mwpugln is a spam user targeting Drupal sites - delete it! (

Many Drupal sites are being accessed by a user named mwpugln. And googling a bit, I saw many administrators wondering what user it is. Well, it's not difficult to find out it's just a bot used to spam Drupal sites, adding comments containint links to the usual spam-advertised products. It looks to be a bot because it uses several different IPs scattered around the world: United States Postal Service SAKURA Internet Inc., Japan ZHEJIANG Polytechnic University of Technology&Arts, China China Network Communications Group Corporation, China fast IT GmbH, Germany UUNET, Great Britain Internet Solutions, South Africa NSS S.A., Argentina Global Online Services Limited, Bangladesh CHINANET Guangdong province network, China CNCGROUP Shandong province network, China CNCGROUP Henan province network, China

(these data are from my logs, and do not imply any of IP owners endorses the spammer, IPs may be sub-assigned and could belong to compromised machines, whois as of 2007-08-16) It's just the usual spam technique to get more visibility in search engines. Unluckily, looking at Google many Drupal web sites have been left open to this spammer. If you find this user registered at your site, delete it and create an access rule to block it.

Lately I also find other kinds of bots, a couple trying to exploit the Drupal contact form, one from a mail sender named Sandra-xx , where xx changes from message to message, another using sender addresses containing the string openbsd. Another bot tried to create several users with more sensible names (i.e. ThomasYoung, NicholasMoore), all using email addresses made using a bird name + a number, all, a bit uncommon for all this WASP ( looking names to use a web site in Cyrillic ;) The increasing popularity of Drupal sites will make them more appealing to spammers as well. My advice is approve new users (if your site is not large), and to use the captcha module ( where possibile - let's keep the Internet clean :)

Source URL: