Fake Registration Exploit WPMU

Hi,

I just recently changed my wordpress setup to WPMU.

Since then (2 days) I've seen a few fake registrations popping up (getting the email notification).

But the supposed registered user is not showing in within the admin on either of the sites.

How do I go about preventing these fake user sign ups. It seems specific to WPMU (I'm assuming).

I'm currently using: Wordpress 3.6

  • Alexander
    • DEV MAN’s Mascot

    Hi @phyve,

    Check under the users from network admin, they might be getting to that point, but aren't being added to a site.

    This isn't an exploit, it just means that spammers have found your site. If you're allowing users to register new blogs, the best defense for this is Anti-Splog: https://premium.wpmudev.org/project/anti-splog/

    Or if you aren't open to new users, you could disable user registration from "Settings -> General" in your network dashboard.

    Best regards,

  • phyve
    • Design Lord, Child of Thor

    Thanks Alexander. You were right they were just sitting in the the network admin users.

    I actually have the option of creating new blogs turned off.

    But user registrations are not disabled.

    clearly this is specific to newly added WPMU option, because I had little to no spam user signups before today.

  • Alexander
    • DEV MAN’s Mascot

    Hi @phyve,

    It's possible, but there's no way for us to really confirm this. On the front end, not much has changed at all. In fact, the registration page uses exactly the same code for single site as it does for multisite - it just hides the Mulsite stuff on single sites.

    Have you made any other changes like getting a new theme? Or are you on shared hosting where it's possible for your IP address to change? Maybe your IP changed which has attracted more spam.

    Best regards,

  • Alexander
    • DEV MAN’s Mascot

    Hi @phyve,

    You may want to try our Anti Splog plugin: https://premium.wpmudev.org/project/anti-splog/

    The only way to truly avoid this is to disable user registration entirely. This isn't an "exploit" in any way, it's just a byproduct of WordPress being so popular. There are automated spam systems that basically scan for WordPress sites, and run scripts that automatically register accounts to post spam, or fill up your comments.

    The reason this is happening, is because your site has been identified as running WordPress. It happening right after switching to Multisite might have just been a coincidence.

    Best regards,

Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.