Skip to:
Content
Pages
Categories
Search
Top
Bottom

Search Results for 'spam'

Viewing 25 results - 2,201 through 2,225 (of 2,711 total)
  • Author
    Search Results
  • #66327
    Windhamdavid
    Participant

    All in all, here’s my approach that I use on MU/BP sites ~

    1) modify the register/register.php wp-signup.php hardcoded default text and url slugs.

    2) enable xprofile and require additional fields upon registration.

    2) use a captcha ~ i’m fond of ReCatcha

    3) make sure you and check the NO setting under “Allow blog administrators to add new users to their blog via the Users->Add New page. ” in wp-admin/wpmu-options.php “Admin > Site Options”

    4) I ban or limit the registration domains (also in Admin > Site Options) so that the commonly used spammer domains are blocked from registration and then I add an email contact for owners of these addresses to manually request registration. I hide the email address from bots with HiveLogic EnKoder

    5) I then firewall off entire blocks of IP’s from my servers from commonly used spammer IP ranges you can find at sources like spamhaus.org .. and considering that these are one language sites, the need for access for the IP blocks on the pan asia network or eastern europe are unlikely. If you have a multilingual site, this might cause issues to very few users. Cpanel, Plesk, BSD, etc have tools to do this.. if you’re on a shared server, ask your hosting provider if they can do it for you, and they may be likely doing it already.

    6) I also recommend using Askimet.

    #66324
    Michael Berra
    Participant

    @windhamdavid – thanks for the hint about bbpress… didn’t know, that the register-file was still there… Now I deleted it (just in case) – although forums are not even activated in my install. By now, still no spammers registering… could be that activating hashcash again did the trick (although I really don’t get it why, for as far as I know it just protects the register-form, right? and it seems, that wasn’t even used…


    @chouf1
    On the install I am havong troubles with there is NOT ONE spammer for sure. I know all of them personally! In my other install (I have 0 troubles until now, I will check back on that. thanks for the hint)

    PS: Chouf1 – wow, do you speak swissgerman :-)

    #66319
    danbpfr
    Participant

    für ä’biräbitzeli drischnure…

    Did you show into the comments or posts on the different blogs ? There are sometimes strange links that can appeal to spammers. Some long post with many links inside or many Viagra words. You see what i mean…

    I recently did such a search and find some on my “trusted members” blogs.

    #66318
    danbpfr
    Participant

    für ä’biräbitzeli drischnure…

    Did you show into the comments or posts on the different blogs ? There are sometimes strange links that can appeal to spammers. Some long post with many links inside or many Viagra words. You see what i mean…

    I recently did such a search and find some on my “trusted members” blogs.

    #66317
    Windhamdavid
    Participant

    let’s continue this thread over here ~ https://buddypress.org/forums/topic/how-to-control-spam-registration/page/2

    and did you try that recommendation regarding bbpress?

    #66304
    Andy Peatling
    Keymaster

    I’ve already answered this question.

    If you have a spammer with admin access on a blog, they can add new users to that blog. They are then new users in the system since WPMU shares a global users table. So essentially once a spammer has a blog they can get others in.

    This is simply the way WPMU works, and if I try and change that, people shout and scream at me. The reality is, if you want to use WordPress MU and BuddyPress along with it, you are going to have to manage this somehow. Otherwise, just use standard WordPress since it doesn’t have these issues.

    #66303
    Windhamdavid
    Participant

    I don’t quite understand these spam posts since I’ve run ten to twelve mu sites for several (4+) years with no splog/smap exploits (knock on wood) and some of them are outdated installs with very little protection. If buddypress is in fact, the culprit, perhaps it’s related to the registration in bbpress if you have forums installed? @micheal ~ perhaps you should try removing register.php from the buddypress/forums/bbpress/ ~ and/or buddypress/forums/bbpress/templates/kakumei/register.php to see what happens…

    I just tested on a local install with no conflicts and thanks for investigating.

    #66301
    Michael Berra
    Participant

    Just another little update: To me it seems that there are two different spam-signups (at least :-))

    The ones, that come in through the registration-form

    I could handle those with all the tipps (for me this worked best):

    – change the slug

    – additional-fields

    – change some text on the registration-page

    – change footer-text

    – SI-Captcha didn’t really work, so I used the modified invitation-code-plugin mentioned before

    – wp-ban did help, too (often wasn’t really needed – just left it there in case…)

    – changing/deleting wp-signup.php (which led me to this connected issue/question: https://buddypress.org/forums/topic/wp-signupphp-redirects-to-registration-slug-why)

    The ones, that don’t seem to use the registration-form or wp-signup.php at all

    – never had this problem before, so it hit me… Further described here with a open question for me: https://buddypress.org/forums/topic/is-there-a-backdoor-in-wpmubuddypress

    – This morning I found out, that I had deactivated the hashcash-plugin because I had comment-issues (didn’t come through anymore). I think the spam-flood came after deactivating it. Right now I have activated it again (just for signups) and no spam came in for a couple hours now (even with deactivated wp-ban, without captcha or invitation-plugin, wp-signup.php still there)

    So far my forther journey with this issue :-)

    #66300
    Michael Berra
    Participant

    @hnla how did you deactivate blog-signup? If I use that option in the backend, registration does not accur at all. If I choose “only Useraccounts” they cannot create a blog in a second step (no new blogs at all)

    #66297
    Hugo Ashmore
    Participant

    Definitely remove the footer link if you haven’t already.

    I noticed a issue with spammers using CURL to download /registration so blocked that in .htaccess (It’s been mentioned on a thread somewhere how to)

    renaming the slug ‘registration’ is supposed to help.

    For me deactivating blog signup improved things significantly. Didn’t need users to be able to register for a blog at initial sign up they can take a blog once they are members.

    Despite all efforts and much study and approaches instigated one after the other to gauge effectiveness before adding next one I still am not sure how a few of the automated bots get through, human signups there isn’t much you can do about them apart from delete manually.

    All my efforts still result in around 10 signups daily that require dealing with manually.

    #66292
    Sam Steiner
    Participant
    #66291
    Sam Steiner
    Participant

    This is getting worse and worse. I just launched my first BuddyPress site and am getting spammer registrations although I have additional required profile fields and SI Captcha installed.

    Sadly, the article mentioned (linked) above is not available anymore (I guess the spammers took down that site) and judging by the responses here there still seems to be no known solution to the spammer problem with WPMU/BuddyPress.

    I spoke to someone on Twitter who confirmed that the spam problem started when activating BuddyPress – this would be in contradiction to remarks from Andy, I’m afraid. Anyhow: after reading comments here there seems to be a hole in the system somewhere.

    (I guess the spammers have been clever enough not to spam testbp.org :-) )

    #66285
    spammie
    Participant

    is there a way to get the member id in a member loop?

    <?php while ( bp_members() ) : bp_the_member(); ?>
    <input value="<?php bp_member_id(); ?>" name="ids[]"> ids </input>
    <?php endwhile; ?>

    bp_member_id() is not working, is there a way to achieve this?

    otherwise i would have to match the members with their name when doing the database query, and that can be a long string which takes too long to evaluate when compared to an int.

    i guess the answer to this question will be an obvious one, as soon as i read it, but right now i am confused

    good bye and thanks for all the fish

    spammie

    #66194
    nickrita
    Participant

    I use this plugin instead of captcha:

    https://wordpress.org/extend/plugins/invitation-code-checker/

    You can set an ivitation-code and everyone who wants to register has to write the code in a registration-field.

    I changed the plugin a little bit for my needs so the code to write is seen on the registration-page.

    #66185
    zageek
    Participant

    Some of you guys must check your Private Messages …

    #66180
    Andy Peatling
    Keymaster

    You must identify the spam blogs and remove them. Once a spammer has admin access they can add new users to that blog. Those users can then create new blogs.

    #66171
    Michael Berra
    Participant

    It really is Crazy!!! Where and how do they get in, that they can Register like that? Every couple of minutes One signup…. HELP! Nothing seems to stop them… I Even disabled any registration and they keep on signing up – really Strange to me!

    #66145
    Michael Berra
    Participant

    Thanks for another hint

    No, actually I was talking about http://www.prisma-online.org – but same thing with the slug. I just guess it’s not that, because if they would come in normally, they would have to put something in the additional field, wouldn’t they? (at least, that’s what they always did before I stopped them the first time…

    I now added again the .htaccess rules you described (didn’t change there the changed registration-slug…)

    Does that look right (sorry – on that level I have no idea anymore :-)):

    # BEGIN ANTISPAMBLOG REGISTRATION

    RewriteCond %{REQUEST_METHOD} POST

    RewriteCond %{REQUEST_URI} .registrieren*

    RewriteCond %{HTTP_REFERER} !.*prisma-online.org.* [OR]

    RewriteCond %{HTTP_USER_AGENT} ^$

    RewriteRule (.*) http://die-spammers.com/ [R=301,L]

    # END ANTISPAMBLOG REGISTRATION

    #66138
    mlovelock
    Participant

    The limitation of WP-Ban is that it’s not working at .htaccess level, so it only really does it’s thing if a spammer is polite enough to access your site normally. You might want to look at something like a plugin that’s going to ban IPs and referrers at the .htaccess level.

    Also, had a quick look at your site – I presume you’re talking about http://young-people.ch ? I notice your register page is still /register (albeit translated) – have you tried changing this to something else? There’s eevery chance that the mere translation of the standard ‘register’ slug won’t slow the spammers down.

    #66135
    Michael Berra
    Participant

    thanks mlovelock – this sounds good. All of this has worked with me before.

    BUT now,

    even that I have blocked with WP-Ban *.info – the spammers with that email get through

    even that I have additional required field (lots of) – the spammers can register just with a name (nothing else)

    even that I have changed, deleted (whatever) wp-signup.php – spammers can register

    MY QUESTION IS: Where do they get in??? Did I overlook a loophole???

    Please – any further help would be much appreciated!!!

    #66117
    mlovelock
    Participant

    I’ve no doubt they’ll return, but I haven’t had a spam signup for a fair while. The odd one creeps in, but you can’t stop a determined ‘real’ person. But I haven’t been subject to the continuous signups I used to get when I first started my site.

    The steps I’ve taken are:

    Rename (not remove) wp-signup.php

    Use custom bp-register slug

    Removed “powered by” type text in the footer and other obviously WP / BP phrases

    Installed NoSpamNX

    Installed WP-BAN

    Installed SI Captcha

    Employed the .htaccess rules explained here: http://wpmututorials.com/how-to/spam-blogs-and-buddypress/

    Nothing’s perfect against spam, but certainly for me, these things have helped.

    #66086
    Michael Berra
    Participant

    Update: Even with an “empty” wp-signup.php they are still registering… really strange! Where could they come in, for they don’t need to fill out any required addition fields…?!?! Any ideas????

    #66084
    Michael Berra
    Participant

    Sorry to pick that up… I thought I won with the spammers for I did what stwc wrote in his article (by the way – the site there is down :-()

    But yesterday until now I got about 100 spam-registrations. I did not delete wp-signup.php anymore, because the “reigster” in the admin-bar anywhere else but on the root-blog needs that file… So I thought it’s not a good idea.

    BUT now, the spammers registered with just the name. Although I have alot of additional, required field… How is that possible? I guess, they didn’t come in through the bp-register. Maybe the wp-signup.php directly?

    I have forums disabled altogether and as far as I know this issue with registering through bb-press should not be an issue anymore.

    Would appreciate if someone could give me a further tipp what to do or where they could come from.

    PS: @andy (or the developers): Why is it, that on subblogs the admin-bar “register” doesn’t point to the register-slug but is somehow a redirect from wp-signup.php (which doesn’t work anymore, when I delete or empty the file…)

    #65876
    snark
    Participant

    There is a new plugin I just found called BuddyPress Rate Forum Posts — https://wordpress.org/extend/plugins/buddypress-rate-forum-posts/. I haven’t tried it yet, but I plan to. It allows thumbs up/down voting on Forum posts and in the process users receive “karma points” for the quality and frequency of their posts. So, in theory, spammers would get bad karma scores from other users, and you could search for users with bad karma and then delete them.

    #65836
    pandragon
    Member

    I dunno Erich :) but all i want is ability to stop scammers making lots of groups with their affiliate ids! :) my industry is cut-throat competition so i expect alot of shonky behavior :( I want a way of moderating my site to protect it from being overrun by dodgy competitors! I spend months researching and writing materials only to have spammers devalue my site so I am hoping there is a solution to provide me more control over whats published across the site! :)

Viewing 25 results - 2,201 through 2,225 (of 2,711 total)
Skip to toolbar