I began getting fake registrations, maybe 20 per day, all from 31.13.191.51, a known spammer. Installed WF and nothing has changed. I see continuous traffic being blocked, but never this one. This is the free version of WF. Would I have any confidence the upgrade would make a difference?

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Does WF block spam bot registrations?’ is closed to new replies.