Skip to:
Content
Pages
Categories
Search
Top
Bottom

How to control spam registration?

  • Avatar of jittopjose
    jittopjose
    Participant

    @jittopjose

    Hi

    I have installed and setup my site with Buddypress 1.2 RC3 and standard WordPress 2.9.1(http://www.hallowdemonlive.com)

    Now the problem is i am getting lots of spam registrations. daily more than 20. I controlled comment spams using bad behavior and akismet plugins. But how can i blog spam registrations?.. Any known way to avoid BP spam registration?.

    Plz help.

    Jitto P.Jose

Viewing 25 replies - 1 through 25 (of 57 total)
  • Avatar of m@rk
    m@rk
    Participant

    @mrk-1

    I recommend the SI CAPTCHA Anti-Spam plugin: http://wordpress.org/extend/plugins/si-captcha-for-wordpress/

    Avatar of jittopjose
    jittopjose
    Participant

    @jittopjose

    I tried captcha technique. but some how its not working with my installation. I dont know what the exact reason is. The image is not get displayed. when i clicked on the test link at the Si Captcha settings page, it is redirected to “not found page” ..

    But Buddypress test site (testbp.org) does not hold a captcha.. but still it seems that there is not much spam registration. How they control spams without using captcha. Any idea about it?..

    Avatar of Kunal17
    Kunal17
    Participant

    @kunal17

    Si-Captcha was ineffective in controlling spam registrations on my site. I have to delete 10-15 spammers daily.

    Avatar of Bowe
    Bowe
    Participant

    @bowromir

    Avatar of jittopjose
    jittopjose
    Participant

    @jittopjose

    I read that article. At the end of it, there is a suggestion for using Invisible-defender plugin modified for buddypress. I tried that plugin, but it shows error when a registered user try to login. The plugin available at wordpress plugin site is not for buddypress i think.. Anyway i installed the latest from wordpress plugin site. Let me wait and check whether it block spam registration.

    Avatar of Magganpice
    Sam Steiner
    Participant

    @magganpice

    This is actually one of the greatest issues with WPMU/BuddyPress at the moment. Many people seem to have this problem and when I ask in Twitter nobody seems to have a solution to this. I noticed the problem on a community website I was (am) a member of and then again on a new installation for a community website I am building. Spammers just keep registering.

    Is this more of a problem with WPMU than of BuddyPress?

    Is somebody out there NOT having this problem?

    Avatar of Andy Peatling
    Andy Peatling
    Keymaster

    @apeatling

    This is a problem with WPMU and spammers simply wanting to register spam blogs. I’ve not really seen the problem on standard WordPress, and with blog registration disabled.

    Avatar of Magganpice
    Sam Steiner
    Participant

    @magganpice

    @Andy – so you don’t know of a solution to this? How is it solved on testbp.org?

    Avatar of m@rk
    m@rk
    Participant

    @mrk-1

    @jittopjose : SI CAPTCHA works like charm with BP. It protects my site from spam registrations/ comments since about a year.

    Avatar of jittopjose
    jittopjose
    Participant

    @jittopjose

    Not only wpmu, wordpress Standard also has the spam registation problem.. especially with buddypress.

    @m@rk I know SI captcha work with buddypress. I created a test installation and tried, its works there.. but when i tried in another shared hosting package of same server, it doesn’t. I dont know the reason. The image is not get displayed….

    Avatar of jittopjose
    jittopjose
    Participant

    @jittopjose

    This is my phpInfo() page (http://www.hallowdemonlive.com/test.php). Any of you plz check whether anything missing that require SI Captcha to work?..

    Avatar of Andy Peatling
    Andy Peatling
    Keymaster

    @apeatling

    There is nothing protecting spammers from registering on testbp.org. I get some occasionally, but I nuke them with “mark as spam” as soon as they pop up. I found since with the new default theme spam has reduced significantly.

    SI Captcha is a good spam prevention method. There really are a lot of options, but don’t search for “BuddyPress spam prevention”… this is not a BP issue, it’s a WordPress issue. You need to search for WordPress spam prevention instead.

    Avatar of Andy Peatling
    Andy Peatling
    Keymaster

    @apeatling

    Another good option is to change your registration page slug.

    Avatar of Andrea Rennick
    Andrea Rennick
    Participant

    @andrea_r

    Change the register slug and add more required options on the BP signup page. The sploggers look for the defaults, so change ‘em.

    Avatar of Cyndy Otty
    ceo
    Participant

    @ceo

    With all of the web standards and accessibility built into WP and BP, it really makes me sad that a captcha plugin is the only known solution to this.

    Captchas are probably my biggest pet peeve on a site. Even the ones that aren’t horribly mangled pictures or have sound alienate those with vision and/or hearing loss. The BP site I run gets its share of spam registration — and like Andy I just mark them as spam as quick as I can. But a captcha isn’t going to help me in any way since 80% of my member base (including myself) are blind or visually handicapped.

    @Cyndy: The two posts above you give alternatives to using captcha. It’s not the “only known solution”. SPAMers use bots. Bots look for known text and urls… like “Powered by BuddyPress” or http://www.mysite.com/register or whatever. Changing those things can help a lot. And invisible defender helps too. All without captcha. Which I think everyone will agree… sucks.

    Avatar of Cyndy Otty
    ceo
    Participant

    @ceo

    Clearly, I can’t read. >_<

    I actually already have Invisible Defender running — and I don’t know if it’s really done anything, but certainly it’s better than nothing. And my form is slightly tweaked; don’t know why I never thought to change the slug, though.

    Anyway, thanks David! :-)

    Avatar of stwc
    stwc
    Participant

    @stwc

    Two of the suggestions above, changing the register slug and changing known text in the footer, are things I outline in my article Bowe links above (http://www.bp-tricks.com/tips_and_tricks/stopping-the-sploggers/).

    Avatar of stripedsquirrel
    stripedsquirrel
    Participant

    @stripedsquirrel

    @cyndy: I totally agree with you, Capthca’s are ony good for creating jobs in Asian countries and a useless hurdle to users. I second (third?) stwc and Andrea though: once changing the defaults, splogger change from several times daily to once a month….

    Don’t forget to delete or rename (or empty if you want to avoid loads of entries in your error log) the wp-signup.php file, as that is what most sploggers come in on. Though I am pretty sure that now BP works on WP, some new methods need to be found soon on both sides of the fence :)

    Avatar of Michael Berra
    Michael Berra
    Participant

    @miguael

    Sorry to pick that up… I thought I won with the spammers for I did what stwc wrote in his article (by the way – the site there is down :-()

    But yesterday until now I got about 100 spam-registrations. I did not delete wp-signup.php anymore, because the “reigster” in the admin-bar anywhere else but on the root-blog needs that file… So I thought it’s not a good idea.

    BUT now, the spammers registered with just the name. Although I have alot of additional, required field… How is that possible? I guess, they didn’t come in through the bp-register. Maybe the wp-signup.php directly?

    I have forums disabled altogether and as far as I know this issue with registering through bb-press should not be an issue anymore.

    Would appreciate if someone could give me a further tipp what to do or where they could come from.

    PS: @andy (or the developers): Why is it, that on subblogs the admin-bar “register” doesn’t point to the register-slug but is somehow a redirect from wp-signup.php (which doesn’t work anymore, when I delete or empty the file…)

    Avatar of Michael Berra
    Michael Berra
    Participant

    @miguael

    Update: Even with an “empty” wp-signup.php they are still registering… really strange! Where could they come in, for they don’t need to fill out any required addition fields…?!?! Any ideas????

    Avatar of mlovelock
    mlovelock
    Participant

    @mlovelock

    I’ve no doubt they’ll return, but I haven’t had a spam signup for a fair while. The odd one creeps in, but you can’t stop a determined ‘real’ person. But I haven’t been subject to the continuous signups I used to get when I first started my site.

    The steps I’ve taken are:

    Rename (not remove) wp-signup.php

    Use custom bp-register slug

    Removed “powered by” type text in the footer and other obviously WP / BP phrases

    Installed NoSpamNX

    Installed WP-BAN

    Installed SI Captcha

    Employed the .htaccess rules explained here: http://wpmututorials.com/how-to/spam-blogs-and-buddypress/

    Nothing’s perfect against spam, but certainly for me, these things have helped.

    Avatar of Michael Berra
    Michael Berra
    Participant

    @miguael

    thanks mlovelock – this sounds good. All of this has worked with me before.

    BUT now,

    even that I have blocked with WP-Ban *.info – the spammers with that email get through

    even that I have additional required field (lots of) – the spammers can register just with a name (nothing else)

    even that I have changed, deleted (whatever) wp-signup.php – spammers can register

    MY QUESTION IS: Where do they get in??? Did I overlook a loophole???

    Please – any further help would be much appreciated!!!

    Avatar of mlovelock
    mlovelock
    Participant

    @mlovelock

    The limitation of WP-Ban is that it’s not working at .htaccess level, so it only really does it’s thing if a spammer is polite enough to access your site normally. You might want to look at something like a plugin that’s going to ban IPs and referrers at the .htaccess level.

    Also, had a quick look at your site – I presume you’re talking about http://young-people.ch ? I notice your register page is still /register (albeit translated) – have you tried changing this to something else? There’s eevery chance that the mere translation of the standard ‘register’ slug won’t slow the spammers down.

    Avatar of Michael Berra
    Michael Berra
    Participant

    @miguael

    Thanks for another hint

    No, actually I was talking about http://www.prisma-online.org – but same thing with the slug. I just guess it’s not that, because if they would come in normally, they would have to put something in the additional field, wouldn’t they? (at least, that’s what they always did before I stopped them the first time…

    I now added again the .htaccess rules you described (didn’t change there the changed registration-slug…)

    Does that look right (sorry – on that level I have no idea anymore :-)):

    # BEGIN ANTISPAMBLOG REGISTRATION

    RewriteCond %{REQUEST_METHOD} POST

    RewriteCond %{REQUEST_URI} .registrieren*

    RewriteCond %{HTTP_REFERER} !.*prisma-online.org.* [OR]

    RewriteCond %{HTTP_USER_AGENT} ^$

    RewriteRule (.*) http://die-spammers.com/ [R=301,L]

    # END ANTISPAMBLOG REGISTRATION

Viewing 25 replies - 1 through 25 (of 57 total)

The topic ‘How to control spam registration?’ is closed to new replies.