Skip to:

Very weird spam incident…

  • 3635122

    Hi everyone

    Ok, here we go again. I have WPMU v2.8.2 and BP 1.0.3 installed. Also, the latest version of BBPress, FB-Connect, reCaptcha and Askimet.

    About a week ago, despite having ALL registrations/posts/comments completely disabled, a person/bot was able to sneak through and register for an account.

    I posted back here and asked what I should do about this and was advised to install reCaptcha (which I did).

    Now this morning I went to my BP site and see that once again someone has registered for an account and not only that but they have also used my FaceBook name as their sign-up name but when I click on their icon, instead of taking me to their BP profile, it just refreshes the page. A further look shows that they used a FaceBook URL but used several trailing slashes in the address and no email address was provided.

    At first I thought that perhaps this account had been automatically created when I logged into FaceBook under my FB developer account so I tried to recreate this but no dice.

    It looks like once again, someone has gotten through. I have no idea what their game/gig/motive was in creating an FB account using my name or how they even got in. I know it wasn’t a family member or friend playing a joke on me either (as has been suggested).

    Any ideas?.

    Thanks, Steve

Viewing 7 replies - 1 through 7 (of 7 total)
  • FB-Connect isn’t my favourite bit of software in the world as I spent some time checking out the code once, so there may be a hole there. </randomguess> Certainly my money is on a plugin.

    Have a look at the record in wp-signups or wp-users; any clues or differences vs a user who registered properly? Any clues?



    Some people have suggested installing WP Hashcash to block signups, though I haven’t tried it myself.

    But you’re saying that someone signed up on your BP install with the Facebook Connect plugin?

    So it sounds like a problem with the FB plugin… not sure though.

    Sounds like DJPaul suspects the same thing!


    Hey, thanks for the replies.

    Looks like you folks may be onto something. How/where do I go to check the wp-signups or wp-users thingie though?. Is this something I can check from the admin center?.

    Thanks again!, Steve



    I posted this 3 days ago and received several responses (thanks!) but never received a follow-up on my question regarding how/where I go to check the wp-signups or wp-users thingie.

    Also, I was hammered again by a spammer/bot yesterday and this time, it wasn’t through FaceBook. Any ideas on how/why this is happening and what I can do to prevent it from happening again in the future?. For more info/details, please scroll up to see my origin post(s).

    Thanks again, Steve


    Thanks, I’ll give this a try.



    Any luck with bad behavior? I was having good success with wp-hashcash but recently found it was blocking all registrations. Even a legitimate one could never get off the wp-signup page. I finally had to disable it so people could register, and now I’m back to getting splogs again. All of them seem to be a name then numbers (angie539034). Very frustrating.

Viewing 7 replies - 1 through 7 (of 7 total)
  • The topic ‘Very weird spam incident…’ is closed to new replies.
Skip to toolbar