WordPress MU

A few days ago, three nonsense-ridden blogs were created in my system. They only published one post each, and it seemed 'automatic' text culled from the web. I see from my logs several entries from the same domain of the e-mails they used to sign up:

http://theirspammydomain.com/wpPoster/aprove.php?url=mywpmuservie.com/ theirusername&step=1&keyword=whatever

So, this /wpPoster seems a script to semi-automatically set up a wpmu account... You may want to check your own logs to see if they're on your system, too!

I've marked them as spam... Do you know if the wpmu system to spot 'splogs' will take care of them from now on?

I'm hoping the captcha I've integrated into the sign-up process will kill most of that.

To be on the safe side, it's entered on the initial sign-up, then on the next page when you verify the details as well. They're each different from one another as well, so the same code won't work on both pages.

I've also got an agreement form on the initial sign-up page, with a checkbox that is generated with java. It renders the submit button useless until it's checked.

Form submission is also tied to a session variable as well, transparent to the end user.

Initially, I was just planning on having the details submitted, but not creating the new account. Then, myself or another admin would review the submission and either create the account or terminate the request. However, with the double captcha and some other stuff, I'm hoping to curb the majority of splogs.

It won't prevent an actual human, but 99.99% of spammers don't waste their time with something they can't auto create with a bot. Newbie spammers are an exception usually, but strong moderation will weed those out.

I'm also going to look at bad behavior as well, and probably SK2 for additional comment protection. Heavily modded though, I'm sure.

Bad behaviour has been an absolute life saver - very little modding required, I'll upload my tweaked version to wpmu for you to try.

If anyone has a captcha solution for signup that they want to share I'm sure it'll be pretty popular!

@ farms

what did you change inside bad behaviour? on my testsites it seems to be running ok, without mods... (inside the mu-plugins folder)

I can't remember if it's BB, or SK2, but one of the two was pretty "log happy", which created some much unneeded overhead in the db.

SK2 is log-happy. *sighs* Currently rewriting and taking that out. I think it added two log entries each time it cleared the log.

It's an awesome spam catcher for a single install, but needs a bit of work to be really effective for MU.

That script seems to be located here:
http://ireen.sarang.net/trac/browser/snippets/blogyltransferase/egloos.py?rev=615

I've been looking through it trying to figure out how to block it.

I'm not an entirely big fan of captchas. I know they're effective however I just don't like the extra inconvenience.

IMHO, captchas are a little bit of a pain. However, the trade off of having one and not having one is worth it.

do you really get spam blogs created ? I haven't seen one in several months of operating MU, I was even wondering if wpmu was somehow immune with the emailed password or something.
I get *a lot* of spam comments and trackbacks, which are extremely well handled by SK2, but spam blogs... nope.

In the past month, I have had over 100 of these spam blogs registered on autiblogger.com, most of them within the past week :( I am using SK2. Haven't figured out how to prevent this yet; just been deleting them as quickly as I can after they are created. I would be very interested in the tweaked version of Bad Behavior, Farms2.

bmonster99, have you upgraded your code base? I hardly get any soam blog signups at all. Well, I've got them disabled at the moment, but even before that. Once I upgraded and got the two-step signup process, the level went way down.

SK2 only helps with spam comments and trackbacks, doesn't affect the signup area at all. Mine's been stopping about 10K spam a week.

"have you upgraded your code base?" - andrea_r

Upgraded to what?

I'm getting tons of blog spam. Any ideas? lunabyte, any practical info - like how to install anything you've mentioned?

Upgraded to the latest version of MU is what I meant.

andrea_r, would upgrading my code base have any effect on blocking spam? I figured bmonster99 would be using 1.0.

lunabyte, how do I install a captcha?

Thanks.

I wrote my own.

lunabyte, do you have time to share the code with us?

Nope, sure don't.

Search around. This might help.

"Nope, sure don't." Cool!

Thanks, mohamednazmi. It looks like your link might be a winner! I'll report back here.