Preventing Spam and SAS Blog Server Downtime – and how you can help!

On 13 March 2017 my blog site started getting user registrations from spam bots all with first name equal to last name. I was leaving to travel to the SAS Global Forum in Orlando the following day, so I quickly set the default membership level to “Pending” to prevent too much damage, as “Pending” members only have the same blog site access as unregistered visitors. Recently new members may have noticed a delay in getting full access to the site, and this is because your membership is initially “Pending” until I manually change it to “Active”. The following day more spam registrations occurred, but then on the day after that my blog server decided to go into stand-by mode, shutting down the web site, for reasons I still don’t understand. Under normal circumstances I would have been upset by this, but, given the likely influx of many more spam registrations, it was actually a relief, as I would have limited access to WiFi while travelling, and so I was able to relax a little.On 1 April 2017, when I’d arrived at the conference, I asked my daughter to restart the blog server, so it would be available for new registrations again, and I was then able to track the unwelcome new members more easily using the hotel and conference WiFi.

Where were the IP addresses for spam registrations located?

  • Former Soviet Union – 53.5%
  • EU and UK – 22.0%
  • North America – 11.5%
  • Rest of the World – 8.5%
  • Unknown – 4.5%

The IP addresses of the spam registrations suggest they are mostly from countries in the former Soviet Union, although otherwise spread around the world.

Email domains in spam registrations:

  • mail.ru – 31.5%
  • yandex.com – 6.0%
  • yandex.ru – 5.0%
  • other *.ru, *.ua, *.ee – 3.0%
  • other *.top – 16.5%
  • other email domains – 39.0%

At first sight you would assume that the former Soviet email addresses matched the former Soviet locations, but that was definitely not the case, as *.ru and yandex.com email addresses were associated with locations in countries spread right across the rest of the globe. It appears that these IP addresses are being used remotely for spam registration, possibly without even the knowledge of their owners. Wordfence, a security company for WordPress sites, has published an article about how some home routers could be compromised, how to check for this vulnerability, and how to protect yourself. I strongly recommend that you read this article and protect yourself along with WordPress users like myself! This is how you can help.

So what have I done to resolve all of these problems? First of all I have ordered a new server and uninterruptible power supply, so that going into stand-by mode and power cuts should not interrupt your connection to the server in the future, other than in exceptional circumstances. The site should be moved over to the new server in the next few weeks. Secondly I installed a new WordPress plug-in called “WP Spam-Shield” on 14 April 2017, which has miraculously stopped all of the spam registrations! As a consequence I have now reset the default setting for new membership from “Pending” to “Active”, so new members won’t have to wait for me to activate their accounts.

2 comments on Preventing Spam and SAS Blog Server Downtime – and how you can help!

  1. Apologies for the 10 hour break in server availability overnight (in the UK), this was caused by a security “threat” appearing after a new version of a WordPress plug-in was installed, and then my over-reaction to that “threat”. Had I followed my own frequently-voiced advice to check the log first, then it would have be resolved much much earlier. Sorry.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: