In the evening I got an automated email from my WP blog, that a user by the name “klamka13303” has registered on the site. I thought it to be suspicious as earlier also similar user had been registered on Technolism and later on posted an article in Polish which we later on rectified.

The same happened today also. By  the time I could delete this suspicious user, it published a post in Polish titled “Rachunki i konta bankowe” which means “Accounts and bank accounts” in English. It is some sort of a guide for “Accounts for young people.”

This user registers with the email [email protected] and the user name “KLAMKA13303” with the role of a contributor and gains further access to the site using which it publishes the post directly without the permission of the publisher.

Technolism - Rachunki i konta bankowe - KLAMKA13303 WP spam user

When I checked some of my friends’ blogs, they had also been affected and entering the search term as “Rachunki i konta bankowe” in Google, I found that there are more than 300k blogs that have been infected in the last 24 hours. Check out a screen grab from HBB, one of my friends’ blog.

HellBoundBloggers - Rachunki i konta bankowe - KLAMKA13303 WP spam user

WordPress had released a security update WP 3.0.5 in which this issue was resolved. I am not sure what they are going to do about this recent problem faced by bloggers around the world.

If you are also a WordPress blog owner, and have been infected with this spam user, immediately delete it from your registered users list and change your password also, for safety. Also, delete the Polish post published by this user as your readers are not going to like it. And if you have not been infected till now, well, you have got a reason to worry and delete such a user registration immediately.

10 COMMENTS

    • Ya.. Zeeshan… it happened to me and I understand the level of frustration 🙂

      It rather happened 2 times… I have stopped user registration on my blog for now and I am not getting this problem after that.

  1. Our Company just had the same problem with a whole of infected New Registered User/Subscriber notices from multiple usernames and @o2.pl email addresses. Fortunately, we don’t not allow subscribers to post on our blog without our manual permission approval. We are trying out a WP Plugin called ‘Bad Behavior’ that has been rumored to stop these infected user bots. We will post the results of using that plugin here in the comment section to let everyone know how well this plugins works. Thanks again for posting this article!

  2. Did a little research. You can change the way people register on WP sites to cut down on this type of activity. http://wordpress.org/extend/plugins/custom-registration-link/
    Also, you can install Wordfence Security which will also help. http://wordpress.org/extend/plugins/wordfence/
    Wordfence Security is a free enterprise class security plugin that includes a firewall, anti-virus scanning, malicious URL scanning and live traffic including crawlers. Wordfence is the only WordPress security plugin that can verify and repair your core, theme and plugin files, even if you don’t have backups.
    Hope this helps.

LEAVE A REPLY

Please enter your comment!
Please enter your name here