Skip to:
Content
Pages
Categories
Search
Top
Bottom

Spammers attacking, help!


  • imjscn
    Participant

    @imjscn

    I am using WP3.0.1 , BP1.2.6 , with Asismet and Badbehavior installed.
    yesterday, I got 20 spammers registered on my blog, and each of them created a blog. I deleted them, and put their IP in host’s “Banned IP”;
    Today when I wake up, I got another 20 spammers and their blogs again.
    So, I have to change WP option to be “logged in user may register blog”, this makes visitors can’t signup.
    I want my blog can be freely signup and can create blog after they logged in as a member.
    What can I do to enable visitor registering and block spammers?

Viewing 17 replies - 1 through 17 (of 17 total)

  • Avi M
    Participant

    @avim

    https://buddypress.org/community/groups/bp-registration-options/

    https://buddypress.org/community/groups/bp-moderation/

    You can also increase the minimum time required for completing the reg process.

    I fixed most of mine by adding a few fields in the Profile Field Setup. I added City, State ( as a dropdown menu and a zipcode. I got rid of 70% just from this. also, I have seen in my log files they are searching for
    “yes i d like to create a new blog”
    “registering for this site is easy just fill in the fields below and we ll get a new account set up for you in no time yes i d like to create a new blog”
    “intext yes i d like to create a new blog blog with wordpress inurl register”
    “i d like to create a new blog”

    maybe someone can tell us where this text lives so we can remove these tags from the search engines. just by this they are able to see all wordpress sites. I tried it with google and it does work.

    nevermind, I found it, they are in the register.php file.

    You should robots.txt exclude these files

    Jenny remove the blog signup section from the BP register page.

    also adjust the WP footer links to something non standard as that is also a keyword search.

    Other than that there have been some very long threads on this subject of spam signups and all possible tactics have been covered in those so do do a search for that info.


    zkwc
    Participant

    @zkwc

    I tried BP Registration options based upon this post and the plug-in has some serious bugs. While it does the things it says it does, it also disables admin editing of any of the WPMU blogs posted. I also have a contributor blog going and it disallows contributors from posting media, it cancels out the permissions function I used to allow media publishing. Registration also does not prevent the spammers from posting blogs all over your site. And they do not respond very soon to any type of support questions asking how to fix these problems. I really wish I could use this plug-in.

    Disallowing bots to follow the signup page link (nofollow on the link), changing the default signup slug and adding new profile fields really really does help. And no plugins either.

    Andrea_r, can you elaborate or point to a link that elaborates on these tactics? Thanks!


    imjscn
    Participant

    @imjscn

    BP Humanity does blocks the spamers completely, but they still try. For the past month, the total bandwidth comsumed by /register page is 3000MB
    @andrea_r , how to disallow bots to follow signup link?

    @imjscn Jenny have you tried googling on ‘nofollow’ links? before asking Andrea_r how to do this or better still have you implemented my advise earlier in the thread for a robots.txt file implementation? and other tip/s?

    It’s important to tell us what you have tried other than add plugins – not everything is solvable using plugins and this aspect really requires a few approaches as has already been said.

    Did you track down any of the threads on this support forum that go into great detail on the various approaches one can take, a good one is to set a referrer trap in .htaccess so that direct linking to the register page is prevented and register will only accept requests that have an accompanying referrer in the header that comes from your site – mentioned in one of those threads with example code iirc


    imjscn
    Participant

    @imjscn

    @hnla, I got 2 results from googling:
    #1. “
    #2. `sign in`
    #1 requiires to be added in header, I don’t know how to add it in register.php’s header without bothering other pages;
    #2 stops bots following the link on other pages, but BP spammers come without a reference page. They know which link is BP register page. I’m not sure if there’s another way for BP.
    The above is the reason why I ask Andrea.

    I did track down the solutions in this forum. If you pay attention, this topic was posted one month ago. I did my homework. But of course, I didn’t read all the threads, because search in this site is not as efficient as other places. No result if a word or a letter not match. Only accessed the threads that I searched out by different words combinations that I could imagine.

    As for the .htaccess method, my research shows it worked for a while, but stop working since WP 2.9. I tried it, I can comfirm it’s not working on my site.

    True search here is a chore :)

    Robots.txt is a file that lives in the root document directory of a site, however I seem to remember issues in the past adding one as WP might be trying to add it’s own one?

    What results – if any do you get from running:

    http://example.com/robots.txt (your site name obviously)

    #2 stops bots following the link on other pages, but BP spammers come without a reference page. They know which link is BP register page. I’m not sure if there’s another way for BP.
    Jenny this is why I said or mentioned adding a referer trap in .htaccess. Yes bots do link directly so you disallow any direct links that do not contain a referer in the header get request


    imjscn
    Participant

    @imjscn

    @hnla,
    I failed to search out your robots.txt thread. But I found this one was recommended in another thread: http://perishablepress.com/press/2010/07/14/blackhole-bad-bots/
    I will try it and feed back.
    By the way, the .htaccess referer trap doesn’t work.

    @imjscn try hunting for a plugin called KB robots text it allows you to edit the WP robots text from the dashboard and might be handy to have available.


    Andrea Rennick
    Participant

    @andrea_r

    “how to disallow bots to follow signup link?”

    Put a nofollow, noindex on it, right in the theme where it is linked. And change the default text that is linked. If you look at your access logs and your visitor stats, you’ll see they basically google for you.


    imjscn
    Participant

    @imjscn

    Thanks, Andrea!

Viewing 17 replies - 1 through 17 (of 17 total)
  • The topic ‘Spammers attacking, help!’ is closed to new replies.
Skip to toolbar