Fighting Splogs
-
Hi everybody
I know this is kind of an endless topic – at least it seems so, when I read the threads over at mu.wordpress.org…
My questions is the following – could it be, that some plugins do not work with buddypress, because it is not using the wp-signup.php?
That is what I tried:
– rename or even delete the wp-signup.php…
– Using a captcha on my registration page (register.php)
– I installed the hashcash plugin with signup-protection activated (without aksimnet), but it seems, that it doesn’t do anything – I still get spam registrations.
Any ideas? It is very anoying…!
I post this here, because I think this is just a great community of helpers!!!
-
I’d like to know this as well. I get spam blog that apparently go around my custom signup process – name not capitalized etc.
Can you “safely” delete certain WP or WPMU registration files? Which ones are obsolete when you use BP? Would that fix part of the problem?
Any help on this one… I am pretty sure, this is a WPMU related issue, but the forum-answers over there do not really work for me (as described above). Those registrations seem to go directly – or buddypress “opened” another door…
THANKS!
You also have to secure your bbPress install from spam signups (if you have forums installed).
Things you’d want to do is disable registrations in bbPress and redirect attempted signups to WPMU’s signup page.
I did – I just deleted the register-page in bbpress (I read that should do it…)
Michael, you can also try protecting spam signups by using a RewriteRule in your .htaccess:
http://wpmututorials.com/how-to/spam-blogs-and-buddypress/
This is quite an effective method that will stop most spambot signups (except the manual ones!)
I did that (RewriteRule in .htaccess) – did not help me.
So I’m with you, Michael (did all you did), very interested in any NEW solutions.
You could also try some WP plugins that add additional hidden, input fields to the registration form:
-Invisible Defender – https://wordpress.org/extend/plugins/invisible-defender/
-NoSpamNX – https://wordpress.org/extend/plugins/nospamnx/
Chances are a spam bot will fill these input fields in, and thus these plugins will block these submissions.
—
I’ve been meaning to give this a shot, but I haven’t tried it yet because I don’t need the extra layer of protection (right now anyway)!
@r-a-y – thanks for the htaccess link – I’ll try that (with the bp-explanation) – hopefully it works…
i don’t know if robots go directly into db, or use the wp code…
but one thing you can try is to hack a little the register_new_user function in wp-login.php
to ban some email domains like “XXXX@myspacee.info” witch massevely occurs in the past last weeks….
function begins at line 228 (v. 2.8.4a)
add this on line 233
$email_check = explode(“@”, $user_email);
insert also this at line 248
} elseif($email_check[1] == ‘myspacee.info’) {
$errors->add(‘invalid_email’, __(‘ERROR: The email address isn’t correct.’));
insert the same code and change the mail domain name if you need to ban more domains
In use with invisible-defender, wp-ban and wp-spamfree i think you would be quiet for a moment with unwanted registering of blogs or users.
Thanks – but sadly nothing seems to work:
I have now:
– rename or even delete the wp-signup.php…
– Using a captcha on my registration page (register.php)
– I installed the hashcash plugin with signup-protection activated
– deleted the register-page in BBpress
– added the .htaccess lines
– (and by the way added a couple domains to block in WPMU backend – but still the same domains get through
Is there really no way out?
did you try my solution ?
Is there any way to enable captcha or something similar on BP private messaging?
That’s where I’m seeing more and more abuse lately. Somehow sploggers register with my site, then PM all the users with kiddie port links. It’s really bad.
I don’t quite have a handle on how they’re doing this. There must be some sort of evil script that goes through the member directory and messages member after member. Have other people seen this, and, if so, any suggestions on how to combat it?
@ Ted. That is very annoying! I am not yet too familiar with BP, but is there a way to open PM only between friends? Either via plugin (should be core methinks) or setting?
Which means the sploggers need to send our friend requests first. If somebody is stupid enough to accept a friend request from 0rgazm-hard007, then he deserves the kiddie links
On WPMU, just renaming the sign-up page and adding a few hundred domains to the sh*tlist blocked 99% of all splogs, I assume the rest is manual.
No sure how it works with the new BP regster page, can you simply rename that as well?
Cheers
r-a-y, I’d like to try the .htaccess solution, but the instructions are very ambiguous:
# BEGIN ANTISPAMBLOG REGISTRATION
RewriteCond %{REQUEST_METHOD} POST
RewriteCond %{REQUEST_URI} .yourbpsignupslug*
RewriteCond %{HTTP_REFERER} !.*yourhomedomain.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^$
RewriteRule (.*) http://die-spammers.com/ [R=301,L]
# END ANTISPAMBLOG REGISTRATIONShould I leave the dots (.) and stars (*) around ‘register’ and ‘mywebsite.com’?! What would be mybpsignupslug if I have the registration form on my homepage as well as /register?
Chouf1, are you sure wp-login.php is even used in Buddypress registration?
Edit: Tried the code. I get an “Parse error: syntax error, unexpected T_ELSEIF”.
Unless you have 1 million splogs sign up a day, you can always manually check and delete each splog. Trust me, you can discourage spammers to splog you, but you won’t be able to get rid of new spammers and new splogs. Unless you have a smart programmer that programs a good algorithm in recognizing splogs and spammers, but it probably gonna cost ya big time.
@Arghagain, that’s a bit fatalistic. I am removing them manually now, but they all sign up with *.info email addresses. There should be a way to block those.
Apparently the Banned Email function in wpmu doesn’t work because of a stupid bug and anyway it doesn’t allow wild cards. Are wp/wpmu/bp developers even working on this or are they too busy adding “cool” widgetize features etc.?
@ Peter – sure certainly not, but each incoming door need to be monitored
since i use the trick i have no more splogs or spammer registering !
wp-ban works nice, invisible defender also and wp-spamfree did correctly his work too….
a little additionnal htaccess hack and the wp-login file hack make things going right for me.
I put some emails in the wp ban admin but i don’t know if this works correctly.
I didn’t use captcha or similar techniques.
for me, the ultimate solution to this would be for WPMU to allow username signups only and at the same time only allow logged in users to create blogs.
they have these options separately, but it doesn’t work together like I would like.
that way if it’s a bot, they wouldn’t sign up if they couldn’t get a blog. chances are they wouldn’t sign up, wait for the email, then log in, and then create a blog. to much work possibly.
thoughts?
possibly, there exist new semi automatic method?
a spambot that present to human a captcha so that the spammer only need to enter the captcha and everything else is automatic…?
oh yes, there is an entire industry in especially central Asian countries (Bangladesh is huge) where halls of people solve captcha’s for $1 per 1000-5000 captchas.
See http://ha.ckers.org/blog/20080311/human-captcha-breaking/
Don’t forget to read the last 5 comments or so
Though I am in favour of having spammers employ and pay poor people in Asia, I hate spam even more and have abolished all captchas from my site as still too many people cannot read them, so it is chasing people away. And, as the link above proves, they do not help anyway.
@anonymized-96400
InactiveI know what work I’d pick if the choice is between backbreaking rice fields, backbreaking shipyards and captcha solving. So, please support Bangladesh and leave your captchas intact $1 per 1000-5000 captchas sounds like a pretty decent salary for the subcontinent…
how about checking all blog posts and all pm to akismet/typepad antispam?
only certain trusted group are excluded.
or perhaps after the user post a dozen good, non-spam content…
I’m so sick of this I think I’m going to disable blogs. not sure this is worth the headache anymore.
BeLogical… I am also unable to beat those suckers. But unless u have tons of registrations, you may want to follow what may be my final option, and that is to install a separate registration form, may be even a simple email form, and then select who I allow in and who I should delete. This means disabling WPMU/Bpress registration at this stage. This way at least, I can check my email in the evening and inform those allowed. Otherwise, I spent my entire week checking my blackberry only to notice a mountain of unwanted blogs. If you are looking for a simple free email form with the ability to include attachments (like avatar), I’ve tested this one and it is just a one minute install and works just fine. http://www.maianscriptworld.co.uk/free-php-scripts/maian-mail/free-contact-form/index.html – At least I may (not sure yet) get spammers in my inbox as opposed to allow them in.
- The topic ‘Fighting Splogs’ is closed to new replies.