Potential blog hacking in progress?

[VisionEdger]

Daily I get email notices saying a new user reg is requested for my WP blog and they r different eacvh day.

Many are .ru emails trying to set up new user reg to my blog.

Whats this all about?

People trying to access my admin?

 

[fish]

Maybe. Is there some reason you allow user registration? Also, are you using the latest version of WordPress (2.7.1)?

 

[CrazyTech]

I doubt they're trying to access your account, generally they are spam bots trying to register to make comments to spam their links.

 

[VisionEdger]

Maybe. Is there some reason you allow user registration? Also, are you using the latest version of WordPress (2.7.1)?

I am using 2.7. I am not going to go to .1 version as my blog theme needed a ton of upgrades to make work in 2.7 from my dveloper

U also ask is there a reason I allow user reg. Not sure if I really am to be honest. Ill ask my developer on this.

the link is:

www.oledevices.com

You can see my admin log in panel there on front page which they must simply try to access.

I doubt they're trying to access your account, generally they are spam bots trying to register to make comments to spam their links.

This could be it. I get daily comments with weird messages that I simply delete.
thx alot!

 

[nasaboy007]

try this: http://recaptcha.net/plugins/wordpress/


It will stop most automated posts/registrations.

That and akismet for spam, but the captcha on registration is useful too.

 

[fish]

First of all, WP themes generally don't need "a ton of upgrades" to work with newer versions of WordPress. Although with 2.7, for example, you could have updated your theme to take advantage of the new comment threading and pagination features. But this is not a reason not to upgrade, especially from 2.7 to 2.7.1. It would only take a few clicks.

If you're not sure why you allow user registration, then I'd recommend you disable it. I notice you also don't require registration to post comments, so there really isn't any reason to keep this feature enabled.

All in all, I don't think it's anything to worry about. Like CrazyTech posted above, they're probably just automated spam bot sign ups.

 

[HappyDay]

I used:projecthoneypot.org
to protect my WP blog several years.

Also there is a great plugin you could try:I just don´t know if it still works for higher WP versions.

Plugin Name: WP-Deadbolt

Description: Give yourself control of e-mail addresses that can be used when registering on your WordPress blog.
Version: 3.0
Author: whoo
Author URI: http://www.village-idiot.org

Good luck !

 

[VisionEdger]

First of all, WP themes generally don't need "a ton of upgrades" to work with newer versions of WordPress. Although with 2.7, for example, you could have updated your theme to take advantage of the new comment threading and pagination features. But this is not a reason not to upgrade, especially from 2.7 to 2.7.1. It would only take a few clicks.

If you're not sure why you allow user registration, then I'd recommend you disable it. I notice you also don't require registration to post comments, so there really isn't any reason to keep this feature enabled.

All in all, I don't think it's anything to worry about. Like CrazyTech posted above, they're probably just automated spam bot sign ups.

thx for all the info. The upgrades were done by the developer because the original theme had a lot of bad code so it would not work correctly from original, thats what I meant, so I am not sure if upgrading to the .1 version may affect the theme as it was created in 2.7. Ill ask my developer.

I now see under users in my admin panel that they are listed as "subscribers".

They all tried to leave a comment and I deleted all the bad comments, so how can this entitle them to still become subscribers after I deleted their comments?

Under admin settings I just changed the "any one can register setting" and disabled it. Plus the new user default role should then be disabled as well.

 

[dWhite]

I doubt they're trying to access your account, generally they are spam bots trying to register to make comments to spam their links.

This is most definitely the case here. I had user registration open for awhile, and I was getting hit hard with registrations from known spam bots according to Project Honeypot and StopForumSpam.

If you are getting hit with comment spam while we are on the subject, definitely get some form of reCAPTCHA plugin and the Akismet plugin.

 

[fish]

They all tried to leave a comment and I deleted all the bad comments, so how can this entitle them to still become subscribers after I deleted their comments?

Well, you would probably want to remove those accounts as well as delete the bad comments.

 

[devzealot]

They are likey just trying to make comments, check out your admin options and
block registrations.