Wordpress & New User Registrations with IP 0.0.0.0
February 20, 2017 5:06 AM   Subscribe

My website has been inundated lately with new user registrations with IP addresses from Russia and nearby countries. They don't seem to be doing anything once they register but they make me nervous so I've been blocking their IP addresses in my .htaccess file. Now I'm getting new users with a registration IP of 0.0.0.0. How can that be and how can I block them?

My Wordpress software is always up-to-date and I won't use a plug-in unless it's both popular and actively maintained. Anyone can leave a comment without registering. User registration is only required to use a forum (SimplePress) I have on the site.
posted by someonesomewhere to Computers & Internet (8 answers total) 1 user marked this as a favorite
 
I've almost never used Wordpress, but have you ever seen an IPv6 address in the logs? If you haven't my first guess would be some part of the system isn't designed to handle them and they're coming through as 0.0.0.0.
posted by XMLicious at 5:46 AM on February 20, 2017


Do you have a CAPTCHA on the registration process? Because unless there's some particular reason that a lot of actual Russian people, even bad actors, would want access to your forum, there's a pretty good chance that those are just spammers, and blocking by IP is usually a fairly inefficient way of dealing with that.
posted by Sequence at 6:04 AM on February 20, 2017 [2 favorites]


Best answer: Also btw, if you have time-date stamps within Wordpress, and the logs of the web server itself are turned on, you may be able to figure out the IP address of a visitor by correlating time-date stamps.

But at Sequence says, blocking individual IP addresses probably isn't a terribly effective way of preventing anyone who you suspect of being a bad hombre from doing anything; it might dissuade an unsophisticated real commenter who just starts saying abusive things one day, but anyone who is engaged in organized shenanigans (presumably the reason you're wary of Russia in particular?) isn't going to find that to be a substantial obstruction.
posted by XMLicious at 7:22 AM on February 20, 2017


Best answer: Install Wordfence.
posted by Webbster at 7:27 AM on February 20, 2017 [1 favorite]


Response by poster: I am using a CAPTCHA and I have doing IP blocking for years, although I've rarely needed to add IPs to the list. Typically every year or so it gets bombarded with new user registrations from spammers/bots/hackers from China and Russia and I've gotten them to go away by blocking their IPs or turning off new user registrations for a few weeks.

The site was once popular, it still contains a lot of useful information and the forum has loyal users. But I no longer have much time to spend on it so I'm looking for a both an effective and very easy fix for this problem.

Wordfence looks good and I'm going to try it out. But I'd still like to know why WP is reporting new users with an IP of 0.0.0.0. I'd forgotten there are clues in the server logs and I'll check them when I get a chance.

I strongly suspect that XMLicious is correct and the registrations are coming from IP6 addresses.
posted by someonesomewhere at 8:24 AM on February 20, 2017


Best answer: Webbster has it. Totally install Wordfence. You can block all of Russia and China by checking boxes.

You might also install Activity Log and run it for a day or two and see if it gives you better data.
posted by gregr at 8:33 AM on February 20, 2017


While Wordfence is a good thing to run, it didn't stop New User bots for me. You need to obfuscate your "wp-login.php" file.
posted by humboldt32 at 9:38 AM on February 20, 2017


You might also get some positive effect from Bad Behavior.
posted by artlung at 9:14 AM on February 21, 2017 [1 favorite]


« Older Life begins at 30   |   How to stay in a specific, particular, comfy... Newer »
This thread is closed to new comments.