I received this email this morning:
New user registration on your blog :
E-mail: JohnDillinger1903 AT gmx DOT com
I have found another blog through google who posted about the same thing happening to her last night. Is this something to be worried about? Why would someone register as a user on a blog? Can they access anything?
[moderator] Email address changed inline with the forum rules.
I got them registered at my blog too. Any update on this?
I have been advised by a friend to go to general settings on my wordpress dashboard. I had ‘anyone can register’ ticked so have unchecked that now. Other than that I have changed my own password. I have no idea why this has been done. It doesn’t look like a user can change anything, but I could be wrong.
It happened with my blog too, but the username and email adrresses were more random, so i disable user registration as jensmith2 said.
Happened to me too, same email/username:
Glad I found this forum, thanks to all of you for discussing it! I posted this page to my Twitter account. No damage was done to my blog either. I deleted the user and disabled ‘anyone can register’.
I got it as well. Other blogs have been hit, too. What is this fellow up to? Anybody?
They’re using a bot to directly access your signup page – even if it’s not linked from your site, they search for the standard location of that script. The comment spam bots do the same thing.
Their looking for, I imagine, a blog that has a setting so that new registrations are instantly editors / admins. Then they’ll spam like crazy.
Just remove the option that readers can subscribe.
Thanks for posting about this! I wondered why anyone was bothering to register on my blog ;p
Talk about a let-down… (:
have you all deleted that user?
also, you should log in to host’s phpmyadmin and “browse” the
wp-userstable looking to see if an admin user has been added
if so, you could be hacked – if not, you’re likely ok
in any case
Thanks Samboll, I had a the new user register email come through for the first time for me this morning for:
E-mail: john AT chetkoe DOT tv
Thankfully I had anyone can subscribe default as subscriber not admin so i have deleted them and unticked the anyone can subscribe option in general settings. I need to log into my php admin to check the user table now also.
I got the same guy as totalgaz. I deleted the account and unchecked Anyone Can Subscribe. I’m checking myPhpAdmin now. Thanks everyone!
Just got a New User Registration on our blog too!
E-mail: john AT chetkoe DOT tv
Will research how to set settings to help avoid this junk…thanks all!!
Same on my WordPress, just googled this guy and found this thread.
jos john AT chetkoe DOT tv
Thanks for tips on stopping further hackers etc…
If you absolutely must post email address please write them out like so.
example AT example DOT com
This ensures emails are posted inline with the forum rules.
Akismet is good for spotting known spam email addresses, if you’re interested in reducing spam accounts and keeping them at bay, but require registration on your site, please do take a closer look at Akistmet. It comes with WordPress as standard, all you need do is obtain an API key to use the plugin, if you have a wordpress.com blog already, you only need obtain the API key from your account or alternatively you can register for a key on the Akismet site.
I use Saber and Lockdown on my site. They can register, but not do anything untill I comfirm them, it works great, I have not been hacked since I installed those two mods, I would like to see it coded into the WP Core, so everyone using WP would be automatically protected from these people.
- The topic ‘Someone registered as a user on my wordpress blog – possible hacker?’ is closed to new replies.