What Is The Purpose of Fake User Registration?

  • I’m a bit confused. I have my comments systems locked down and on a few sites require users to log in to comment and on mobodojo I allow unregistered readers to comment, though I don’t allow any links and I pay close attention to possible spam. I’m happy with the control I have.

    What I don’t understand is why I’m starting to get fake user registrations. They’re obvious, too, as many of them are in jibberish. What purpose does this serve? Am I experiencing an exploit in progress? Its not like they can post or get easier access to comments. I don’t even allow registered users any additional freedoms.

    Thanks!

Viewing 5 replies - 1 through 5 (of 5 total)

  • Am I experiencing an exploit in progress?

    No.

    Have you ever been a moderator of a well traffic’d forum? If you have, you would know that forums see a whole lot of similar registrations.

    Thats the starting point for all of this: forums

    Its migrated to blogs. Its seen in WP — Its being seen in b2evolution, also.

    Thread Starter pdahandyman

    (@pdahandyman)

    In the 10 years I have maintained a presence online I’ve tried in vain to get a forum system online which I’ve liked, was stable, integrated well with any kind of CMS (MT, PostNuke, Joomla, now WP) and have failed. I’ve even tried bbPress, which I can’t seem to get to integrate with WP without freaking out. I’ve shelved the idea of forums until bbPress gets better (meaning someone writes a plugin for integration), though I’d really like them for one site of mine.

    That’s sort of a long winded way of saying, no, I’m not familiar with the practice. I wonder why they do it? It doesn’t seem like it has a purpose. Oh well.

    well, when its done on forums, they typically include a link to their site ..

    If you actually saw the content of some (not all) of the $_POST’s you might understand better:

    user_login = RoflCopterzzz
gimme_info = [url=https://coffee-grinder.buyithereforcheap.info]{coffee|coffee grinder|coffee beans|free coffee}[/url]
user_email = [email protected]
submit = Register
action = register
209.51.135.250
/vi-register.php
--------------**********------------------

    They dont all look that, mind you, but a good deal do.

    I have a plugin, wp-deadbolt, which doesnt currently work in 2.5 that worked, to a degree, at stopping that.

    Ive dropped that premise entirely, as Ive found it much easier and much more effective to just change the form field for the login name. I keep the default one, but its hidden via CSS. The scripts see it, but people dont.

    When a login includes the hidden field, it fails.

    Its a very simple method of dealing with automated registrations.

    Any sort of extra field data that you can check after the fact, aka even a good captcha (and yes, captchas can be broken) will accomplish the same thing ..

    Like a math captcha..etc..

    You can see in the above real life example, that they submitted data using the default field. They saw the extra (real) one, and thats where they put the URL spam.

    The above failed, I got no email, and they were promptly redirected off to some other site. I change where I send spammers like this occasionally; one of my favorite destinations is https://www.fbi.gov though.

    Thread Starter pdahandyman

    (@pdahandyman)

    That’s very cool! I’d love to implement such a tool, but I’d never figure it out on my own. I’ve never been much of a coder, though I’m not bad at modding PHP, a skill I’ve taught myself when I started using CMS. I’m trying out WP-SpamFree, but since I’m so busy I’ve not had time to look it over and see how it works.

    All we can do is press on ??

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘What Is The Purpose of Fake User Registration?’ is closed to new replies.