The MU forums have moved to WordPress.org

Spam blogs (14 posts)

  1. Aero7
    Member
    Posted 14 years ago #

    Once I set up WPMU the spam blogs started coming. I looked through and alot of blogs are being made and I dont know how to stop it. Even a retarded bot can make blogs on the standard WPMU.

    So is there a plugin that makes it a little harder to make blogs, some recaptcha stuff or any image verification tools ?

    I want the blog to be a service to my members, not bots :)

  2. tdjcbe
    Member
    Posted 14 years ago #

    Please search the forums here for splogs. To be honest, this topic has been beat to death here. I've gone a head and added the splog and splogs tags to this thread to give you a start.

    Some folks have given this a try with varying degrees of success:

    http://www.darcynorman.net/2009/05/20/stopping-spamblog-registration-in-wordpress-multiuser/

    Please be sure to provide an out for people who get caught accendidently via that method.

    I believe the readme file included with the download includes some links as well.

    You'll discover that a large portion of the splogs being created are usually coming from a small number of IP addresses. Blocking them either via a block in the htaccess file or at whatever firewall you;re running is also a solution.

  3. Aero7
    Member
    Posted 14 years ago #

    Thanks :)

  4. andrea_r
    Moderator
    Posted 14 years ago #

    The readme has 3 links in it with methods for stopping splogs. :)

    Also, as stated above - IP bans. And check out site admin -> options for blocking specific email domains.

  5. modifiedcontent
    Member
    Posted 14 years ago #

    Is there no way to block emails wildcard, like *.info and *.co.cc?

    I've done many searches, but don't see that addressed anywhere. Blocking by domain is just useless.

  6. andrea_r
    Moderator
    Posted 14 years ago #

    No, not yet.

    There are plenty other methods of stopping bots though. Three links are given in the readme.txt. Do all of them.

  7. kgraeme
    Member
    Posted 14 years ago #

    WordPress is opensource and has an extensive plugin architecture. It is designed to allow you to customize it if it doesn't suit your needs out of the box.

  8. modifiedcontent
    Member
    Posted 14 years ago #

    These three methods:

    http://ocaoimh.ie/cookies-for-comments/
    http://wordpress-plugins.feifei.us/hashcash/
    http://www.darcynorman.net/2009/05/20/stopping-spamblog-registration-in-wordpress-multiuser/

    ...are mostly about comment spam. Akismet takes care of that nicely. They don't seem to do anything for registration spam.

    The hashcash plugin is compatible up to version 2.6, last updated 2008-7-30. Hashcash relies on wp_head and comment_form hooks; how does this have anything to do with registration/blog spam?

    I can't figure out the darcynorman solution:

    # BEGIN ANTISPAMBLOG REGISTRATION
    RewriteEngine On
    RewriteCond %{REQUEST_METHOD} POST
    RewriteCond %{REQUEST_URI} .wp-signup\.php*
    RewriteCond %{HTTP_REFERER} !.*ucalgaryblogs.ca.* [OR]
    RewriteCond %{HTTP_USER_AGENT} ^$
    RewriteRule (.*) http://die-spammers.com/ [R=301,L]
    # END ANTISPAMBLOG REGISTRATION

    Are those dots (.) and stars (*) part of the code? Should I remove them? What is the REQUEST_URI in Buddypress? What would it be if I customized a lot of core files? What should I look for?

    BTW, couldn't that referrer check be part of the core code? Why is it necessary to hack the .htaccess for that?

    It is designed to allow you to customize it if it doesn't suit your needs out of the box.

    That's why I have to hack core files to get it to do basic things, like get firstname + lastname of members into the database somewhat consistently.

    Fixing basis security should not be an issue for plugins or customization. It's the heart of the package. If WPMU/BP does not get that right, Wordpress blog/social networks will become prime targets - probably already happening...

  9. andrea_r
    Moderator
    Posted 14 years ago #

    Uh, those three methods stop spam blogs.

    If you have Buddypress, try this:
    http://wpmututorials.com/how-to/spam-blogs-and-buddypress/

    Use the code exactly how it appears. the dots and stars are there for a reason.

  10. modifiedcontent
    Member
    Posted 14 years ago #

    I used the three methods + the Ban Hammer plugin. Even with the email myspacee.info blacklisted, they still get through with the exact same email. WPMU/BP apparently has zero security, leaking from all sides, unusable.

  11. andrea_r
    Moderator
    Posted 14 years ago #

    Are you on the latest versions?

    Did you delete spam users?

    Do you have "blog admins can create users" turned on?

  12. error
    Member
    Posted 14 years ago #

    Bad Behavior can help a lot with automated signups. I'm surprised nobody's mentioned it yet.

    It should work exactly the same whether it's installed in mu-plugins or plugins. If in plugins, it needs to be activated for your first blog.

  13. tdjcbe
    Member
    Posted 14 years ago #

    Bad Behavior can help a lot with automated signups.

    Maybe because it's used as a DDoS attack against government websites?

    http://www.darcynorman.net/2009/05/20/stopping-spamblog-registration-in-wordpress-multiuser/#comment-195087

    Reference: http://serverfault.com/questions/51743/reroute-ddos-to-fbi-illegal

    I actually hope it's not. Or at least there's a setting in there to change the redirect or even turn it off. Please feel free to correct me (and maybe comment on that comment) if this isn't true.

  14. error
    Member
    Posted 14 years ago #

    Bad Behavior does not redirect any traffic to fbi.gov (or anywhere else). I don't know why anyone would post something so obviously not true.

About this Topic