The MU forums have moved to WordPress.org

email banned who registered (23 posts)

  1. enseignement
    Member
    Posted 16 years ago #

    Hello,

    Yesterday, some bot with an email address like 163.com succeeded to register and to publish on my blog farm.

    When i've checked the banned email domains, 163.com was already there ... Is this list working ?

  2. drmiketemp
    Member
    Posted 16 years ago #

    Gotta admit that it works for me. 163.com is on that list and I've not seen them for quite sometime.

    There's not an empty space at the end of the line, is there? I know we had issues with there being one at the end of the email domain line that caused some issues way back when.

  3. enseignement
    Member
    Posted 16 years ago #

    No, tom.com has succeeded to create a blog today, and i've checked if there was a space at the end of the list

  4. lunabyte
    Member
    Posted 16 years ago #

    I'll second that one, E.

  5. drmiketemp
    Member
    Posted 16 years ago #

    Bets bet would be to open up a trac ticket and have Donncha take a look at it.

    Please remember:
    http://trac.mu.wordpress.org/wiki/DebuggingWpmu

  6. suleiman
    Member
    Posted 16 years ago #

    did this get taken a look at? I'm having the same problem with my banned domain list not registering.

  7. Bike
    Member
    Posted 16 years ago #

    it works for me. It is very easy to check, just try to sign up yourself with one of these addresses and see if you can.

    I just noticed that even wildcards seems to work. After adding bodrun*.org to the sh*tlist I could not sign up with bodrun12.org, though the error message is different.

    Cheers,
    Bike

  8. enseignement
    Member
    Posted 16 years ago #

    How can I create a ticket in the trac. Didn't find any link to do this. Where can I register ?

    I had the same problem today ... : one user with an email banned registered successfully.

  9. drmiketemp
    Member
    Posted 16 years ago #

    enseignement, I answered you in your other thread. Please click on the login link and follow the instructions.

  10. Anonymous
    Unregistered
    Posted 15 years ago #

    I have the exact same problem as others here. Some people are able to register even though their domain is banned.

    I tried to do it myself and the email address was refused.

    This means there is a backdoor to bypass this security mechanism.

    Can someone please check into this, as I have to delete dozens of blogs each day?

  11. andrea_r
    Moderator
    Posted 15 years ago #

    Are they still listed as a user? If you have a spam *user* still resgistered, they can create as many blogs as they like.

  12. Anonymous
    Unregistered
    Posted 15 years ago #

    No, they create a new user account each time.

    I looked at the code and had a feeling there could be a way to bypass the security, but was unsuccessful in my attempts though.

  13. andrea_r
    Moderator
    Posted 15 years ago #

    Rename the signup page. Go thru that file and rename all instances of wp-signup to your new page name.

    Leave wp-signup.php there, but replace the content with a php die.

    THEN see if they still get thru. D:

  14. Anonymous
    Unregistered
    Posted 15 years ago #

    Although I do think it could discourage the less motivated ones, it wouldn't take me 5 minutes to get it running with a different file name, if I had the way to do it like they do.

    This solution wouldn't really resolve the problem at all I'm afraid.

  15. lunabyte
    Member
    Posted 15 years ago #

    "This solution wouldn't really resolve the problem at all I'm afraid."

    Yes, it will help.

    It's called troubleshooting.

    You make a change, see what happens. Make another, check again. Then keep going until you track it down.

    You're the only one here that can see your logs, site, etc.

    There was a problem many versions ago with this, so since you don't mention the version you're running, the first thing to do is make sure you're on the latest/greatest (currently 2.6).

  16. andrea_r
    Moderator
    Posted 15 years ago #

    "This solution wouldn't really resolve the problem at all I'm afraid. "

    Um, yeah. It will. And I know it will because I've done the same on at least a dozen other setups. each one of them has a differently named signup page.

    No, it doesn't not stop manual spammers from signing up, but it *does* stop automated spammers COLD. Those are the ones filling up your system.

    you could at least try it before discounting it.

  17. Anonymous
    Unregistered
    Posted 15 years ago #

    You guys are right!

    Even though it doesn't solve the problem at the source, it may probably help a lot.

    I'll try it and let you know.

    I'll check the version at the same time, just to make sure.

    Thanks for your help.

  18. Anonymous
    Unregistered
    Posted 15 years ago #

    I tried renaming the registration script and that didn't stop the spammers from continuing to signup for new blogs with new user accounts in less than a few minutes.

    I upgraded to the latest version but still have the same problem.

    For the moment I had to completely remove the signup page to stop them.

    Now I'm looking for a way to block these bots with a turing test but I'm not sure it will work since their bot seems very sophisticated.

  19. Anonymous
    Unregistered
    Posted 15 years ago #

    OMG, I still got new registrations after the script was removed!

    That's the feeling I got in my initial post here. They're not going thru the signup page to register the accounts.

    Does anyone have an idea how that could be possible?

  20. lunabyte
    Member
    Posted 15 years ago #

    Bounce registration times against your access log.

  21. Anonymous
    Unregistered
    Posted 15 years ago #

    Ohhh, good idea, I'll check that tonight.

    Thanks!

  22. MrBrian
    Member
    Posted 15 years ago #

    Try donncha's hashcash plugin.

  23. andrea_r
    Moderator
    Posted 15 years ago #

    there has GOT to be something up with your system / server / files because I've done a number of all the suggestions and can't replicate your problems.

About this Topic

  • Started 16 years ago by enseignement
  • Latest reply from andrea_r