Hi,
This may not be new to some of you, but it is new to me.
This summer, one of my sites saw many spam 'ad comments' on new user pages.
Someone register himself/herself and leave comments on the register new user page (which I
should not left open to all).
I guess someone hired summer students to do this, they may want to google bomb with links
on many web sites pointing to their sites. So, this 1+1= method did not stop spammers.
I only show user lists to admin, so this attack did not add any value to spammers. I
changed the access control, so that visitors can not welcome themselves to be a user.
So, XWiki admins, you are informed. This is just my two cents.
Wei-hsing