Search Results for 'spam'
-
AuthorSearch Results
-
December 13, 2009 at 12:47 pm #58590
In reply to: User / messaging exploit? Causing spam
Jean-Pierre MichaudParticipantactually as private messages were not in WordPress, there is no akismet filter on its content, compared to posts and comments… maybe someone can add this to the posting actions ?!… it’s just 2 lines of code.
December 13, 2009 at 12:43 pm #58589In reply to: User / messaging exploit? Causing spam
still givingParticipantIs there not a way for users to mark spammers and draw them to the admins attention as such?
The user hakam00 in this website is a desperate spammer … how many desperate lonely geeks does “Tina” think “she” will scam on this site?
Presumably “Tina” comes from Romania or Nigeria?
See below:
Subject: Hello.
“Hello.
My Name is Tina I was impressed when i saw your profile buddypress.org and i will like you to email me back to my inbox so that i can send you my picture for you to know who i am.i believe we can establish a long lasting relationship with you.
In addition,i will like you to reply me through my
private e mail box for more introduction
Thanks,waiting to hear from you soonest.
Tina.
Please write to my inbox so that i can send you my picture.”
December 12, 2009 at 11:33 am #58536In reply to: User / messaging exploit? Causing spam
Jean-Pierre MichaudParticipanti know Andy, i mistyped my comment, it was not toward your own request, but globally…
December 12, 2009 at 9:51 am #58535In reply to: Fighting Splogs
bcbccoukParticipantSignup questions and codes are a good supplement to the other methods but are also ultimately fallible. In the same way that Captcha is rendered ineffective by human relay attack, so to are questions; it will just take time for spammers to catch on.
It seems to me that the way forward is to incrementally roll out new defences, only presenting new defences when the old ones have been broken. As soon as lots of sites use a defence, that defence will probably soon be doomed to failure: spammers will only take the time to develop new exploits when a particular method of defence becomes popular. I believe this is the only reason why the hidden fields method currently works: its not sufficiently popular to bother coding an exploit for it (even though such a task would take about five minutes).
December 12, 2009 at 8:13 am #58531In reply to: User / messaging exploit? Causing spam
Andy PeatlingKeymasternexia: That’s not the way the system works, if you find a bug you need to report it. Mentioning it on the forums isn’t going to highlight it to the developers.
December 12, 2009 at 2:25 am #58525In reply to: User / messaging exploit? Causing spam
Jean-Pierre MichaudParticipantDecember 11, 2009 at 11:26 pm #58523In reply to: User / messaging exploit? Causing spam
SeobrienParticipantI’m on 2.8.6 and 1.1.2
Thanks both, reading the wordpress posts and your thoughts Nexia, I’m sure the cause is general security and not versioning
December 11, 2009 at 10:31 pm #58519In reply to: User / messaging exploit? Causing spam
Andy PeatlingKeymasternexia – please submit a ticket on trac.mu.wordpress.org so the problem is at least highlighted.
December 11, 2009 at 9:38 pm #58517In reply to: User / messaging exploit? Causing spam
Jean-Pierre MichaudParticipantthis is an easy hacking technique, i’ve done that 3 times yesterday when trying to create users/blogs…
you can delete these users by going in the _signups table… the problem is that WordPress is not taking into consideration the registrations that are not completed, they store them in the signups table and they can not be reached when you check for users… so when a user create an account with a blog, the whole process is created but not verified… you can then visit the site without being logged in and without a trace.
WP 3.0 is different in that technique… but i suppose we could find a tweak right now.
December 11, 2009 at 9:25 pm #58516In reply to: User / messaging exploit? Causing spam
r-a-yKeymasterSounds like someone exploited a WordPress vulnerability on your site.
Are you using the latest version of WPMU / BuddyPress?
If so, did you upgrade?
You might want to read these posts:
https://wordpress.org/development/2009/09/keep-wordpress-secure/
December 11, 2009 at 7:59 pm #58511In reply to: Fighting Splogs
bcbccoukParticipantstwc’s summary of methods does seem to stop a lot of spam, but I’ve still been having some. I tried SI Capthca (https://wordpress.org/extend/plugins/si-captcha-for-wordpress) but that seemed completely ineffective.
My latest weapon in the war has been to modify Invisible Defender (https://wordpress.org/extend/plugins/invisible-defender) firstly to make it work with the buddypress registration page and secondly obfuscate its hidden fields by giving them random names and values:
http://bcbc.co.uk/mu/blog/2009/12/11/wordpress-registration-spam/
December 10, 2009 at 10:33 pm #58442In reply to: BP Achievements on an already running community
D CartwrightParticipantI think I ended up commenting out the email notification before first activation on a live site. I then added it back. If I remember correctly you also have your activity stream somewhat spammed so that might be another thing to look at
December 10, 2009 at 12:05 am #58389In reply to: New BuddyPress 1.2 default theme
D CartwrightParticipant@Andy Peatling
Ah…sorry to spam you somewhat but I was also wondering if there were any plans to enable easy “quoting” within the forums with this theme/BP version (or a future theme/etc). We’ve finally convinced ourselves that flat forums are good but I think we’re definitely going to have to get some sort of quoting mechanism working.
edit:
I’ve just seen this post: http://testbp.org/groups/buddypress-testers-614548248//forum/topic/forum-or-wire-with-comments/
Hopefully I’ll be able to get that sorted as a plugin sometime soon.
December 9, 2009 at 11:35 pm #58383In reply to: bp-sn-parent: Cannot modify header warning
MarkParticipantI’ve determined that the warning is generated when /wp-signup.php is accessed (mostly by spam bots). Can’t find white spaces anywhere. Is /wp-signup.php supposed to redirect to /register or to a blank page?
My site and the other listed both display the Registration Form and the PHP Warning: Cannot Modify Headers:
http://ttacconnect.org/wp-signup.php
http://memomu.com/wp-signup.php
These sites result in an blank to semi-blank page:
http://startupweekend.org/wp-signup.php
http://nourishnetwork.com/wp-signup.php
http://morgansjourney.org/wp-signup.php
http://poetrypress.org/wp-signup.php
Should /wp-signup.php result in an blank page or the registration form? Will resulting blank page eliminate the ‘Cannot Modify Headers’ Warnings in error_log? What is the fix? Thanks!
December 7, 2009 at 12:02 pm #58158In reply to: Spam eggs chips and spam.
December 2, 2009 at 2:52 pm #57886In reply to: How do people handle upgrades on live sites?
Andrea RennickParticipantPlan for the upgrade and pick a time when your site traffic is low.
Let your users know ahead of time that you’ll be down for maintenance. Even with just a few users, letting them know is a courtesy, because if they do visit while you’re upgrading and they don’t know what’s going on, they may eventually leave because they think things break all the time.
Yes, we backup ahead of time. Really. With large site where it would be impossible to ftp things without it taking all day, just backup files in a different location on the server. Optimize & clean up the db while you’re at it. Who wants to back up spam?
Some of us with large sites do not deactivate all plugins and then reactivate later. With hundreds or thousands of blogs, it’d be a nightmare.
At some point when your site is very large, you’re just going to have to get used to doing some things command line (ssh). In many ways, it’s easier.
The moving of the them only occurred during BP 1.1. Shouldn’t have to do it next time. But! Paying attention to core changes helps you anticipate these things in advance. You have to do your homework.
The maintenance mode plugin may not work properly in MU. My fave trick, if I*really* wanna keep people out, is to toss an index.html file in the root. I can still get in the backend, but many users just can’t figure out they can type in these things without a link there.
Man, this means I have to write up a blog post about it now, doesn’t it?
November 28, 2009 at 2:13 am #57609In reply to: Buddypress Spam
stripedsquirrelParticipantI just tried that as I am out of alternatives…
Just noticed when testing the new signup slug that the user gets an email with the following text:
“You can log in to the administrator account with the following information:
Username: test
Password: bd36dc14
Login Here: http://test.biketravellers.com/wp-login.php”
? : Why does the user get a random password sent as he alreaady chose a non-random one? This random one does not work by the way.
Is this a result of the spam procedures or a regular bug?
Cheers, Bike
November 26, 2009 at 11:48 pm #57559In reply to: What do your spam signups look like?
stwcParticipantGlad to hear it, levin! Hopefully that’ll hold the floodwaters back until the next generation of bots finds a way around it.
November 26, 2009 at 5:22 pm #57537In reply to: What do your spam signups look like?
levinParticipantTried @stwc change register-slugs suggestion, zero spam registration in a week! thanks alot!
November 26, 2009 at 4:03 am #57493In reply to: Buddypress Spam
stwcParticipantI have had total cessation for the last two weeks without using plugins, using the procedure I outlined here.
November 25, 2009 at 10:41 pm #57474In reply to: Buddypress Spam
mlovelockParticipantWould be good if you could post ideas and solutions here too: https://buddypress.org/groups/fighting-spam-splogs
There’s already a few plugins etc mentioned there that might help you out too.
November 25, 2009 at 5:20 pm #57458In reply to: Buddypress Spam
XevoParticipantAndy, the username/email gets randomly made with every signup, so that won’t work.
Maybe this’ll help too: http://perishablepress.com/press/2009/03/16/the-perishable-press-4g-blacklist/
November 25, 2009 at 5:13 pm #57457In reply to: Buddypress Spam
Andy PeatlingKeymasterAlso – make sure you are marking the users as spam not deleting them. This will block the username/email from logging in and/or signing up again.
November 25, 2009 at 4:56 pm #57455In reply to: Buddypress Spam
XevoParticipantThey should just use activation mail again, works the best.
There already exists a topic concerning these spam sign-ups. Haven’t had any problem with this yet, but that’s most likely because I have my wpmu/buddypress/bbpress in dutch..
November 25, 2009 at 4:53 pm #57454In reply to: Buddypress Spam
bpisimoneParticipantHaven’t tested this yet, but this might work:
http://buddypress.webdevstudios.com/blog/2009/11/13/buddypress-registration-options/
-
AuthorSearch Results