Why would my network show multiple anonymous users and growing, all beginning with an underscore?

I've successfully set up 2 MultiSite installs, moved sites from one to another, mapped domains and other activities with no problems. Last night I noticed under my network admin/Users it showed 40+ anonymous users and my 2 or 3 admin user accounts that I set up myself. I looked again this morning and the anonymous user account is up to 70+. They don't show up under the "User" interface, but do show up under "Users" on each of my sites. I've gone in and deleted them manually, but they keep coming.
I've searched the community for answers and haven't seen anything like this.
Thank you!

  • MichaelT
    • New Recruit

    Thank you, Vaughan.
    I figured this was the case, and so I've added anti-splog and I'm working on it.
    What I find interesting is that this particular installation and the few sites on it have comments turned off and registration is disabled. So, when I saw this happening I was confused and concerned.
    I keep comparing my 2 multisite installations to see why this is happening to one and not the other.???
    I will report later if I can make sense of it and then mark this as resolved.
    Again, thank you for your input.

  • MichaelT
    • New Recruit

    Well, it's sometimes difficult to pinpoint cause and effect, but there were a number of things going on with this installation that I will mention in case it helps anyone in the future.
    I'd never had this happen before, so I was in a bit of a panic when I started seeing my user count go from 3 to 100. My sites are used as CMS not blogs. I have comments turned off on almost everything, so I was looking for where these were coming from. I narrowed it down to a few things:
    1. I discovered the hosting account for this new network is a shared account. Fail. Definitely need dedicated DNS as I use Domain Mapping also. That will be resolved, but the rest of my notes are still while using that shared account...
    2. I had wp-ecommerce plugin activated on the network as it was used for one site. As soon as I deactivated it on the network a lot of things got better. I could see all these bogus users under the network users control panel and not just under each site. This way I could finally select them all and delete them easily.
    3. With anti-splog installed I selected settings that limited the number of sign ups. Other than that I will have to learn more about the plugin and work with it to keep things tidy.
    4. Once I activated the wp-ecommerce plugin on the individual site, I got a few more anonymous user / spambot crap on that particular site, not the others. I'm not saying the plugin is the problem, it just played some part on my shaky set up, etc.

    Other than that, I've got a stand alone WP installation (on shared hosting) with no attacks like this and another MultiSite set up (with dedicated DNS) where I've never had a problem. Again, these are not blogging sites with lots of posts or comments.

    So, chalk it up to experience I guess and full steam ahead with some focus on security.

    Thanks again for your help Vaughan! Got anything to add based on my notes?

Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.