WordPress User Registration Spam

Recently I had enabled the option to register on TechUtils.in as a subscriber to the login page. It’s an easy option just go to the Admin Section> Settings> General.

Check the Option “Anyone can register” and click on save.

This was the easy part thinking that I could get users and later if they wish to contribute then, I would just change their role. Thus easy public contribution to my Blog.

And within hours I had about 300+ users registering on my blog as subscribers.

The peculiar part was that every time someone registered, they would change their password. As an admin i would receive the mail instantly that the user has lost their password and have changed it.

At first I was amused, but then later curious that why would each user change their password as soon as they register.

On digging I found various articles. One that sticks out was this one

It seems that many people are facing the same issue and sites like

komatoz.net
gawab.com
yandex.ru
mail.ru
inbox.ru

Users from these sites may be budding hackers or just fun spammers…but for blog owners they are just useless irritations.

How to lose them?

There are a few ways for that:

  • Use of the .htaccess File

    .htAccess file has an in-built design for such issues.
    add the following entries to your .htAccess File

    #BEGIN_ADDS
    Options -Indexes

    order allow,deny

    deny from 24.1.39.117
    deny from 38.99.101.151
    deny from 58.65.237.113
    deny from 58.65.239.146
    deny from 61.152.95.162
    deny from 64.233.179.101
    deny from 64.86.69.6
    deny from 64.94.4.196

    deny from 66.235.180.189
    deny from 72.249.100.188
    deny from 75.126.3.177
    deny from 78.110.160.130
    deny from 85.225.117.179
    deny from 87.118.112.50
    deny from 88.255.69.10
    deny from 89.149.227.193
    deny from 89.149.241.229
    deny from 89.207.216.211

    deny from 160.114.38.82
    deny from 190.2.0.2
    deny from 192.116.79.226

    deny from 195.2.114.31
    deny from 195.2.114.32
    deny from 195.245.119.76
    deny from 195.225.178.15

    deny from 203.162.2.137
    deny from 205.158.160.76
    deny from 208.187.80.135

    deny from 210.14.128.112
    deny from 210.14.128.172
    deny from 210.22.158.132
    deny from 212.175.13.169

    deny from 216.240.152.9
    deny from 217.20.115.118
    deny from 218.61.16.8

    allow from all

    #END_ADDS

  • Use of Akismet

    Most folk use anyway as it’s part of the default WordPress install. The activation is fairly simple and even though the say select a plan, it can still be used as free.

    • Just head over to the activation plan selection page.
    • Select the basic plan
    • drag the slider to the leftmost, till you wipe the smile off that smiley.
    • click get API Key.
    • head over to your Admin Section.
    • activate Akismet
    • add new Activation key from your mail.
    • Enjoy. In case there comes an Oops moment where people still trickle through and you don’t even want them…upgrade your plan…

Source