Spammer bypassed signup code

kernel_panic Inactive
Veteran
Just Getting Started
56
#1706

I just installed a brand spanking new WPMU last night, set up the signup code on it, installed a few more plugins, and went to bed.

Woke up this morning and check my email to find that a spammer has signed up for a blog. I haven't given out the signup code to anyone. I can't sign up myself without a signup code, how did this person sign up?

Is there a way to verify what signup code they used on the signup form?

Going through my logs, I only see 1 signup attempt, and it was successful:

70.242.14.138 - - [10/Jun/2010:05:19:17 -0400] "GET /wp-signup.php HTTP/1.1" 200 4848 "-" "Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)"
70.242.14.138 - - [10/Jun/2010:05:19:18 -0400] "POST /wp-signup.php HTTP/1.1" 200 4549 "-" "curl/7.19.6 (i386-pc-win32) libcurl/7.19.6 OpenSSL/0.9.8k zlib/1.2.3"
70.242.14.138 - - [10/Jun/2010:05:20:32 -0400] "GET /wp-activate.php?key=c28f75d8d9a95ffc HTTP/1.1" 200 3662 "-" "curl/7.18.2 (i386-pc-win32) libcurl/7.18.2 zlib/1.2.3"
70.242.14.138 - - [10/Jun/2010:05:20:33 -0400] "POST /wp-activate.php HTTP/1.1" 200 3662 "-" "curl/7.18.2 (i386-pc-win32) libcurl/7.18.2 zlib/1.2.3"
70.242.14.138 - - [10/Jun/2010:05:20:17 -0400] "GET /wp-activate.php?key=c28f75d8d9a95ffc HTTP/1.1" 200 3355 "-" "curl/7.18.2 (i386-pc-win32) libcurl/7.18.2 zlib/1.2.3"
70.242.14.138 - - [10/Jun/2010:05:21:40 -0400] "POST /kaleigh7335889/wp-login.php HTTP/1.1" 302 - "-" "curl/7.19.6 (i386-pc-win32) libcurl/7.19.6 OpenSSL/0.9.8k zlib/1.2.3"
70.242.14.138 - - [10/Jun/2010:05:21:42 -0400] "GET /kaleigh7335889/wp-admin/options-writing.php HTTP/1.1" 302 - "-" "curl/7.19.6 (i386-pc-win32) libcurl/7.19.6 OpenSSL/0.9.8k zlib/1.2.3"
69.61.101.173 - - [10/Jun/2010:05:21:43 -0400] "POST /wp-cron.php?doing_wp_cron HTTP/1.0" 200 - "-" "WordPress/2.9.2; http://kaleigh7335889.*deleted*.com"
70.242.14.138 - - [10/Jun/2010:05:21:43 -0400] "POST /wp-login.php HTTP/1.1" 302 - "-" "curl/7.19.6 (i386-pc-win32) libcurl/7.19.6 OpenSSL/0.9.8k zlib/1.2.3"
70.242.14.138 - - [10/Jun/2010:05:21:45 -0400] "GET /wp-admin/options-writing.php HTTP/1.1" 200 15465 "-" "curl/7.19.6 (i386-pc-win32) libcurl/7.19.6 OpenSSL/0.9.8k zlib/1.2.3"
70.242.14.138 - - [10/Jun/2010:05:21:46 -0400] "POST /wp-admin/options.php HTTP/1.1" 302 - "-" "curl/7.19.6 (i386-pc-win32) libcurl/7.19.6 OpenSSL/0.9.8k zlib/1.2.3"

Any suggestions?

(0)