Forum Replies Created
-
Signup questions and codes are a good supplement to the other methods but are also ultimately fallible. In the same way that Captcha is rendered ineffective by human relay attack, so to are questions; it will just take time for spammers to catch on.
It seems to me that the way forward is to incrementally roll out new defences, only presenting new defences when the old ones have been broken. As soon as lots of sites use a defence, that defence will probably soon be doomed to failure: spammers will only take the time to develop new exploits when a particular method of defence becomes popular. I believe this is the only reason why the hidden fields method currently works: its not sufficiently popular to bother coding an exploit for it (even though such a task would take about five minutes).
It works…for the moment. (There’s an obvious way around the hidden fields method). I’ve got some other ideas to make it harder to regex the html, I’ll post back when I’m done.
stwc’s summary of methods does seem to stop a lot of spam, but I’ve still been having some. I tried SI Capthca (https://wordpress.org/extend/plugins/si-captcha-for-wordpress) but that seemed completely ineffective.
My latest weapon in the war has been to modify Invisible Defender (https://wordpress.org/extend/plugins/invisible-defender) firstly to make it work with the buddypress registration page and secondly obfuscate its hidden fields by giving them random names and values:
http://bcbc.co.uk/mu/blog/2009/12/11/wordpress-registration-spam/
Thanks testalib — I was looking through the code myself to try to find what was wrong!
Users don’t seem to get automatically added to groups during registration/activations on my setup for some reason. Is there something wrong with the hooks? The functionality does when when users edit there profiles.