Dr. Dave, the man behind Spam Karma has this to say:
if you have been trusting enough to leave User registration enabled for guests, DISABLE IT IMMEDIATELY
He doesn’t go into what the exact problem is, for fear that more people will learn about a potential exploit.
I disabled this option several weeks ago after some random users began registering. Since Spam Karma can be set to go easier on comments by registered users, I assumed it was part of a spamming ploy.
So if you’ve been trying to register, I’m either really sorry or I hate your guts you spam delivering motherfucker.
This announcement has been brought to you by the letter S. You may now return to the daily grind.
ZaMoose Says:
The wp-hackers mailing list archives haven’t been updated to reflect the discussion, but it’s actually a security issue that has to do with WP