Skip to:
Content
Pages
Categories
Search
Top
Bottom

Fighting Splogs

Viewing 20 replies - 26 through 45 (of 45 total)
  • @arezki

    Participant

    ALso: you may want to install WP-Ban and watch for the IP address of those who are driving you crazy. I suspect we are getting troubled by same punks. If so, feel free to take the list of my banned IP addresses and drop them in the wp-ban section after u install it. I managed to get about 500 attempts blocked in 3 days. Her’s my list so far. http://northafricaadvisors.com/banned-ips/

    @stripedsquirrel

    Participant

    Thanks arezki, but my last 15 splogs all had different IP’s and email domains, so I am not sure if this will help anything/

    I also have nothing of the original message in the footer, but they keep on coming.

    I notice that (with the welcome pack installed/enabled), that I receive friendship requests from, well, myslef :) whenever a splog signs up. I am not sure if this means that the email to the sploguser has bounced or so?

    Seems that the banned email domains list in WPMU Admin options is not being used/checked as well, I just had a sign up from @live.cn, while I have *.cn on my blocklist…

    I sent a message to Andy yesterday, as this problem is too big to ignore, see testbp.org.

    @stwc

    Participant

    Well, I don’t know — I seem to have lucked out, or it’s just that my site is too new and so-far untrafficked, but the few very simple, small changes I made last week seem to have stopped the firstnamelastname19xx signups.

    1) I changed the some of the text on the /register page.

    2) I removed the “powered by” text in footer.php of my child theme (someone mentioned that it was being searched for)

    3) I changed the register slug in wp-config.php

    4) Added a functions.php file in my custom childtheme with the following code to redirect signups for all blogs to the Buddypress register page

    function rk_signup_redirect() {
    if (strpos($_SERVER['REQUEST_URI'], 'wp-signup.php') !== false ) {
    $url = 'http://mydomain.com/customregisterslug';
    wp_redirect($url);
    exit;
    }
    }
    add_action('init', 'rk_signup_redirect');

    where mydomain.com is, you know, my domain, and customregisterslug is the slug I changed in step 3.

    I don’t think I changed anything else — no captchas or anything — and I’ve received zero splog signups in the 5 days since, after getting a few a day before that. Fingers crossed.

    @bpisimone

    Participant

    Sounds nice stwc. Can you describe 3) a little more detailed?

    @stwc

    Participant

    Yep, here.

    define ( 'BP_REGISTER_SLUG', 'signup' );

    except rather than ‘signup’ I used ‘jointhecommunity’ as I recall.

    @bpisimone

    Participant

    perfect!

    @stwc

    Participant

    Don’t forget to put the define statements BEFORE the STOP EDITING HERE LINE in the config.php. That had me scratching my head for a while.

    @stripedsquirrel

    Participant

    So far no luck with all of the above.

    Just noticed that when changing register slug as mentioned that the link on the login page (for example after logging out: http://biketravellers.com/wp-login.php?loggedout=true) does not change, it links to http://biketravellers.com/wp-login.php?action=register which gives a 404.

    (as it links to /register)

    Any idea why the new slug does not work (it works on the homepage, and I also added a function to the functions page).

    How to change that link on wp-login.php without hardcoding and losing it after every upgrade?

    Cheers, Harry

    @andrea_r

    Participant

    Yep, one of the tricks on even a plain mu install is to rename signup. Stops ’em dead.

    There’s a few automated programs out there that scammy people are selling to other scammy people to send out these automated signups. So, the things you can change from the defaults usually stop them.

    @frenchtowner

    Participant

    Why can’t we just add a quiz question that has to be read by human eyes to be answered. I use that with Contact Form 7 and it works perfectly. How do I add that to register php?

    @bowromir

    Participant

    stwc wrote a very good guest post for BP-Tricks where he explains the tips he gave here in a very clear and understandable way. Check out the post here:

    http://www.bp-tricks.com/tips_and_tricks/stopping-the-sploggers/

    @bcbccouk

    Participant

    stwc’s summary of methods does seem to stop a lot of spam, but I’ve still been having some. I tried SI Capthca (https://wordpress.org/extend/plugins/si-captcha-for-wordpress) but that seemed completely ineffective.

    My latest weapon in the war has been to modify Invisible Defender (https://wordpress.org/extend/plugins/invisible-defender) firstly to make it work with the buddypress registration page and secondly obfuscate its hidden fields by giving them random names and values:

    http://bcbc.co.uk/mu/blog/2009/12/11/wordpress-registration-spam/

    @r-a-y

    Keymaster

    @bcbccouk

    That’s the exact approach I took (although I removed the admin screen because I don’t really care for it). It works wonders.

    +1 for randomising the names and values. I’m going to take that bit of code! ;)

    @bcbccouk

    Participant

    It works…for the moment. (There’s an obvious way around the hidden fields method). I’ve got some other ideas to make it harder to regex the html, I’ll post back when I’m done.

    @bowromir

    Participant

    Thanks bcbccouk I’ve updated the post and added your information and plugin link!

    @jnkfrancis

    Participant

    Anyone have any luck using sign-up question or wpmudev’s sign-up code? They both work great on a regular MU install since the person signing up has to answer a logical question or enter a code that they have received previously. The problem is when you activate those plugins, they work on the WordPress registration page and not the BuddyPress Registration page. Those would likely solve all the problems if we could get them to work together.

    I’m developing a site that we want only approved, or in some cases paid members to be able to sign up, but I can’t get either of those plugins to work with BuddyPress. Anyone been able to do that, or know how it would be done?

    @bcbccouk

    Participant

    Signup questions and codes are a good supplement to the other methods but are also ultimately fallible. In the same way that Captcha is rendered ineffective by human relay attack, so to are questions; it will just take time for spammers to catch on.

    It seems to me that the way forward is to incrementally roll out new defences, only presenting new defences when the old ones have been broken. As soon as lots of sites use a defence, that defence will probably soon be doomed to failure: spammers will only take the time to develop new exploits when a particular method of defence becomes popular. I believe this is the only reason why the hidden fields method currently works: its not sufficiently popular to bother coding an exploit for it (even though such a task would take about five minutes).

    @dadaas

    Member

    I have ask my question in other topic but they deleted it.

    Anyway, is there a way i could use original wordpress signup page instead of security leaked buddypress signup page?

    Please anyone know how to force peopel to signup trough original signup form.

    @lincme

    Member

    I might be missing the point completely here, but I changed my theme’s sidebar.php code to call up the root sign-up using this;

    <?php printf( __( ' You can also create an account.’, ‘buddypress’ ), site_url( ‘/wp-signup.php’ ) ) ?>

    Mind you, it shows the sign-up form complete with the extra fields I added via Buddypress. Does this mean it’s still being hooked into by BP and is actually bypassing the standard WP 3.0 sign-up code? I noticed that even pulling out the php and replacing it with a normal href link, it still does the same thing.

    @mrsangeld

    Participant

    stwc, found this post and using your method I haven’t had a spam registration yet. thanks so much.

Viewing 20 replies - 26 through 45 (of 45 total)
  • The topic ‘Fighting Splogs’ is closed to new replies.
Skip to toolbar