Security Concerns

  • Resolved trumpy81

    (@trumpy81)


    14 years, 2 months ago

    GDay All,

    I have an inordinate number of what appear to be fake registrations on my blog site. The question is, should i be concerned about this or not?

    I’ve not seen any questionable activity in my logs but they may not mean anything. Is it possible that these registrations are being used for spamming purposes or other such activity? If so, how can I find out/stop it?

    Any help would be appreciated.

Viewing 11 replies - 1 through 11 (of 11 total)
  • Moderator Ipstenu (Mika Epstein)

    (@ipstenu)

    ?????? Advisor and Activist

    Eh. It’s spammers, mostly. I would consider closing registration if you don’t have to have it (allow anonymous coments instead), or, if you do need it, consider some plugins like Bad Behavior, or other tools that prevent spammers from being able to sign up at all.

    Thread Starter trumpy81

    (@trumpy81)

    GDay All,

    ipstenu, thanks for the reply. I haven’t had any real problems with spam being left on my site, I was thinking that maybe these registrations are spambots trying to crack the security or otherwise exploit the site.

    I’ve taken your advise re: Bad Behaviour and I have it installed right now. I guess time will tell if its beneficial or not.

    Again, thanks for the reply and the advice ??

    Moderator James Huff

    (@macmanx)

    I was thinking that maybe these registrations are spambots trying to crack the security or otherwise exploit the site.

    They’re just basic spam bots hoping that registering for your blog will allow them to either post spam comments or publish spam posts.

    If Bad Behavior isn’t enough, try adding a CAPTCHA:

    https://www.ads-software.com/extend/plugins/si-captcha-for-wordpress/

    Thread Starter trumpy81

    (@trumpy81)

    GDay All,

    James, thanks for the reply. I will take your advice and add SI-Captcha in any case. As they say, two heads are better than one …. lol

    Moderator Ipstenu (Mika Epstein)

    (@ipstenu)

    ?????? Advisor and Activist

    As a minor clarification. Spambots just want to spam. They generally do not have anything to do with checking into your site for security holes. There are bots that check for security loopholes, but they aren’t spam bots ?? it’s a technicality on the name, but it matters.

    Thread Starter trumpy81

    (@trumpy81)

    GDay All,

    ipstenu, you are quite correct. I have a tendency to group the two together as most spammers are looking to exploit security loopholes.

    Also, Bad Behaviour seems to be working well, thanks for the heads-up on that one ??

    Ask Apache Password Protect not only puts some files and folders (wp-admin, wp-content, wp-login, etc.) behind an htaccess password, but also has some anti-bot features. I have Bad Behavior AND Ask Apache installed and I still get Akismet catching spam, spam referrers, etc. so as yet another feature I ban IPs and referrers using htaccess. No matter what precautions you take, there’s always a way around them.

    Moderator James Huff

    (@macmanx)

    You’re welcome!

    I have closed registration options as this was not necessary, and this has solved the problem, and deleted over 290 spam registrations, however in network admin it is still showing 296 “users” (6 users are my legit sites) – any advice on where to remove these?

    Moderator Ipstenu (Mika Epstein)

    (@ipstenu)

    ?????? Advisor and Activist

    You can just delete them like you would any user. The Users list has check boxes. Just check ’em and delete ’em

    Argh! looking everywhere except under my nose, thanks!

Viewing 11 replies - 1 through 11 (of 11 total)
  • The topic ‘Security Concerns’ is closed to new replies.

Tags