Hello,
Yesterday, some bot with an email address like 163.com succeeded to register and to publish on my blog farm.
When i've checked the banned email domains, 163.com was already there ... Is this list working ?
Hello,
Yesterday, some bot with an email address like 163.com succeeded to register and to publish on my blog farm.
When i've checked the banned email domains, 163.com was already there ... Is this list working ?
Gotta admit that it works for me. 163.com is on that list and I've not seen them for quite sometime.
There's not an empty space at the end of the line, is there? I know we had issues with there being one at the end of the email domain line that caused some issues way back when.
No, tom.com has succeeded to create a blog today, and i've checked if there was a space at the end of the list
I'll second that one, E.
Bets bet would be to open up a trac ticket and have Donncha take a look at it.
Please remember:
http://trac.mu.wordpress.org/wiki/DebuggingWpmu
did this get taken a look at? I'm having the same problem with my banned domain list not registering.
it works for me. It is very easy to check, just try to sign up yourself with one of these addresses and see if you can.
I just noticed that even wildcards seems to work. After adding bodrun*.org to the sh*tlist I could not sign up with bodrun12.org, though the error message is different.
Cheers,
Bike
How can I create a ticket in the trac. Didn't find any link to do this. Where can I register ?
I had the same problem today ... : one user with an email banned registered successfully.
enseignement, I answered you in your other thread. Please click on the login link and follow the instructions.
I have the exact same problem as others here. Some people are able to register even though their domain is banned.
I tried to do it myself and the email address was refused.
This means there is a backdoor to bypass this security mechanism.
Can someone please check into this, as I have to delete dozens of blogs each day?
Are they still listed as a user? If you have a spam *user* still resgistered, they can create as many blogs as they like.
No, they create a new user account each time.
I looked at the code and had a feeling there could be a way to bypass the security, but was unsuccessful in my attempts though.
Rename the signup page. Go thru that file and rename all instances of wp-signup to your new page name.
Leave wp-signup.php there, but replace the content with a php die.
THEN see if they still get thru. D:
Although I do think it could discourage the less motivated ones, it wouldn't take me 5 minutes to get it running with a different file name, if I had the way to do it like they do.
This solution wouldn't really resolve the problem at all I'm afraid.
"This solution wouldn't really resolve the problem at all I'm afraid."
Yes, it will help.
It's called troubleshooting.
You make a change, see what happens. Make another, check again. Then keep going until you track it down.
You're the only one here that can see your logs, site, etc.
There was a problem many versions ago with this, so since you don't mention the version you're running, the first thing to do is make sure you're on the latest/greatest (currently 2.6).
"This solution wouldn't really resolve the problem at all I'm afraid. "
Um, yeah. It will. And I know it will because I've done the same on at least a dozen other setups. each one of them has a differently named signup page.
No, it doesn't not stop manual spammers from signing up, but it *does* stop automated spammers COLD. Those are the ones filling up your system.
you could at least try it before discounting it.
You guys are right!
Even though it doesn't solve the problem at the source, it may probably help a lot.
I'll try it and let you know.
I'll check the version at the same time, just to make sure.
Thanks for your help.
I tried renaming the registration script and that didn't stop the spammers from continuing to signup for new blogs with new user accounts in less than a few minutes.
I upgraded to the latest version but still have the same problem.
For the moment I had to completely remove the signup page to stop them.
Now I'm looking for a way to block these bots with a turing test but I'm not sure it will work since their bot seems very sophisticated.
OMG, I still got new registrations after the script was removed!
That's the feeling I got in my initial post here. They're not going thru the signup page to register the accounts.
Does anyone have an idea how that could be possible?
Bounce registration times against your access log.
Ohhh, good idea, I'll check that tonight.
Thanks!
Try donncha's hashcash plugin.
there has GOT to be something up with your system / server / files because I've done a number of all the suggestions and can't replicate your problems.