Turn off registration on your site, right away.
Then I would suggest that you grab a plugin like http://wordpress.org/extend/plugins/recently-registered/ so you can sort by registration date. Then anyone who came after the 20th, just delete. YES you may catch innocents, but 2000 users? UGH!
After that, I would suggest things like bad behavior and cookies for comments to stop the spam registrations.
Thanks! I turned off registering required for commenting but failed to turn off “anyone can register”. Is that what you meant? I turned it off now and am installing that plug in. *whew* That will cut down my deleting time A LOT! Thanks much. Any clue what security issue might be causing this? I deactivated any plug in I was not not actively using as well and updated all other active plug ins, yet it still continues.
Okay – I did install the plug in and turned off registration but the posts keep coming in (18 since I did this) and the user registration is still happening. Is there somewhere else I should turn it off at?
Okay, so I installed Sabre so that the registration process is anti-bot and it seems to have staved the onslaught a bit. I also installed Register IP – MultiSite although I now realize that Sabre will also log the IPs in a different place. I am just throwing this out for anyone else who ends up having this issue. It isn’t a “real fix”, but so far it appears to be a good bandaide.
I only use my IP tracking for trolls (repeat morons vs spammers).
I use this one: http://wordpress.org/extend/plugins/stop-spammer-registrations-plugin/ to stop spammers from signing up and it seems to work well (I don’t think captchas work very well…)
If users are still registering after you’ve turned off registration and wiped out the new users, then …. that’s weird. It’s not supposed to do that, that’s for sure!
Who knew? I have a controversial cat!!!
I get a few trolls, and the regular IP look up I have been using from my desktop works okay, but isn’t infallible. I will check out the one you suggested.
So… I have deleted most of the new user names, but the “pending posts” are still happening, if but fewer and farther in between. So far I have made it back to the 15th and will keep going until I don’t see primarily names or domains that scream out SPAMMER.
Thanks for your help. It’s pretty scary in a way. Oh, I also change my passwords every few days, so that’s not how they got in.
So… I have deleted most of the new user names, but the “pending posts” are still happening,
Those posts SHOULD have their author listed, so you can see who did it and kill ’em. Then delete their accounts.
If it’s the same morons every time, there’s this: http://wordpress.org/extend/plugins/ban-hammer/
It lets you put people on the comment blacklist and also ban them from registering. Though as you’ve turned off registration, that shouldn’t be needed anymore. (I’d feel bad for touting my plugins, but this is pretty much why I wrote ’em in the first place!)
Reg is turned off. BB was great help as far as insight, but hasn’t really accomplished much. The posts continue and I suspect new users are still registering, but changing the reg date somehow. I have a friend who does security who will be able to confirm this or not. what I would love to see is a plug in that lets you delete everybody through a certain time frame. That would have stopped this straight away. As it is, I spent all of yesterday and likely most of today just deleting posts and users. I have done about 1700 now, as far back as the 9th. A lot of the IP addresses appear to be varied with a few posts coming from the same IP, but user names are different usually (of course). Saber says it has blocked 155 attempts overnight, but sadly I awoke to another 10 posts. At this point, should I be worried that my core on the server is compromised? Thanks so much for all your help!
PS – I think the issue I am having with BB is really one of my own learning curve, not the app itself. BTW Using Ban Hammer and it ROCKS! There are probably 500 or so different domains that are obviously spammy, but some are duplicates.
So I still have reg off, I installed & used BH. I have BB on with the stats plug in. I installed Saber and Stop Spammer Registration. Finally got through what I think are all the bad registrations. In the meantime, another 12 posts showed up in Pending. We will see if this fixes it. If not, then I can only assume there is a deeper flaw.
Is there a way I can double check no links were put into my posts that were already existing?
