Skip to:
Content
Pages
Categories
Search
Top
Bottom

Fighting Splogs

  • Avatar of Michael Berra
    Michael Berra
    Participant

    @miguael

    Hi everybody

    I know this is kind of an endless topic – at least it seems so, when I read the threads over at mu.wordpress.org…

    My questions is the following – could it be, that some plugins do not work with buddypress, because it is not using the wp-signup.php?

    That is what I tried:

    - rename or even delete the wp-signup.php…

    - Using a captcha on my registration page (register.php)

    - I installed the hashcash plugin with signup-protection activated (without aksimnet), but it seems, that it doesn’t do anything – I still get spam registrations.

    Any ideas? It is very anoying…!

    I post this here, because I think this is just a great community of helpers!!!

Viewing 25 replies - 1 through 25 (of 45 total)
  • Avatar of Peterverkooijen
    peterverkooijen
    Participant

    @peterverkooijen

    I’d like to know this as well. I get spam blog that apparently go around my custom signup process – name not capitalized etc.

    Can you “safely” delete certain WP or WPMU registration files? Which ones are obsolete when you use BP? Would that fix part of the problem?

    Any help on this one… I am pretty sure, this is a WPMU related issue, but the forum-answers over there do not really work for me (as described above). Those registrations seem to go directly – or buddypress “opened” another door…

    THANKS!

    Avatar of r-a-y
    r-a-y
    Moderator

    @r-a-y

    You also have to secure your bbPress install from spam signups (if you have forums installed).

    Things you’d want to do is disable registrations in bbPress and redirect attempted signups to WPMU’s signup page.

    I did – I just deleted the register-page in bbpress (I read that should do it…)

    Avatar of r-a-y
    r-a-y
    Moderator

    @r-a-y

    Michael, you can also try protecting spam signups by using a RewriteRule in your .htaccess:

    http://wpmututorials.com/how-to/spam-blogs-and-buddypress/

    This is quite an effective method that will stop most spambot signups (except the manual ones!)

    Avatar of Slava UA
    Slava UA
    Participant

    @slaffik

    @r-a-y:

    I did that (RewriteRule in .htaccess) – did not help me.

    So I’m with you, Michael (did all you did), very interested in any NEW solutions.

    Avatar of r-a-y
    r-a-y
    Moderator

    @r-a-y

    You could also try some WP plugins that add additional hidden, input fields to the registration form:

    -Invisible Defender – http://wordpress.org/extend/plugins/invisible-defender/

    -NoSpamNX – http://wordpress.org/extend/plugins/nospamnx/

    Chances are a spam bot will fill these input fields in, and thus these plugins will block these submissions.

    I’ve been meaning to give this a shot, but I haven’t tried it yet because I don’t need the extra layer of protection (right now anyway)!

    @r-a-y – thanks for the htaccess link – I’ll try that (with the bp-explanation) – hopefully it works…

    Avatar of danbpfr
    danbpfr
    Participant

    @chouf1

    i don’t know if robots go directly into db, or use the wp code…

    but one thing you can try is to hack a little the register_new_user function in wp-login.php

    to ban some email domains like “XXXX@myspacee.info” witch massevely occurs in the past last weeks….

    function begins at line 228 (v. 2.8.4a)

    add this on line 233

    $email_check = explode(“@”, $user_email);

    insert also this at line 248

    } elseif($email_check[1] == ‘myspacee.info’) {

    $errors->add(‘invalid_email’, __(‘ERROR: The email address isn’t correct.’));

    insert the same code and change the mail domain name if you need to ban more domains

    In use with invisible-defender, wp-ban and wp-spamfree i think you would be quiet for a moment with unwanted registering of blogs or users.

    Thanks – but sadly nothing seems to work:

    I have now:

    - rename or even delete the wp-signup.php…

    - Using a captcha on my registration page (register.php)

    - I installed the hashcash plugin with signup-protection activated

    - deleted the register-page in BBpress

    - added the .htaccess lines

    - (and by the way added a couple domains to block in WPMU backend – but still the same domains get through

    Is there really no way out?

    Avatar of danbpfr
    danbpfr
    Participant

    @chouf1

    did you try my solution ?

    Avatar of Ted Mann
    Ted Mann
    Participant

    @tedmann

    Is there any way to enable captcha or something similar on BP private messaging?

    That’s where I’m seeing more and more abuse lately. Somehow sploggers register with my site, then PM all the users with kiddie port links. It’s really bad.

    I don’t quite have a handle on how they’re doing this. There must be some sort of evil script that goes through the member directory and messages member after member. Have other people seen this, and, if so, any suggestions on how to combat it?

    Avatar of stripedsquirrel
    stripedsquirrel
    Participant

    @stripedsquirrel

    @ Ted. That is very annoying! I am not yet too familiar with BP, but is there a way to open PM only between friends? Either via plugin (should be core methinks) or setting?

    Which means the sploggers need to send our friend requests first. If somebody is stupid enough to accept a friend request from 0rgazm-hard007, then he deserves the kiddie links ;)

    On WPMU, just renaming the sign-up page and adding a few hundred domains to the sh*tlist blocked 99% of all splogs, I assume the rest is manual.

    No sure how it works with the new BP regster page, can you simply rename that as well?

    Cheers

    Avatar of Peterverkooijen
    peterverkooijen
    Participant

    @peterverkooijen

    r-a-y, I’d like to try the .htaccess solution, but the instructions are very ambiguous:

    # BEGIN ANTISPAMBLOG REGISTRATION
    RewriteCond %{REQUEST_METHOD} POST
    RewriteCond %{REQUEST_URI} .yourbpsignupslug*
    RewriteCond %{HTTP_REFERER} !.*yourhomedomain.* [OR]
    RewriteCond %{HTTP_USER_AGENT} ^$
    RewriteRule (.*) http://die-spammers.com/ [R=301,L]
    # END ANTISPAMBLOG REGISTRATION

    Should I leave the dots (.) and stars (*) around ‘register’ and ‘mywebsite.com’?! What would be mybpsignupslug if I have the registration form on my homepage as well as /register?

    Avatar of Peterverkooijen
    peterverkooijen
    Participant

    @peterverkooijen

    Chouf1, are you sure wp-login.php is even used in Buddypress registration?

    Edit: Tried the code. I get an “Parse error: syntax error, unexpected T_ELSEIF”.

    Avatar of Arghagain
    arghagain
    Participant

    @arghagain

    Unless you have 1 million splogs sign up a day, you can always manually check and delete each splog. Trust me, you can discourage spammers to splog you, but you won’t be able to get rid of new spammers and new splogs. Unless you have a smart programmer that programs a good algorithm in recognizing splogs and spammers, but it probably gonna cost ya big time.

    Avatar of Peterverkooijen
    peterverkooijen
    Participant

    @peterverkooijen

    @Arghagain, that’s a bit fatalistic. I am removing them manually now, but they all sign up with *.info email addresses. There should be a way to block those.

    Apparently the Banned Email function in wpmu doesn’t work because of a stupid bug and anyway it doesn’t allow wild cards. Are wp/wpmu/bp developers even working on this or are they too busy adding “cool” widgetize features etc.?

    Avatar of danbpfr
    danbpfr
    Participant

    @chouf1

    @ Peter – sure certainly not, but each incoming door need to be monitored :-)

    since i use the trick i have no more splogs or spammer registering !

    wp-ban works nice, invisible defender also and wp-spamfree did correctly his work too….

    a little additionnal htaccess hack and the wp-login file hack make things going right for me.

    I put some emails in the wp ban admin but i don’t know if this works correctly.

    I didn’t use captcha or similar techniques.

    Avatar of BeLogical
    BeLogical
    Participant

    @belogical

    for me, the ultimate solution to this would be for WPMU to allow username signups only and at the same time only allow logged in users to create blogs.

    they have these options separately, but it doesn’t work together like I would like.

    that way if it’s a bot, they wouldn’t sign up if they couldn’t get a blog. chances are they wouldn’t sign up, wait for the email, then log in, and then create a blog. to much work possibly.

    thoughts?

    Avatar of Dennyhalim.com
    Dennyhalim.com
    Participant

    @dennyhalim

    possibly, there exist new semi automatic method?

    a spambot that present to human a captcha so that the spammer only need to enter the captcha and everything else is automatic…?

    Avatar of stripedsquirrel
    stripedsquirrel
    Participant

    @stripedsquirrel

    oh yes, there is an entire industry in especially central Asian countries (Bangladesh is huge) where halls of people solve captcha’s for $1 per 1000-5000 captchas.

    See http://ha.ckers.org/blog/20080311/human-captcha-breaking/

    Don’t forget to read the last 5 comments or so :)

    Though I am in favour of having spammers employ and pay poor people in Asia, I hate spam even more and have abolished all captchas from my site as still too many people cannot read them, so it is chasing people away. And, as the link above proves, they do not help anyway.

    Avatar of Travel-Junkie
    Boris
    Participant

    @travel-junkie

    I know what work I’d pick if the choice is between backbreaking rice fields, backbreaking shipyards and captcha solving. So, please support Bangladesh and leave your captchas intact :) $1 per 1000-5000 captchas sounds like a pretty decent salary for the subcontinent…

    Avatar of Dennyhalim.com
    Dennyhalim.com
    Participant

    @dennyhalim

    how about checking all blog posts and all pm to akismet/typepad antispam?

    only certain trusted group are excluded.

    or perhaps after the user post a dozen good, non-spam content…

    Avatar of BeLogical
    BeLogical
    Participant

    @belogical

    I’m so sick of this I think I’m going to disable blogs. not sure this is worth the headache anymore.

    Avatar of arezki
    arezki
    Participant

    @arezki

    BeLogical… I am also unable to beat those suckers. But unless u have tons of registrations, you may want to follow what may be my final option, and that is to install a separate registration form, may be even a simple email form, and then select who I allow in and who I should delete. This means disabling WPMU/Bpress registration at this stage. This way at least, I can check my email in the evening and inform those allowed. Otherwise, I spent my entire week checking my blackberry only to notice a mountain of unwanted blogs. If you are looking for a simple free email form with the ability to include attachments (like avatar), I’ve tested this one and it is just a one minute install and works just fine. http://www.maianscriptworld.co.uk/free-php-scripts/maian-mail/free-contact-form/index.html – At least I may (not sure yet) get spammers in my inbox as opposed to allow them in.

Viewing 25 replies - 1 through 25 (of 45 total)

You must be logged in to reply to this topic.