Skip to:
Content
Pages
Categories
Search
Top
Bottom

Re: User / messaging exploit? Causing spam


John James Jacoby
Keymaster

@johnjamesjacoby

14 years, 4 months ago

@Seobrien, can you confirm that you were looking at the site users and not the blog users?

It’s a common mistake to think that users don’t exist because at first you naturally check “settings->users” instead of “site admin->users”. The first is only showing you users on the blog you’re looking at, the second will show you users on your site.

I can’t think of a circumstance where a user could somehow function through-out the site without a user account. Even if there’s a misalignment of data between BP and WP, if there’s no WP account, they can’t login. Also, they cannot login simply with an incomplete registration in WPMU (wp_signups), since the login page checks only the (wp_users) table.

@nexia, if you are duplicate this phantom registration method on any WPMU or BP installation, I’d love for you to PM me the steps so we can help patch the issue.

Forums

Views

Feeds

Tags

404 activation Activity activity activity stream admin admin bar ajax avatar avatars bbPress blog blogs Buddypress buddypress bug child theme comments css custom directory edit email error facebook fatal error filter forum forums friends group groups header help installation link links login member members menu message Messages multisite navigation notification notifications page pages php plugin plugins post posts privacy private problem profile Profile Fields profiles redirect register registration search sidebar spam template theme themes update upgrade upload URL user username users widget widgets wordpress xprofile
Skip to toolbar