Skip to:

Spam, Spam and more spam

Viewing 25 replies - 51 through 75 (of 82 total)
  • Okay… I just installed wp-hashcash and pasted in the function mentioned near the top of page 1 of this thread. Let’s see if that stops the *$^#%&@ SPAMers :o)

    Andrea Rennick


    “It’s not any ONE fully qialified domain for me… it’s dozens of different domains all ending in .info.”

    Yeah, I know, Believe me, we’ve gone around in circles over that one issue in the mu forums. ;) I’ll have to dig up the command.

    A lot of plugins like hascash are recommended because they work. I see a lot of people not try them because they think it’s just for comments. On most sites I’ve tried it on, it just works.

    FYI… Elliot updated wp-hashcash for BuddyPress.

    Okay… I am STILL getting SPAM registrations. I’ve done the following:

    • Changed signup slug
    • Installed hashcash (works with BP now)
    • Disabled “Allow blog administrators to add new users…”
    • Deleted BuddyPress credit in footer.php
    • Deleted wp-signup.php
    • Created a robots.txt file to disallow robots from my signup slug

    Any more ideas? Short of Catcha? Altho’ I’m thinking even that won’t work.

    I wonder if attempting to rename bp-core-signup.php might help. Who know how many things I could break though. LOL.

    Anyway, I just duplicated the /registration/register.php file in my child theme and completely deleted this line… maybe that will help

    <p><?php _e( 'Registering for this site is easy, just fill in the fields below and we\'ll get a new account set up for you in no time.', 'buddypress' ) ?></p>

    Andrea Rennick


    That string is also translatable, meaning you can replace it. Doesn’t have to be with another language. ;)

    @Andrea_r How do your say “SPAMbots please screw off” in Latin? LOL. Maybe Google can translate for me.

    No more SPAM registrations since my last post. Fingers crossed.

    Did you find out how to use regex in the WPMU “banned domains” setting?

    Andrea Rennick



    that might work. it was buggy at one point.

    I’ll try. I just got a new registration from ANOTHER .info email address. Minutes ago. Ugh :( Unreal.

    I’ve done everything mentioned in this thread and MORE. And no dice. Kind of at my wits end. How the heck are they signing up?! Unless it’s humans signing up. But I assume all SPAMers use bots. Even if it’s not a bot… I don’t know how you’d ever find the signup page with Google. It has a custom slug and I’ve gotten rid of the default BuddyPress text.

    Anyway. Thanks Andrea.

    I wonder if this would work in .htaccess

    deny from .*\\.info.*

    Just got another registration from a .info email address. It occurs to me that that is not necessarily the domain they are coming from since my htaccess deny had no effect. The email ban setting also had no effect. Nor does hashcash or any of the other multiple measures I have put in place. I have no idea what to do anymore. I’ve tried everything. I’m resorting now to banning individual IP’s as they come in.

    I just clued in that these bots are probably all using proxy servers… and compiling a big list of them all would be futile. So I found this htaccess code that blocks servers based on their methods. I know this topic has gone beyond specific BuddyPress fixes… but I’ve done all of the BuddyPress fixed (and more) and I’m STILL getting SPAM signups. So perhaps this will help someone else.

    RewriteEngine On
    # block proxy servers from site access
    RewriteCond %{HTTP:VIA} !^$ [OR]
    RewriteCond %{HTTP:USERAGENT_VIA} !^$ [OR]
    RewriteCond %{HTTP:FORWARDED-FOR} !^$ [OR]
    RewriteCond %{HTTP:FORWARDED} !^$ [OR]
    RewriteCond %{HTTP:X-FORWARDED-FOR} !^$ [OR]
    RewriteCond %{HTTP:X-FORWARDED} !^$ [OR]
    RewriteCond %{HTTP:PROXY_CONNECTION} !^$ [OR]
    RewriteCond %{HTTP:XPROXY_CONNECTION} !^$ [OR]
    RewriteCond %{HTTP:XROXY_CONNECTION} !^$ [OR]
    RewriteCond %{HTTP:HTTP_PC_REMOTE_ADDR} !^$ [OR]
    RewriteCond %{HTTP:HTTP_CLIENT_IP} !^$
    RewriteRule ^(.*)$ - [F]

    Credit goes to:

    Hmm proxy servers could be legitimate though, couldn’t they?

    I empathise with the issue I still have to delete on average a dozen a day and have employed al the suggested fixes and a few domain blocks and no referer htaccess rules.

    They could be legitimate proxies… yes… but I’m assuming they are in the minority.

    I don’t think I have no referer rules. I’ll look into that.

    So you just accept it? What a pain.

    Not necessarily accept, but feeling sort of resigned to, still trying to see the actual process and how the circumvention of so many disparate steps to thwart these little idiots is occurring. I still intend on trying put a stop to these but at the moment not about to waste too much further effort on it, I tend to catch them within minutes of signup and remove them so it doesn’t upset the community too much.

    Another step I took was to place a trap on php curl scripts attempting to download the register page, that put a stop to a few signups I think.



    The BP demo site is also full of spam. Very interesting.



    I upgraded to bp1.2.2.1/wp2.9.2 from bp1.1.2/bp2.8.6 a couple of days ago and the spam on my site has significantly increased.

    I also noticed that spammers from previously banned domains are now able to register.

    @Kunal17: I’m sure that’s probably just a coincidence.

    @pushi22le: That’s a new tip. Thanks :o)

    BTW… since banning proxies from accessing my site… I haven’t had a single SPAM signup.

    The phrase “Famous last words” springs to mind :-)

    But post back with update if still not getting spam maybe I’ll do the same with proxy bans

    Well it’s been 3 full days now without a SPAM signup.

    Hmm it’s holding up then.

    Sam Steiner


    I’m having 300 spam registrations a day and having to mark them all as spam manually 15 in one go in the user list. The plugin wordpress Hashcash (updated today to 4.5.1) should now work for BuddyPress registration but it stops EVERYBODY from registering.

    David Lewis, one week later, is your solution still working for you?




    I’m seeing the same thing you are….

    Is there any way to get buddypress registration to reference the banned domain list?

    @Magganpice: I’ve had two SPAM registrations since banning proxy connections.



    Are there any downsides to blocking proxy servers?



    The best trick I learned for fighting spam bots is to ask a question that only a human can answer and making them type it into a text box. If you change the question daily or randomize it, it makes it even tougher. Don’t do anything like math or captcha or something that a bot can calculate or decipher. Ask a question like “What color is snow?” or “How many sides does a triangle have?”

    +1 for that idea, I had this on 2 SMF forums and it does work. While it doesn’t stop the odd human Spammer from registering, it stops bots dead in their tracks.

    Maybe a coder would consider making such a BP plugin.

Viewing 25 replies - 51 through 75 (of 82 total)
  • The topic ‘Spam, Spam and more spam’ is closed to new replies.
Skip to toolbar