The MU forums have moved to WordPress.org

Splog Problem (22 posts)

  1. RobDraw
    Member
    Posted 14 years ago #

    Hi,
    I have a rather bib splog problem, In late Jan 09 I installed a WPMU script on my server and decided to test out the Mu platform which I might say works very well.
    Well after that the original project I left on ice and forgot about it, when last week I had an email from my server that my disk was near its limits. When I checked this out I found my Blog had been spammed with over 13,000 spam blogs. In this month alone I have 10,000+ new blogs. Very nice if they are real people but obviously after checking this its just some idiots using the blog for spamming purposes.
    For now I have disabled the blog by changing the directory and theres really no way to check whos legitimate and whos spam without committing loads of time.
    So I would like to know :
    1. Is there any way I can just delete all the blogs on this site.
    2. Install a captcha or other method to make sure that the sign up is from a human operator.
    I dont mind administrating a few blogs per day but this is becoming to be like 100 - 500 blogs per day.

    Rob

  2. RobDraw
    Member
    Posted 14 years ago #

    Ok, after searching I found and installed this and YES it works a treat for new sign ups http://wordpress.org/extend/plugins/wp-recaptcha/installation/

    Still would like some info on how to delete the rest of the splog if anybody can suggest a method.
    To add: I actually have some legitimate blog already installed so i dont want to disturb these.

  3. donncha
    Key Master
    Posted 14 years ago #

    You should also try wp-hashcash which stops dozens of signups on my test server every day. This is a plugin you might like to try to delete the spam blogs. It's still early in development and I haven't tried it though:

    http://jamielesouef.com/wordpress/mu-spam-blog-remover/1.0.090515-alpha/

  4. Ovidiu
    Member
    Posted 14 years ago #

    wpmu power tools plugin is also able to remove all blogs/users marked as spam in one go :-)

    ###edit###
    foudn the url: http://plugins.paidtoblog.com/wpmu-power-tools/power-tools/

  5. RobDraw
    Member
    Posted 14 years ago #

    Yes I have installed the power-tools, but I dont know exactely how to delete all the Blogs in PHP. I dont really want to manually delete or mark as Spamm 10000+ Users and Blogs.
    But I do want to keep the first two Blogs i.e id 1 and id 2

    Any ideas how to do this? I would try if someoe could supply a line of code to insert.

  6. RobDraw
    Member
    Posted 14 years ago #

    I also installed the hashcash, does this work in the background as I didnt notice anything while testing it, But it does say it uses javascript to prove to signin was in a web browser.

  7. RobDraw
    Member
    Posted 14 years ago #

    Ok, I did it

    I inserted this code in the PHP box and run it once, and it deleted the blogs. Although it does take a long time.

    400 was the starting id and 4000 was the last id, very crude but amazingly easy way to delete multiple wpmu blogs.

    $blog = 400;
    while ( $blog <= 4000 ) {
    wpmu_delete_blog( $blog, true );
    $blog = $blog + 1;
    }

    Im not responsible for anybodys use of this though.

  8. RobDraw
    Member
    Posted 14 years ago #

    and for the users, and a lot faster of course

    $user = 80;
    while ( $user <= 2000 ) {
    wpmu_delete_user( $user, true );
    $user = $user + 1;
    }

    where again 80 is the first user id and 2000 is the last.

  9. Ovidiu
    Member
    Posted 14 years ago #

    :-) cool happy it helped. I really like that power tools plugin myself, but am really bad at writing code, so I'll keep your two examples for further usage and adaptations...

  10. RobDraw
    Member
    Posted 14 years ago #

    Glad to help, anything to stop these idiots and lamers.

  11. RobDraw
    Member
    Posted 14 years ago #

    Ok this morning they are at it again, I had 34 new sign ups from this person and all from the same Spam IP address 204.80.187.1 ,

    I had already installed the reCaptcha and Hashcash ,

    Hashcash says

    245 spam signups blocked out of 4 human signups. 98.39% of your signups are spam!

    Great but how are these guys getting through??? Did they actually sit down and sign up, I mean the IP is in the States, Id it worth somebodys time to do this manually, and if not how are they doing it.

    Also anybody got any ideas on how to report these IP addreses.

  12. Ovidiu
    Member
    Posted 14 years ago #

    sorry can't help you there but another question: if you go check the source code of your signup page, is there hashcash mentioned anywhere? I can see it in the source code of articles, inside the comment form so I know its being loaded, but can't find any trace of it on the signup page...

  13. andrea_r
    Moderator
    Posted 14 years ago #

    The blog spammers use a program to do the automated signups. There's a couple of them out there, I've seen them.

  14. tdjcbe
    Member
    Posted 14 years ago #

    You may want to check your webserver's logs to see if they're coming in from a common IP address and block it via whatever method your provider uses. That'll save some of your overhead.

    If you search the forums here for splogs, you should find a couple of threads that list ip addresses.

  15. RobDraw
    Member
    Posted 14 years ago #

    tdjcbe
    I have since done this, dont need to look anywhere else but the emails from the signup as its also sent with the signup.
    I blocked it in .htaccess

    For anybody who wants to know how

    order allow,deny
    204.80.187.
    allow from all

    Basically blocks all IPs on this series.

  16. RobDraw
    Member
    Posted 14 years ago #

    Ovidiu

    No cant see it source! but it must be working as its actually incrementing:

    This morning
    245 spam signups blocked out of 4 human signups. 98.39% of your signups are spam!

    This evening
    557 spam signups blocked out of 4 human signups. 99.29% of your signups are spam!

    And since Ive blocked the dorks IP I have had zero spam signups

    Now I can relax a bit...

    Anyybody know where I can report these addresses to get them blacklisted?

  17. Ovidiu
    Member
    Posted 14 years ago #

    yepp, can't see anything in the source but my counters also started increasing... I needed a solution urgently as my montyspam expired and there is no sign from the developer :-(

  18. andrea_r
    Moderator
    Posted 14 years ago #

    Blacklisted by whom? They just move on to another IP. It's like the many-headed hydra.

  19. RobDraw
    Member
    Posted 14 years ago #

    Good point andrea today I had two new signups from new spammers with a new IP address.
    At least it was only two. I think im gonna leave them to do loads of work configuring their blog, uploading posts and when the have just about finished investing their time, DELETE IT!!

  20. andrea_r
    Moderator
    Posted 14 years ago #

    They mostly do it by bots, and hit a bunch of installs at once.

    Unless you have a manual spammer. those are fun to string along. >:-)

  21. windhamdavid
    Member
    Posted 14 years ago #

    another great thing to do is re-write the copy in your wp-signup.php page.. what I've found is that the bots find your signup page by it's content...

  22. promovareseo
    Member
    Posted 14 years ago #

    Hello guys! I am the unfortunated owner of 5000 spam blogs, I tryed like this, but and up with 61 blogs left, since the ids are so ... mixed up , like 4-5 spam, 1 good, increment :)
    I'm not good at php but by any chance I can do something like

    $blog = 40; //first spam blog
    while ( $blog != '1,2,3,4,4...' ) // list of genuine blogs ids
    {
    wpmu_delete_blog( $blog, true );
    $blog = $blog + 1;
    }

    I don't know php syntax, anybody can help in this matter!
    I got like 3-400 genuine blogs out of 5000 :|
    Andnow I'm decided to restart my wpmu blogs, and realised that thouse good blogs are a good start, so I'm trying some recovery...delicated thing!

    Sry for my english, and hope somebody can help!
    All the best to you guys!

About this Topic

  • Started 14 years ago by RobDraw
  • Latest reply from promovareseo