[wp-trac] [WordPress Trac] #49276: spam registration increasing after update 5.3.2
WordPress Trac
noreply at wordpress.org
Thu Jan 23 14:03:20 UTC 2020
#49276: spam registration increasing after update 5.3.2
----------------------------+-----------------------------
Reporter: wordpresserror | Owner: (none)
Type: defect (bug) | Status: reopened
Priority: normal | Milestone:
Component: Users | Version: 5.3.2
Severity: normal | Resolution:
Keywords: | Focuses: administration
----------------------------+-----------------------------
Comment (by wordpresserror):
yeah as I checked it's a gravatar image.
also, I forgot to mention there is no email id as wordpress at domain.com
registered in my WordPress or hosting account.
so how am I getting an email from wordpress at domain.com for all the spambot
registrations but getting an email from admin at domain.com when I try the
link that most of the spambots use traditionally which is
{{{
https://domain.com/wp-login.php?action=register
}}}
definitely its worth looking into because these registrations are not the
traditional ones that we used to get before WordPress 5.3.2 its something
else
also, they are targetting woocoomerce too
Replying to [comment:2 audrasjb]:
> Hi and welcome to WordPress Trac!
>
> Doesn't look related to WordPress Core at a glance. Its worth
investigating though.
>
> > also a spam bot had an image how did the bot upload the image?
> I suppose it wasn't uploaded, but rather a gravatar image.
>
> > how was the spam bot able to register without name?
> Because they are not using the registration forms but rather the API
methods.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/49276#comment:5>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list