Skip to:
Content
Pages
Categories
Search
Top
Bottom

SPAM Domains to add to your block list

  • Avatar of zageek
    zageek
    Participant

    @zageek

    I posted this list earlier but it didnt seem to post properly:

    These are the domains used in email accounts so far to sign as sploggers…. I will try to update this list as more sploggers sign up. Hope it helps you guys.

Viewing 25 replies - 1 through 25 (of 26 total)
  • Sorry, but we don’t want a list of spammers’ domains listed here. Whilst you have a good idea, posting a list of domains is likely to be helping the spammers get better results in search engines, etc.

    Avatar of zageek
    zageek
    Participant

    @zageek

    OK. Cant we make an internal feature to allow us to share list with eachother then so that we can fight these spammers. It really pisses me off and I wish I do DDOS attack on those domains and their IP’s.

    Perhaps a plugin that can sync up with a latest list. It seems like the Splog problem is not being taken seriously enough

    Avatar of Andrea Rennick
    Andrea Rennick
    Participant

    @andrea_r

    “It seems like the Splog problem is not being taken seriously enough “

    Sure it is – but a bunch of the devs have open test sites and aren’t getting hammered by splogs because they made a few simple changes, which they DID post about.

    There’s tons of solutions posted all over. I’ve found you have to use a lot of them, the main one being change the default signup. Did you do that? Is your register slug custom? Have you added a couple of extra required fields on the signups page?

    Avatar of zageek
    zageek
    Participant

    @zageek

    I did all of that, infact I changed the signup slug to something completely random by just punching the keyboard randomly and those dam sploggers keep on appearing.

    Something I have noticed is that if only a handful of users experience a problem and the devs and gods aren’t experiencing it then its regarded as a non issue. Sorry for being so blunt but thats just the impression I get.

    There are many threads with problems by users that don’t go anywhere because of this.

    Avatar of Andrea Rennick
    Andrea Rennick
    Participant

    @andrea_r

    If the devs can’t reproduce an issue, it’s pretty hard to fix, right? :)

    Avatar of zageek
    zageek
    Participant

    @zageek

    Thats true, it just seems that some users seem to run into odd little problems that the devs may or may not get because they may not have users on their test sites interacting with the site in the same way.

    But with time I am sure everything will be ironed out.

    Avatar of Bbrian017
    bbrian017
    Participant

    @bbrian017

    zageek how do I make it so all the accounts at my site have to be manually approved?

    What section of the admin cp is that in?

    Avatar of stripedsquirrel
    stripedsquirrel
    Participant

    @stripedsquirrel

    I don’t think anybody can stop you from posting a file on your server with domains and IP’s which you advise to be blocked… I actually think it would be a good idea to have this info centralized, an Akismet for sign-ups if you please, would save a lot of effort.

    Just checked wp-ban’s stats and 4 IP’s were blocked over 1000 times. Though it does not stop splogs, it serves as a good example that sharing info might help, especially if the signup page can check a database of known sploggers or words in blog titles.

    A nice feature would be (plugin request!) to have:

    - an extra field on signup. Skip all the usless and annoying captcha’s, just a simple question: “why you want a blog?” or more specifically: “what are you going tor write about?”

    - the opportunity to manually approve/delete sign-ups based on their answer, at least blocking the unapproved from appearing in blog lists, sidewide activity etc, basically making it 100% private (only vsible for admins) until approved.

    Before you ask: I cannot make this, but I will be happy to test if some more skilled person can!

    Avatar of Andrea Rennick
    Andrea Rennick
    Participant

    @andrea_r

    “A nice feature would be (plugin request!) to have:

    - an extra field on signup. “

    Then add an extra required filed in the BO backend.

    Avatar of zageek
    zageek
    Participant

    @zageek

    @Bbrian017 I actually do that by manually logging in once of twice a day, and marking users and blogs as spam at my discretion. If in doubt I email the person who signed up and ask them something a spammer wouldn’t know. My site is aimed at users in my country only so there are many things I can ask them that genuine users only would be able to answer. Its tough going.

    I think there must be someway to do this through WP though as you can do this with many other CMS’s and forum scripts where you can only allow registrations after approval

    Avatar of stripedsquirrel
    stripedsquirrel
    Participant

    @stripedsquirrel

    Hi Andrea. Yes, that 1st part is quite easy with BP :)

    the 2nd part is tougher though, as far as I know:

    “- the opportunity to manually approve/delete sign-ups based on their answer, at least blocking the unapproved from appearing in blog lists, sidewide activity etc, basically making it 100% private (only vsible for admins) until approved.”

    Avatar of Bbrian017
    bbrian017
    Participant

    @bbrian017

    Adding an extra feature on signup or even adding a question doesn’t help.

    Avatar of Andrea Rennick
    Andrea Rennick
    Participant

    @andrea_r

    “Adding an extra feature on signup or even adding a question doesn’t help. “

    If you have just the defaults, you will get hammered with spam. No question.

    Part of the issue is how they are finding your site and how they are signing up. What works for one site may not work for another as there are quite a number of sploggers out there who wrote programs (I’ve seen them advertised) to hammer your sites. They look for the defaults.

    But in my experience, to stop the splogs to a trickle, you have to do a number of things, not just one or two. Andy has a number of fields on signup at testbp.org and doesn’t have a splog issue. The domain has been up long enough for them to find him.

    There are signup moderation plugins for MU. I have no idea if they work with BP, but someone can modify them. there are also a number of suggested bot-stopping plugins that are suggested, that I have found DO work, but many people reading about them discount it as they think it only applies to comments. Some sploggers use the exact same techniques. Bad Behavour works. Cookies for Comments works.

    Avatar of zageek
    zageek
    Participant

    @zageek

    I wonder where the spammers get the time to figure out ways to spam sites is there like a spam university or something lol

    On my site I even disabled registrations and I still two splogs appear after that, which is very confusing for me indeed.

    I can see one problem with sharing info on this forum about fighting spam, and that is that it will give the spammers the info they need to come up with counter attacks. I propose we start a spam eater group where we can share spam info behind the scenes, in fact I am going to start it now, not a perfect solution but still one that could work. What do you guys think?

    http://buddypress.org/groups/spam-eater

    Its a private group but anyone is welcome to join.

    Avatar of Bbrian017
    bbrian017
    Participant

    @bbrian017

    I had 110 e-mails this morning and over 60 spam accounts.

    Where am I supposed to find time for this?

    I looked at the bp demo site registration I don’t see much different besides the date of birth…

    http://testbp.org/register/

    Avatar of Andrea Rennick
    Andrea Rennick
    Participant

    @andrea_r

    Bbrian – what exactly have you implemented to stop splogs? I’m not being sarcastic. If I know what you’re tried already, I can suggest different things other than telling you things you tried already.

    “I wonder where the spammers get the time to figure out ways to spam sites is there like a spam university or something”

    They buy automated scripts. Seriously, I can send links. They google for default text like “powered by buddypress” and “/register/”, plus they jointly build lists of BP-powered sites and share them, so they can then drop these lists of sites into their programs.

    Part of stopping them relies on figuring out how they come in, which we’ve spent time doing.

    Avatar of Bbrian017
    bbrian017
    Participant

    @bbrian017

    I simply did the easy things. I added yes or no questions. I put in default profile fields they would have to answer and I added a date of birth field.

    What I don’t understand is right now I have registrations closed and they are still signing up.

    Registration has been closed for almost an hour and I still got 8 or 9 spam accounts over the last 40 minutes.

    How is that possible?

    Avatar of Andrea Rennick
    Andrea Rennick
    Participant

    @andrea_r

    Go turn off the ability for users to add other users. If you already have spammers in your system, they’ll let others in. It’s under Site Admin -> Options.

    Doing the easy stuff is just the first level of defense.

    Avatar of Bbrian017
    bbrian017
    Participant

    @bbrian017

    So now what?

    I sit here with a website that doesn’t allow registrations?

    Something official from buddy press or WPMU needs to be written…

    what do I do?

    Avatar of Mike Pratt
    Mike Pratt
    Participant

    @mikepratt

    @Bbrian017 I feel for you, ma. I am scratching my head. On my prod site, in over 18 months (since pre-BP alpah no less) I have had maybe 9 or 10 spam accounts. While I have a bit more of an involved signup process (just a bunch of addl required fields) I don’t have anything else. Blog creation IS disabled, so maybe that help? Not sure.

    Ieven had sCaptcha going for awhile btu took it down as folks had so much trouble reading the stupid characters.

    Still thinking of what’s up in your case. Hang in there.

    Avatar of zageek
    zageek
    Participant

    @zageek

    Thanks Andrea I didnt even realise that other users could add new users, because I was also wondering how they were spamming me even after I disabled registrations.

    I feel kind of sorry for the spammers, because if we all put our heads together they won’t have anymore sites left to spam. I still wonder why they are attacking buddypress, is it to drive users to other platforms? Enemys of Buddypress?

    So far I have built a list of domains, most of them are .info or .co.cc in otherwords free domains and of course some .com domains. They get clever and get a user to sign up with gmail every now and then to trick me. So i just ban the Gmail users and send them an email from my personal account asking them who they are if they look legitamate. Luckily for me I am in South Africa and its easy to spot non South African “culture” in terms of the types of names and usernames of members.

    I have also checked where the IP addresses come from and most are coming from the United States ( do they use proxy servers and could the be from elsewhere in the world) Some IP addresses are also from Sweden.

    Btw, I was also angry and blamed the devs for this problem but the more I devote time to looking at the more I am starting to realise that no matter what BP devs do the spammers always try new things and if the devs had to devote lots of time to fighting spam all the time they would never have a chance to improve buddypress and sort out bugs that come along. And if they didnt sort out the issues we would be even more upset.

    So I think the fight against spam is in our hands the users, it will also help us learn more about being better webmasters. Its also the least we could do to help give back something in exchange for a product that we are getting for free and that could quite easily be charged for. We need to stop expecting things for free and in our laps and learn to be greatful for what the developers of open source software are putting in and giving away for free.

    Avatar of foxly
    foxly
    Participant

    @foxly

    zageek and Bbrian017 – what are the URLs of the websites that are getting spammed? I will take a look at them for you.

    ^F^

    Avatar of Andrea Rennick
    Andrea Rennick
    Participant

    @andrea_r

    “I still wonder why they are attacking buddypress”

    Backlinks, that’s it.

    “I am starting to realise that no matter what BP devs do the spammers always try new things “

    and this is open source. the code is OPEN. That means whatever is put in to stop spam, the code is viewable by spammers who just rewrite their programs to get around it.

    “the fight against spam is in our hands the users, it will also help us learn more about being better webmasters”

    Yes! :D If you are setting up a site to host other people’s information, then you have a responsibility as a webmaster to maintain your site.

    Avatar of Roger Coathup
    Roger Coathup
    Participant

    @rogercoathup

    I’m getting about 50 spam registrations a day on one client site since the start of this week.

    We’ve modified the register slug, changed text on the register page, deleted the wp-signup.php file, and implemented the following in our .htaccess file:

    # BEGIN ANTISPAMBLOG REGISTRATION

    RewriteCond %{REQUEST_METHOD} POST

    RewriteCond %{REQUEST_URI} .join-lorem*

    RewriteCond %{HTTP_REFERER} !.*mydomain.com.* [OR]

    RewriteCond %{HTTP_USER_AGENT} ^$

    RewriteRule (.*) http://mydomain.com/spam-prevention [R=301,L]

    # END ANTISPAMBLOG REGISTRATION

    Still the spammers are getting through.

    Turning off blog creation / new user registration is not an option… otherwise, there would be no point in trying to offer a blog platform / social community.

    Asking users to wait until their application to join is approved, or asking them to fill in additional fields at signup will just hamper the chances of them signing up and using the site.

    Anyone have any suggestions?

    I don’t want to tell clients: “we’ll build on BuddyPress for you, but you might have to remove 100s of spam blogs every week”

    Note: the problem is worse than just the backlinks they create, it also reflects badly on the professionalism / appearance of your site, as their spam posts show up in activity streams, in aggregators (such as showing recent site wide posts and so on).

    This is a serious problem.

    Note: a lot of these registrations come from a small number of IP addresses, is there anyway to block certain IP addresses from registering?

    Avatar of Roger Coathup
    Roger Coathup
    Participant

    @rogercoathup

    .. I forgot to add, we’ve also disabled blog administrators from adding new users

Viewing 25 replies - 1 through 25 (of 26 total)

You must be logged in to reply to this topic.