Skip to:
Content
Pages
Categories
Search
Top
Bottom

Anti-spam techniques…

Viewing 15 replies - 1 through 15 (of 15 total)
  • Avatar of @ubernaut
    Ben Hansen
    Participant

    @ubernaut

    those seem like some great tips especially the last two thanks for sharing!

    Avatar of bp-help
    bp-help
    Participant

    @bphelp

    @mattt55
    Good info, thank you for sharing!

    Avatar of bp-help
    bp-help
    Participant

    @bphelp

    @mattt55
    Hi, I used your 3rd method registration honeypot to create a small plugin. I don’t really know how to test its effectiveness but here is a link for anyone that is adventurous and would like to give feedback to that effect:

    https://github.com/bphelp/bp-spam-killer

    Credit goes to @mattt55 for the code and idea.
    I could not get the 4th method using jQuery to work. It always sends every user to the spam-prevention page. If you can give more detail as to how to get this working I would like to use both methods in one plugin for better spam registration prevention. Thanks!

    Avatar of Mattt55
    Mattt55
    Participant

    @mattt55

    @bphelp

    Please don’t give me any credit for the honeypot idea – I got that one from someone else (I don’t remember who or where) and I probably almost completely copied the code as well…

    The 4th method (jquery, cookies and the “10 second rule”) is, as I indicated, torn from an existing project and strung back together in a way that (despite not being tested) is intended to work. It probably doesn’t at this juncture :-)

    Let me know how you went about it and what’s happening, and I’ll try to help you get it working. It seems (today) to be the killer method for curbing the spam ;-)

    Cheers,
    Mattt.

    Avatar of bp-help
    bp-help
    Participant

    @bphelp

    @mattt55
    Well I gave you credit because you was my source, if you ever come across the original author then I will credit them. As for the jQuery method see:

    http://pastebin.com/kzxCqSb8

    I added a _inc file to the plugin that contained the my.js file. See line 33 as to how I implemented it. Really not sure what I did wrong so have a look and see if you notice any errors.

    Avatar of bp-help
    bp-help
    Participant

    @bphelp

    @mattt55
    Per your request I removed your credit for the plugin.

    Avatar of @ubernaut
    Ben Hansen
    Participant

    @ubernaut

    i’d buy that for a dollar!
    :P

    Avatar of AITpro
    AITpro
    Participant

    @aitpro

    @bp-help – I tested your plugin and for whatever reason on my site it prevented good registrations. I will isolate exactly why that is on my particular site.

    @matt55 – I did some more research and built on your .htaccess code. A php error was occurring due to using Server Protocol so per jdMorgan “the htaccess Master” ;) the better condition check is The Request.

    Special thanks to jdMorgan a true htaccess Master

    # BuddyPress Anti-Spam Registration
    RewriteCond %{REQUEST_METHOD} ^POST
    # only match the register page URI
    RewriteCond %{REQUEST_URI} ^/register/$
    # domain referer is better than IP - allows for subdomains
    RewriteCond %{HTTP_REFERER} !^.*ait-pro.com.* [OR]
    # Blank or single hyphen user-agent spoofers or curl
    RewriteCond %{HTTP_USER_AGENT} ^(|-?|curl)$ [OR]
    # HTTP request header
    RewriteCond %{THE_REQUEST} HTTP/1\.0$
    RewriteRule ^(.*)$ /spam-prevention [R=301,L]
    Avatar of bp-help
    bp-help
    Participant

    @bphelp

    @aitpro
    Are you using the plugin on github?

    https://github.com/bphelp/bp-spam-killer

    Or Are you using the code on pastebin which I could not get valid users registered either.

    http://pastebin.com/kzxCqSb8

    On my test server the github plugin allows registration for valid users but I am not really sure how effective this method would be at preventing spam registrations. Any feedback is appreciated!

    Avatar of AITpro
    AITpro
    Participant

    @aitpro

    Yep, I downloaded it from github. I have a bunch of customized security things going on so most likely one of the other security measures I have in place is causing the issue/problem. I will figure this out tomorrow when I have some more spare time.

    Lately the Spam Registrations were getting way out of control – 1 per minute – so I had to get something in place quick. Yuck.

    Avatar of AITpro
    AITpro
    Participant

    @aitpro

    @matt55 – The php errors still continued so it was not due to using Server Protocol. I am not exactly sure what action the spammers are doing in combination with the .htaccess code that is generating the php errors, but for now I just suppressed them by adding an @ symbol infront of strstr below until I can analyze this some more. /buddypress/bp-core/bp-core-template.php code line 864.

    if ( !empty( $page_template ) && @strstr( strtolower( $page_template ), strtolower( $component ) ) ) {
    Avatar of bp-help
    bp-help
    Participant

    @bphelp

    @aitpro
    Yeah spam is no good and can get out of control real quick. JFYI on my test server when I pull up the source I can see where the plugin creates the hidden field but like I said I honestly don’t know how effective this method would really be at preventing spam registrations. I just through it together as a plugin merely out of boredom. :-)

    Avatar of AITpro
    AITpro
    Participant

    @aitpro

    What is awesome is this. The spammer registation counts as a new registered member, but the “new member registered” notification in the Activity feed does not display the spammer. Thanks spammers. LOL

    Avatar of AITpro
    AITpro
    Participant

    @aitpro

    This jack@$$ is the worst of them, but now I get credit for a new registered member and do not have to deal with anything else. I now love this spammer. Keep on spamming you make me look good. Ha ha ha.

    Not Locked 3678 Affekagf vrvivyey i.nst.inctmocu@gmail.com subscriber May 17, 2013 12:51 pm NA 59.60.112.49 49.112.60.59.broad.pt.fj.dynamic.163data.com.cn /wp-login.php
    Not Locked 3677 skdiejdbokg ypxridnj bar.r.elbxme@gmail.com subscriber May 17, 2013 12:51 pm NA 59.60.112.59 59.112.60.59.broad.pt.fj.dynamic.163data.com.cn /wp-login.php
    Not Locked 3395 Alioizadk qxftzRepgb floo.dbnwk@gmail.com subscriber May 17, 2013 12:53 pm NA 59.60.112.92 92.112.60.59.broad.pt.fj.dynamic.163data.com.cn /wp-login.php

    Avatar of AITpro
    AITpro
    Participant

    @aitpro

    Status update:
    This htaccess code reduced the number of Spam Registrations from 1,500 per day to 50. So now to figure out how the other 50 Spam Registrations are being performed. ;)

Viewing 15 replies - 1 through 15 (of 15 total)

You must be logged in to reply to this topic.