WordPress MU

I was recently looking on the admin panel of my mu install. Turns out I have over 5000 blogs that have been created by bots. I've disabled registrations. But how can I blacklist their ip(and find their IP) then erase all those blogs

Finding out their IPs - check your access log.
Banning IPs - check for WP Ban plugin.

I'd just drop the IP address into a deny in the .htaccess file or add them to the box's firewall if you have access. Adding a plugin that will get read each and every time your wpmu gets accessed (ie multiple millions of times a month) is just an increase in processor use.

The IP address used is recorded in your registration table in your database. You just have to match it up. Make sure though that you do a whois first to be sure it isn't an IP address you shouldn't be blocking. (ie An AOL address where millions of folks come though.)

Rename your wp-signup.php to something else and use WP-HashCash when you're ready to re-enable signups.

hi,
as i see the number 5000 in the first post...
isn't this the same as http://mu.wordpress.org/forums/topic.php?id=10066
?

sorry, please disregard my post above. I mixed two topics together in my tired mind.. ;)

Thanks for the feedback everyone :)
Can someone tell me where my accesslogs are?

Also I can't even access phpmyadmin because the amount of blogs crashes it.

Use something like MySQLFront to connect remotely.
Also, you can run SQL queries with this: http://www.phpmybackuppro.net

You should be able to download a copy of your mysql database as well via the webhosting backend. Use a text editor like Ultraedit to do a search for the ip address.

Backups are a good idea anyway.

Find the IPs of the spammer in the wp_registration_log table of your database. Then to mass delete blogs by IP, you can use WPMU Power Tools and insert this code into the php executor for 1 time execution:

$ip = 'IP HERE';
$blogs = $wpdb->get_col( "SELECT blog_id FROM {$wpdb->blogs}, {$wpdb->registration_log} WHERE site_id = '{$wpdb->siteid}' AND {$wpdb->blogs}.blog_id = {$wpdb->registration_log}.blog_id
AND {$wpdb->registration_log}.IP LIKE ('%{$ip}%')" );
if ( !empty($blogs) ) {
   foreach ( $blogs as $blog ) {
       wpmu_delete_blog( $blog, true );
       $deletedblogs_count++;
   }
echo $deletedblogs_count ." blogs were deleted with IP " . $ip;
}
else
{
     echo 'No blogs matching that IP.';
}

I'm real iffy about using a mass delete like that. Considering all those AOL IP addresses that send all their users through a few IP addresses, it;s too easy to do a false positive.

There is an IP search on the Site Admin -> Blogs page though that will find these for you.

Yeah I agree you have to be careful about the IP if spammers use proxies or AOL ip's, but it's very rare chance that the spammer and a legitimate user in the system will match IPs. Plus were talking about 5000 spam blogs, not a few dozen.

Thanks for the feedback. When trying to use phpmybackup I get this error:

Fatal error: Allowed memory size of 134217728 bytes exhausted (tried to allocate 78 bytes) in /var/www/mywordpressmuinstall.com/htdocs/backup/functions.inc.php on line 592

This is SUCH a pain.

I use a desktop SQL manager instead of PHP because you just run into so many problems with PHP database managers on large databases. SQLyog is what I use, and it's fast.

@mrbrian - yep, agreed. I recently went through a system banning IPs and got HUGE ranges of known spammers. When you start blocking with wildcards, then you know it's bad.

(ie; something like 84.0.0.0 through 84.255.255.255 - that's the kind we're talking about.)

@Sam - go command-line and do a mysqldump. :D

@andrea_r - I'm not advanced at mysql using a command line. Do you have a tutorial on how to dump it via the command line?

Here ya go:
http://www.devarticles.com/c/a/MySQL/Backing-Up-Your-MySQL-Databases-With-MySQLDump/

But once again, you could just use SQLyog. The community edition is free and can do mysql dumps and backups easily.

Every 5 have different ip's.. What do I do?