[kiwipearls]

Buddypress 1.2.4.1 and WordPress MU 2.9.2

I am constantly getting attacked by Spam Blogs registering to my site and creating blogs.

I have done the following:

Modified the .htaccess file with the code that is supposed to stop them
Edited the fileds on my registration page
Changed my registration slug

Use the following Plugins:

1. Akismet
2. Bad Behavior
3. WP-Ban
4. WP-SpamFree
5. WPMU-Block-Spam-By-Math
6. WPMU Super Captcha
7. Invitation Code Checker

I also have required fields in my buddypress profile.

What’s happening is these spam blogs are signing up, but somehow bypassing all the required fields. When I look at their profile, the only field filled in is their username. How is this happening? Is there some sort of backdoor signup page that I missing?

When I go to try and signup and leave fields blank it won’t let me on my registration page. So this is just puzzling me.

I have all this protection, but there is a hole somewhere that they are squeezing through. I have googled wordpress spam blogs and followed all the steps in the guides and still, they get in. The only way to stop this is to de-activate people from joining. Which is not what I want to do. I want real people to join.

http://senilityguild.com/joinsenility/

I eagerly look forward to more help on this.

[kiwipearls]

Got 6 Spam Blogs this morning. I am not very happy.

[Terry Hall]

@kiwipearls the only product I’ve fond effective (about 95%) is the antl-splogging @ http://wpmudev.org – it’s a premium membership site on he expensive side, but it’s working for me. (btw ~ i’ve used all the methods you listed above) – my thinking is that sploggers are hiring people to setup their blogs and answer captchas…

[Sam Steiner]

I am also having this problem – I guess everybody is. I also followed the tips you mentioned and initially, it reduced splogger registrations a lot.

However, I disagree with Terry: there are not real people setting up blogs and answering captchas, these are bots. As kiwipearls mentioned, if you go and try to sign up manually, you have to fill in the required fields.

There is a leak somewhere in BuddyPress/WPMU registration and all methods to stop the oil have failed until now. BP (haha) people say it’s WPMU and the other way around, I guess. The leak has been here for months and nobody seems to want to fix it. Maybe it’s some kind of corruption since the premium site Terry mentioned has a way to fix it.

[Van Murray]

I have a couple BuddyPress installs. The older of the 2 has received 150+ spam member registrations (and blogs) this weekend. All create members like bob45873675 and “Bob’s Blog”.

I have changed slugs, activated recaptcha and followed several blog posts on best practices. What’s interesting is they are somehow bypassing my registration page. I have required fields and have removed the “create a blog” from the registration page; but somehow they manage to create an account and a blog. I also receive “lost password reset” email notices for each account that is created, so maybe that’s a clue to where the issue is.

I was so fed up with it, I disabled registrations completely (only allowing blog creation by logged in users) — and I’m still getting new spam members and blogs (how is that possible??) This seems to be a pretty serious security issue that is different from previous “splogging”…

Vulnerability/hack in the registration or lost password, etc…?? I presume this could be WPMU not necessarily BP?

[Van Murray]

Update: After several days of manually adding users with a form (that matches the registration form); I attempted to re-enabled registrations. Immediately I got 2 new spam users and blogs.

New User: terrence1603615
Remote IP: 65.75.250.92
terrence1603615@LIEMAIL.INFO

New User: cooper7790557
Remote IP: 65.75.250.92
cooper7790557@THEINBOX.INFO

This is only happening on one of my installs (http://anglersites.com). Running WPMU 2.9.2/BP 1.2.2.1. My other install (http://fellowmoms.com) is running WPMU 2.9.2/BP 1.2.3 and is not having this issue.

Any reason to think BP update would resolve this? Looks like current version is 1.2.4.1.

Is anyone else experiencing this? Looks like disabling the registrations stops it; from my previous post these were delayed notices. As soon as I disabled registrations again, I recieved a flurry of “Password Lost/Changed” for a couple users (one of them was an active user that was not newly created). I marked this user as spam.

Surely someone else is getting hit?

[Van Murray]

Also; each “blast” of spam users/blogs appear to come from different IPs, but the username always has a 7 digit number pattern after a random name. They all appear to come from “.info” email registrations.

These registrations are bypassing the public registration form requirements somehow, but I believe they are legitimately activating their account (since I’ve had delays after disabling the registration form). There are entries in both _users and _signups tables that match.

Hope this helps if anyone else is having this issue. I’m open to any temporary solutions for this particular pattern, but more importantly is there a good way to solve this long term?

Is there a way to manually approve members? Maybe some step in between that would allow a manual send of the account activation email?

[David Lewis]

Actually… Terry is correct. SPAMers are in fact hiring people from India to fill our registration forms and CAPTCHA’s by hand. They get paid next to nothing and just sit there for hours and hours a day filling out CAPTCHA’s. I’m sure the majority of SPAM comes from Bots… but it’s not all bots. And there is no way to stop a human short of banning entire countries.

[Adam Nowak]

Try out my plugin, to help combat spam blogs:

https://wordpress.org/extend/plugins/buddypress-humanity