Bug? hundreds of spam users registering

Look in Super Admin -> Options. Disable the “allow users to add other users” box.

Also? Delete the spam sites and users.

And, since you’re only creating sites from the backend, rename wp-signup.php to a .txt file.

that’ll stop ’em.

Thank you for this hint. I’ll see if it helps.

There have been no spam sites whatsoever (since I disabled registrations). Only spam users. So, maybe your suggestion really is the solution. But that would also mean that the spammers have the password of one of my admin users. I guess I have to change all passwords.

But that would also mean that the spammers have the password of one of my admin users.

Not necessarily.

you running buddypress or bbpress?

Also, “allow users to add other users” only needs one spammer to get in. they are automated, it’s not a hack nor a bug. One gets in they bring all their buddies.

If I could report all the scammy sites that sell the software for people to do this, I sure would.

I am running bbpress, yes, and using for as a means to support my users. I tried buddypress, but since it wasn’t really used on my network, I disabled it after a while.

uh-oh. Another one just registered. His emailaddress is [email protected]. Fu..ing assholes. This means “allow users to add other users” didn’t do the job alone. I will rename wp-signup.php now.

BTW, I hope you are referring to the super admin option “Allow site administrators to add new users to their site via the “Users->Add New” page.” — because I can’t find any option called “allow users to add other users”.

I am running bbpress, yes, and using for as a means to support my users.

Then go disable registration on bbpress, cuz that’s how they’re getting in.

Akismet does not check new user registrations.

Then go disable registration on bbpress, cuz that’s how they’re getting in.

I tried, but I could not find that option. Where exactly is it?

It’s a while since I logged into the bbPress installation. I just noticed that there are about 30 pages of spam users, too. Separate from the wp users.

And the wp install has 16 new spam users again. Renaming wp-signup.ph and disabling “Allow site administrators to add new users to their site via the “Users->Add New” page” didn’t do the trick.

Anything else I can do? Are you guys sure this is not a bug in wp but user error (my configuration error)?

Sigh.

I just noticed that there are about 30 pages of spam users, too. Separate from the wp users.

That was wrong. It was the same number of users. But I realized there were still half a dozen spam accounts among them, and deleted them. Hopefully, I got them all now.

But I still need info about how to make bbpress safer.

You’ll have to ask on the bbpress forums.

This is really getting out of hands. Since my last post here, I again got 54 new spam user registrations. This is ridiculous. Is there anything else I can do to avoid that?

• I set “Registration is disabled” on the “Super Admin” / “Options” tab
• I disabled “Allow site administrators to add new users to their site via the Users->Add New page” on the same screen
• I renamed wp-register.php to something completely different, not even ending in .php
• I deleted all spam users I could locate. I now have only 22 users and I know each and every one of them

Is there anything else I can do? Any kind of diagnostics? Other suggestions?

ok. I am stupid. I just realized that the bbPress install I run in parallel and integrated still allows registrations. I therefore downloaded and installed two anti-spam plugins for bbPress and hope the issue is solved. Thanks for your support.

I just realized that the bbPress install I run in parallel and integrated still allows registrations.

Which is what I noted above. ?? Login to the bbpress admin area and turn off registrations for it.

Yes, I know, but there is no option in bbpress to turn off user registrations. Or, at least, I couldn’t find it. This is why, instead, I installed and activated two bbpress plugins that try to control spam registrations.