Bogus web site registrations
November 4, 2011 6:38 AM   Subscribe

I have a web site using Wordpress and a forum plug-in (Simple-Press) that's been around for awhile and has become fairly popular. All of a sudden I've begun getting at least 3 to 6 bogus user registrations each day that are coming from IP addresses in Russia and eastern Europe. I don't really know why or how concerned I should be. They don't need to register to post comments on my blog and Akismet is almost 100% effective at getting rid of comment spam. They're also either not trying to post spam on my forum or they can't get past the Captcha/challenge it uses.

I'm wondering if I can safely ignore the bogus registrations or if I should be taking precautions of some kind to protect my site. I have considered using my .htaccess file to block all access from those countries. But that would create a pretty huge deny list and I'm afraid it might affect the performance of my web site. What advice can you give me?
posted by 14580 to Computers & Internet (4 answers total)
If they aren't getting through to actually post I would not worry about it. I admin a site for a non-profit with a forum and I've seen a big increase in bogus logins recently. In my case, it isn't even automated ( I don't think) as they are completing the email confirmation, so I'm thinking it is a boiler room operation somewhere in Asia. I've had to resort to admin approval of every new user.
posted by COD at 6:50 AM on November 4, 2011

Welcome to the wonderful world of spam management.

Yeah, you need to be able to block registrations to your site based on IP addresses. I'm a moderator on a Mac users' site, and we employ a fairly large (and growing) list of IPs that generate a huge amount of spam. If left unchecked, your comments WILL be overrun by spam of all sorts and ugliness.

It's not unusual for spammers to register first, then come back later to start spamming, so you aren't out of the woods simply because of your Captcha. They will get past the Captcha.

Just be glad it's just Russia so far. India, based on our experience, is the big spammer, with China a very close second.
posted by Thorzdad at 8:14 AM on November 4, 2011 [1 favorite]

A large portion of former WP vulnerabilities have been privilege escalation problems, where once a user has an account, they had been able to gain admin privs on the blog. This practice might just be hold-over from those days, or it could be an attempt to blindly get onto user-listing pages, or to get you to click the links.

There are plugins that will work to prevent bot registrations.
posted by toomuchpete at 10:59 AM on November 4, 2011 [1 favorite]

I just removed Simple Press after my site was hacked. It wasn't the most recent version -- if you're running the most recent version, the vulnerability that got me was fixed. Make sure you've updated the plugin.

FWIW, though, I was seeing the same behavior before the hack -- lots of bogus accounts from Eastern Europe, and then nothing was done with them. I decided that I would remove Simple Press and turn off the ability for users to make accounts on the blog, since other than Simple Press, there was no reason for anyone but me to be creating accounts.
posted by litlnemo at 3:01 AM on November 5, 2011

« Older Looking for an inventory of street design   |   I really need to talk right now... Newer »
This thread is closed to new comments.