Support » Fixing WordPress » Someone registered as a user on my wordpress blog – possible hacker?

  • I received this email this morning:

    New user registration on your blog :
    Username: MisterX45881
    E-mail: JohnDillinger1903 AT gmx DOT com

    I have found another blog through google who posted about the same thing happening to her last night. Is this something to be worried about? Why would someone register as a user on a blog? Can they access anything?

    Mnay thanks

    Jen

    [moderator] Email address changed inline with the forum rules.

Viewing 15 replies - 1 through 15 (of 21 total)
  • I got them registered at my blog too. Any update on this?

    I have been advised by a friend to go to general settings on my wordpress dashboard. I had ‘anyone can register’ ticked so have unchecked that now. Other than that I have changed my own password. I have no idea why this has been done. It doesn’t look like a user can change anything, but I could be wrong.

    Hi guys,
    It happened with my blog too, but the username and email adrresses were more random, so i disable user registration as jensmith2 said.

    Happened to me too, same email/username:

    [moderated text]

    Glad I found this forum, thanks to all of you for discussing it! I posted this page to my Twitter account. No damage was done to my blog either. I deleted the user and disabled ‘anyone can register’.

    I got it as well. Other blogs have been hit, too. What is this fellow up to? Anybody?

    sparro

    (@jeanfayette)

    They’re using a bot to directly access your signup page – even if it’s not linked from your site, they search for the standard location of that script. The comment spam bots do the same thing.

    Their looking for, I imagine, a blog that has a setting so that new registrations are instantly editors / admins. Then they’ll spam like crazy.

    Just remove the option that readers can subscribe.

    I had the same thing happen.

    [moderated text]

    Thanks for posting about this! I wondered why anyone was bothering to register on my blog ;p

    Talk about a let-down… (:

    have you all deleted that user?
    also, you should log in to host’s phpmyadmin and “browse” the wp-users table looking to see if an admin user has been added
    if so, you could be hacked – if not, you’re likely ok

    in any case
    http://codex.wordpress.org/Hardening_WordPress

    Thanks Samboll, I had a the new user register email come through for the first time for me this morning for:

    Username: jos
    E-mail: john AT chetkoe DOT tv

    Thankfully I had anyone can subscribe default as subscriber not admin so i have deleted them and unticked the anyone can subscribe option in general settings. I need to log into my php admin to check the user table now also.

    I got the same guy as totalgaz. I deleted the account and unchecked Anyone Can Subscribe. I’m checking myPhpAdmin now. Thanks everyone!

    Just got a New User Registration on our blog too!

    Username: jos
    E-mail: john AT chetkoe DOT tv

    Will research how to set settings to help avoid this junk…thanks all!!

    cmMike123

    Same on my WordPress, just googled this guy and found this thread.
    jos john AT chetkoe DOT tv

    Thanks for tips on stopping further hackers etc…

    If you absolutely must post email address please write them out like so.

    example AT example DOT com

    This ensures emails are posted inline with the forum rules.
    http://wordpress.org/support/topic/374352?replies=1

    Akismet is good for spotting known spam email addresses, if you’re interested in reducing spam accounts and keeping them at bay, but require registration on your site, please do take a closer look at Akistmet. It comes with WordPress as standard, all you need do is obtain an API key to use the plugin, if you have a wordpress.com blog already, you only need obtain the API key from your account or alternatively you can register for a key on the Akismet site.

    http://en.wordpress.com/api-keys/ – General info on api keys
    http://akismet.com/personal/ – Registration for api key

    I use Saber and Lockdown on my site. They can register, but not do anything untill I comfirm them, it works great, I have not been hacked since I installed those two mods, I would like to see it coded into the WP Core, so everyone using WP would be automatically protected from these people.

Viewing 15 replies - 1 through 15 (of 21 total)
  • The topic ‘Someone registered as a user on my wordpress blog – possible hacker?’ is closed to new replies.