Registration Spam

  • jacquesnz

    (@jacquesnz)


    10 months ago

    Hi All,

    Just looking for some guidance and thoughts. A customer of ours has started getting bombarded with registration and password reset emails from 100’s of different WordPress websites. What appears to me to be common is that all the websites have a domain/my-account page that simply asks for an email address to register. Example: https://studiowisedesign.com/my-account or https://threewrensgin.com/my-account. This then generates an “Account has been generated” and a follow-up “Password Reset Request” email. Are they simply poorly designed websites allowing “automated” registration by a malicious third party and what can be done to stop it. There seems to be nothing I can do from the recipients end.

    Much appreciated.

    Jacques

    The page I need help with: [log in to see the link]

Viewing 6 replies - 1 through 6 (of 6 total)
  • threadi

    (@threadi)

    This is a WooCommerce form. There are also anti-spam plugins for this: https://www.ads-software.com/plugins/search/woocommerce+antispam/

    If you have further questions, I would recommend the WooCommerce support forum: https://www.ads-software.com/support/plugin/woocommerce/

    Thread Starter jacquesnz

    (@jacquesnz)

    The issue is I cannot make 100’s or even 1000’s of web developers put the proper measures in place to prevent malicious / fake registrations on their WordPress / WooCommerce forms.

    threadi

    (@threadi)

    Oh, I’ve only just realised the connection. Who is the “sender “From” of the emails? Is it the customer’s domain? Then he would have to take care of securing his own domain (SPF, DKIM, DMARC) so that nobody else can send e-mails in his name from any other server.

    If it is different, a concrete example (anonymised if you like) would be helpful.

    Thread Starter jacquesnz

    (@jacquesnz)

    The emails are legitimately coming from the various websites, so the sender is indeed valid. It is the fact that some form of bot / coding is just maliciously registering email addresses in the my-account forms which then generates the emails to email address used. The recipient has not gone and registered to 100’s of websites in one minute. The flaw appears to me that all these WordPress/WooCommerce pages simply allow entering an email address and that’s it…you registered.

    threadi

    (@threadi)

    If random, non-existent email addresses are used for registration, why does your customer know about them? Did he set a catchall on his domain so that he gets everything that comes in? Unusual and as you can see quite dangerous, but I also know that it is a relevant facility for some projects ?? However, if it is really not needed, I would recommend turning something like this off.

    I don’t see any other options for you at the moment. WordPress can’t regulate anything for you in this regard so that you can somehow control it in the future. Unfortunately, there are actually many websites that are quite relaxed about such forms. One can only appeal to reason here.

    Thread Starter jacquesnz

    (@jacquesnz)

    Thank you for the responses. Appreciated.

    It is not a random or non existent email address. It is a valid email address being used to register on 1000’s of different websites which results in the recipient getting 1000’s of emails sent because of these registrations being done by some form of bot.

    Below is just three examples of websites. They all have a /my-account registration form that simply anyone can just enter an email address into and they email address will be registered and receive emails from the website.

    https://alizoni.com/my-account/

    https://eastcoastresin.com/my-account/

    https://www.blestbras.com.au/my-account/

Viewing 6 replies - 1 through 6 (of 6 total)
  • The topic ‘Registration Spam’ is closed to new replies.