WordPress MU

does any body have any ideas on how to stop spam account creation
there is a group of people making account on my blog manually not via automated system
they create the account with non email address that don't exisit so they never recive the password

ive had 91 so far today :(

i did the catach thing but didn't work and it confused some honest ppl from creating accounts

Richard

That's a real problem... people manually create accounts & then use them to spam, oucha... my way so far is v. old fashioned but basically involves me manually deleting these accounts (I've had a fair few).

What would probably help for you would be to hack the IP address thingy (that you get for comments posted) into the new blog notification tool so you can simply block the ip address they're coming from... if it's manual then that should pretty much fix 'em in the first instance?

If they have a DSL or Cable connection with a dynamic IP then that won't stop them either. Proxies and IP spoof programs can also get around IP blocking. However, they are most likely creating atleast several accounts from the same browser session. If you could somehow check that and only allow one per session it would atleast make it a bit more troublesome. Or better yet, log hostnames and browser type and only allow one blog to be created from the combination each hour. I mean, how likely is it that two people from the same ISP connection point, using the same browser will come to your site and create a legit blog. I've used this last method on every one of my sites except one boston focused site and it has worked fairly well so far.

andrewbillits thats a good idea but my php skills are as good as my quantum physics skills,

tried last night the to only allow invites but then after much thinking about it. it wasn't going to work
ive tried the deleteing them by hand and there creating them faster then i can delete when there on the go

the posts have stop as im guessing the email address they are using isn't theres so they can't get the password

so i can't see what there getting out of it :s

maybe it should be changed to where the email address is verified THEN the blog is created.

is that allready in the code in wpmu? (a uncomment thing)
or would that need coding?

well, it would need coding. but I think you could pull it off by just modifying wp-newblog.php and no other files.

Try bad-behavour;
http://error.wordpress.com/2005/10/23/bad-behavior-123/
and the logreader;
http://www.elvery.net/drzax/index.php/2005/08/29/bad-behavior-log-reader-plugin/
I installed it on my new WPMU weblog site recently but no clue if it works yet.

regards
http://megaweblog.com

tried bad behaviour but its missing the option to add ip address so i can block them
it stoped most a few of them but then today ive had 300!!!!!!!! accounts created *my band width :'( *
so i need to look how to add a black list in to bad-behaviour

Maybe it would be in your best interest to just deny access to the file until there is a fix for this type of issue... We are getting to that point here...

I'm having trouble too with one of my sites for the first time overnight ... can't we just install a captcha device that needs to be processed before the form goes through... I think we need an urgent solution.

OK, well wp-gatekeeper http://meyerweb.com/eric/tools/wordpress/wp-gatekeeper.html is an extremely powerful manual spam stopper (I know, I've used it) that gets people to answer obvious questions in order to post a comment... i.e. what colour is an orange?

It works just fine with WPMU (I just trialled it) and I reckon that we could hack it as a fourth element to the form... but how???

Will have a crack but probably beyond my level of code-understanding... does anyone else wanna have a go or think that this is a worthwhile first attempt at stopping the buggers?

Cheers, James

Ah ha... so Akismet is also dealing with splogs http://radiantmarketinggroup.com/2005/11/28/wordpresscom-is-now-available-for-everyonesploggers-included/

Now, here's a question... is it just a single license to get it to run on the 'blog creation' side of things?

Or are we on our own unless dough can be coughed up?

Farms, I agree. The need is urgent. The potential for each day that passes can quickly swamp a database with useless tables, etc.

Also, I saw elsewhere in the forum that in the latest build, when you delete a blog, you do 'not' actually delete all of the tables created - just the account. This needs to be changed in the next version, too.

The captcha idea seems like the best quick solution (even if only temporary) that should be built into the platform right away.

my work friend has best idea .. and it can be done at home :0)

all you will need is..
1x 6x4 plank of wood
1x lengh of towel
an assortment of nails and screws

place towel at bottom of wood to form a handle
and place nails and screws in other end and tada

a de-spammer
ok maybe not the best but it did make me laugh and took some of the stress away from clicking delete :0)

the spam has stopped. nothing at all for a few days :-/
i have found a way to stop any spammers by way of a blacklist

i will post details soon

Richard

For me a simple way to stop those spammer is by :
1. first create a simple @gmail.com email (since its fairly big enough) and send reports of all registerred account there [including ip, email etc..].
2. Whenver i see lots of new blogs, i verify the ip if there are almost the same 9most of the time they are the same thing), also notice the email from which the trend is going on.
3. finally just add a "deny from xxx.xxx.xxx.xxx" in htaccess.

http://matrixmonkey.stuffabout.me.uk/2006/01/30/stop-the-spam-with-htaccess-and-let-them-know/

this is the method i used

it blocks them and forwards them to a page to let them know they have been blocked (just incase the new i.p owner is legit
(of course with google adds on it ;P )