Skip to:
Content
Pages
Categories
Search
Top
Bottom

What do your spam signups look like?

  • Avatar of stwc
    stwc
    Participant

    @stwc

    I just basically opened my new site to signups, and I’ve been getting a couple of signups a day, but I’ve just realized they’re more than a little suspicious. The tip-off was that the ‘Where are you from?’ basic profile field required on my /register form was gibberish for all of them (yeah, I know, should have been obvious, but). Everyone of the usernames are reasonable given name/surname combinations with a year tacked on the end, as well, like derrickthornton1983 and so on.

    Damn it.

    The weird thing is that one of those accounts seems to have successfully posted a blog post, which scares me if it’s a bot. And confuses me, too — I had no idea that that level of sophistication might be possible. Here’s the link: http://jobsee.kr/community/juliedecholet/2009/11/12/depuis-le-temps-voil-ma-page-personnelle/

    Note that the useraccount name is derrickthornton1952 on BP, the site URL is juliedecholet, and the ‘post’ is signed Jessica. Pretty certain this is spam of some kind.

    So, are you folks having the same problems? Does your spam look like this, too? What do you reckon is the best way to choke it off? Could you tell me (and us) about your experiences? I wonder how this site itself deals with the issue — I assume as the oldest Buddypress install (and the one at testbp.org) it must be hit the hardest.

Viewing 25 replies - 1 through 25 (of 25 total)
  • Avatar of stripedsquirrel
    stripedsquirrel
    Participant

    @stripedsquirrel

    Yep, I had 5 like these today and several before past weeks:

    firstnamelastname19xx as usernames, all from different email domains.

    They did not post, but also did not have much time to do so.

    I mark them as spam immediately, but am tired of doing so, so hope a splog solution is nearing…

    Avatar of stripedsquirrel
    stripedsquirrel
    Participant

    @stripedsquirrel

    Make that 6.. oh, and they are all from different IP’s as well, so wp-ban also does not much good.

    Avatar of nightowl99
    nightowl99
    Participant

    @nightowl99

    Me too. Same issue. They even tick a checkbox and get past a Captcha . BP User ID and required text field entry contain a short random string like A6vLtHqlgT.

    The .htaccess modification described by D’Arcy Norman doesn’t work in these cases.

    Avatar of stwc
    stwc
    Participant

    @stwc

    As a first attempt, I’ve tried changing the register slug in wp-config and some of the phrasing used on register.php (after copying it from bp-sn-parent to my child theme) to see what happens… will report back on whether or not it confuses the bots.

    Avatar of Mariusooms
    Mariusooms
    Participant

    @mariusooms

    Same problem,started about a few days ago. Bots are signing up a few times a day, firstnamelastname19xx.

    Interesting is that I notice in my stats some ip found my site by searching for “proudly powered by WordPress MU and BuddyPress”.That could be a reason that this particular bot is finding and attacking bussypress installs.

    If this bot is getting past Captcha, I would recommend applying a reverse Captcha technique. Just do a bit of Googling on this, it uses a hidden field as a honey pot which bots will fill in, but normal users will not. When filled in you can redirect them to a page of your choosing.

    Please report your findings and how you deal with this as it would be very helpful.

    Avatar of stwc
    stwc
    Participant

    @stwc

    Thanks for that — I’ll take the ‘proudly powered’ bit out of the footer for the moment, too, and see how things go. Simple solutions first if possible… ;-)

    Avatar of Michael Berra
    Michael Berra
    Participant

    @miguael

    I don’t have that sentence in my footer, but same problem. They come past the captcha. I deleted the wp-signup.php. Changes nothing. Htacces-Trick doesn’t help.

    I would be also very interested in a solution!

    Avatar of danbpfr
    danbpfr
    Participant

    @chouf1

    I have had the same issues as you all these summer.

    Since approx. 2 mounth i have nomore fake user or fake blog. And no spam too !

    I erased daily and manually all spammer reference in my DB. Mail adrress, blog content, names and so on… An endless job with no success at least. And i don’t use Askimet. I can’t explain why (or only in french), but i don’t.

    I’ve installed wp-spamfree (who blocked 45 spam comments since i installed it in july), invisble-defender (who blocked 76 spammer in the same period) This is really less

    I use also wp-ban, here i have given some ip ban’s instructions, banned some referrers like these:

    http://*.onlq.com

    http://*.myspacee.info

    http://*.host-a-site.info

    and some wildcarded user agents like zhanglingjuan*

    in my htaccess i have this, wich is very powerfull(i think it is this who reduced mostly my spammers)

    Test it and see in your log file how many “libwww-perl” call you receive in a day and see what is in the url. You will stunning !

    # Blocking access from libwww-perl, and blocking urls that include “=http:” to eliminate bot attacks

    RewriteCond %{HTTP_USER_AGENT} libwww [NC]
    RewriteRule ^(.*)$ - [F,L]

    RewriteCond %{HTTP_USER_AGENT} www-mechanize [NC]
    RewriteRule ^(.*)$ - [F,L]

    RewriteCond %{REQUEST_URI} !(wp\-login\.php|\/wp\-admin\/) [NC]
    RewriteCond %{QUERY_STRING} ^(.*)=http [NC]
    RewriteRule ^(.*)$ - [F,L]

    # END ANTISPAMBLOG REGISTRATION

    Avatar of Michael Berra
    Michael Berra
    Participant

    @miguael

    Thanks Chouf

    I just implemented the code above (just like it is, is that correct???) a couple minutes ago… Since then I already have to spam-registrations and blog-creations…

    So, I will try the wp-ban also…

    Avatar of Svenl77
    Svenl77
    Participant

    @svenl77

    count me in…

    brentschroeder1963

    Some month ago, I change my registration process, and become spam free.

    Just sometimes, I had a spam registration, but thy never had a user role.

    Also I never get a registration mail.

    And they not able to create a blog, or even post.

    But this morning I have a new user: brentschroeder1963

    Also with registration mail, a new blog …..

    brentschroeder1963

    Avatar of danbpfr
    danbpfr
    Participant

    @chouf1

    @michael -> de nada

    Attempt will continue a few days after you did changes. The time spam robots refresh their attack strategy, heu, their cache…

    I couldn’t say to you “be patient”, i know you are, but…wait a little ? This is not Nescafé, but computing… ;-)

    Avatar of stripedsquirrel
    stripedsquirrel
    Participant

    @stripedsquirrel

    They keep on coming. Thsi should really get some attention from Andy & JJJ. Just check out the http://testbp.org website. The entire homepage is 9and has been for at least several days) filled with spam (from sidewide activity), so they apparently cannot stop it either.

    It is not a good sign to have the public testsite full of splogs and spams methinks, but at least it is truthful as it shows what it is like: BP & MU attract spammers who cannot be stopped easily…

    Avatar of Michael Berra
    Michael Berra
    Participant

    @miguael

    @chouf: hmmmmm, ok. By now it’s getting worse… not because of your htaccess-thing, but it doesn’t really seem to do anything. Did I get that right: I just take the code above as it is and that should do the trick?

    Avatar of AndreMartin
    AndreMartin
    Participant

    @andremartin

    I have the same problem but it’s not so much the issue of spammers coming to the site than non-working defense measures.

    I have failed to find any reasoning behind the dropping of wp-signup.php and replacing it with /register (what’s the .php file for that btw?) in BuddyPress but that’s the reason for a lot of spam problems.

    When you install a number of WP and WPMU anti-spam plugins, they add their own features to the signup page – which in WP and WPMU is wp-signup.php.

    Now as it has been pointed out in about all spam-related posts, people even delete that file with no success to the spam issue. This confirms the problem that I believe could reduce the spamming significantly:

    - WP and WPMU anti-spam plugins do *not* have any affect on the BuddyPress /register page.

    Is it because some hooks are missing? I’m not sure as I’m not that deep into it but I think so.

    My request to solve this problem and address the spam issue:

    - either BuddyPress will return to use wp-signup.php, or

    - makes sure that anything added by plugins to wp-signup.php is also added to whatever page is serving the /register URL.

    No matter hashcash, captcha or security question (all nice and working (with wp-signup.php) plugins), they can’t add their stuff to the BuddyPress signup page.

    Why I don’t use wp-signup.php manually (like redirect URL to there)? Because it’s a blank page (told to die somewhere in BuddyPress if I remember right).

    Avatar of Oliver Wrede
    Oliver Wrede
    Participant

    @owrede

    Hello.

    I do have spam user registrations even with registration option set to:

    [*] Only logged in users can create new blogs.

    I understand this option to say that new user registrations are DISABLED but registered users may create blogs. Unfortunatly the “Register”-Button appears in the welcome widget with that setting — even though clicking it will redirect back to the homepage.

    To disable the above option also disables the blog creation — which I do NOT want.

    For an unkown reason I do see spam registrations (a couple per week) but it seems those users are not able to login and create blogs (or comment). I also do NOT get the usual notification mails for new user registrations.

    It seems like a bug to me.

    Avatar of Michael Berra
    Michael Berra
    Participant

    @miguael

    Hmmm – I installed the Plugin from Dennis Morhard “Invitation Code Checker” (http://wordpress.org/extend/plugins/invitation-code-checker) and changed the text a bit, so that my users know, which the code is when they register. Since then (a couple days now) ZERO spam signups… I hope it stays like that and the plugin is not too upset, that I misuse it :-)

    Avatar of Andrea Rennick
    Andrea Rennick
    Participant

    @andrea_r

    We modded D’Arcy Norman’s solution above so it would work on BuddyPress. At least it did a while back. Someone wanna give this a whirl again?

    http://wpmututorials.com/how-to/spam-blogs-and-buddypress/

    # BEGIN ANTISPAMBLOG REGISTRATION

    RewriteCond %{REQUEST_METHOD} POST

    RewriteCond %{REQUEST_URI} .yourbpsignupslug*

    RewriteCond %{HTTP_REFERER} !.*yourhomedomain.* [OR]

    RewriteCond %{HTTP_USER_AGENT} ^$

    RewriteRule (.*) http://die-spammers.com/ [R=301,L]

    # END ANTISPAMBLOG REGISTRATION

    Avatar of levin
    levin
    Participant

    @levinng

    @Andrea_r

    thanks for your handy information, do you know is it work for sub-domain configuration too?

    Avatar of stwc
    stwc
    Participant

    @stwc

    Cross-posting this here from another thread. It’s now about a week since I’ve had anymore of the firstnamesurname19xx signups.

    Well, I don’t know — I seem to have lucked out, or it’s just that my site is too new and so-far untrafficked, but the few very simple, small changes I made last week seem to have stopped the firstnamelastname19xx signups.

    1) I changed the some of the text on the /register page.

    2) I removed the “powered by” text in footer.php of my child theme (someone mentioned that it was being searched for)

    3) I changed the register slug in wp-config.php

    4) Added a functions.php file in my custom childtheme with the following code to redirect signups for all blogs to the Buddypress register page

    function rk_signup_redirect() {
    if (strpos($_SERVER['REQUEST_URI'], 'wp-signup.php') !== false ) {
    $url = 'http://mydomain.com/customregisterslug';
    wp_redirect($url);
    exit;
    }
    }
    add_action('init', 'rk_signup_redirect');

    where mydomain.com is, you know, my domain, and customregisterslug is the slug I changed in step 3.

    I don’t think I changed anything else — no captchas or anything — and I’ve received zero splog signups in the 5 days since, after getting a few a day before that. Fingers crossed.

    Avatar of levin
    levin
    Participant

    @levinng

    @stwc

    Thanks for your effort, i just put it into my site, hope it can stop the spam registration.

    Avatar of podictionary
    podictionary
    Participant

    @podictionary

    @Andrea_r No joy. Tried the # BEGIN ANTISPAMBLOG… code and just got another bot registration “terrancecline1973″ a moment ago.

    Avatar of levin
    levin
    Participant

    @levinng

    Tried @stwc change register-slugs suggestion, zero spam registration in a week! thanks alot!

    Avatar of stwc
    stwc
    Participant

    @stwc

    Glad to hear it, levin! Hopefully that’ll hold the floodwaters back until the next generation of bots finds a way around it.

    Avatar of Nick Watson
    Nick Watson
    Participant

    @nickbwatson

    @stwc and everyone else.

    I’ve been experiencing problems with spammers constantly, I would get about 11 a day, (at the minimum). I’ve tried several things, reCaptcha, email activation, email domain blocking, etc etc and nothing seemed to help with the bot spammers.

    All they were doing was creating users with a few profile fields filled out, so there was no big issue, it was just annoying seeing so many fake users on the site.

    So all I did out of the suggestions here was enter the code provided for the .htaccess file :

    # BEGIN ANTISPAMBLOG REGISTRATION
    RewriteCond %{REQUEST_METHOD} POST
    RewriteCond %{REQUEST_URI} .yourbpsignupslug*
    RewriteCond %{HTTP_REFERER} !.*yourhomedomain.* [OR]
    RewriteCond %{HTTP_USER_AGENT} ^$
    RewriteRule (.*) http://die-spammers.com/ [R=301,L]
    # END ANTISPAMBLOG REGISTRATION

    And it seemed to have worked. For the signup slug, I used wp-signup.php. And so far, for about a day and a half now I’ve only found 1 bot spammer. Drastically reduced, but not quite fixed.

    But we’ll see. I’ll post back if there is any change, or after a few days of no spammers.

    Hello,
    I am leaving this here in case anybody else is at wits end with this problem. I installed the following plugin:

    http://wordpress.org/extend/plugins/si-captcha-for-wordpress/

    It is a capcha for subscriber sign up. Our buddypress has not been released yet, and we were getting upwards of a dozen spam sign ups a day. I installed this plugin a week ago. So far, no spam signups. I hope this helps.

Viewing 25 replies - 1 through 25 (of 25 total)

You must be logged in to reply to this topic.