WordPress MU

2.9.2

I have a wpmu/buddypress installation for our club and it works great, love it, but the spam/splogger problems are essentially shutting us down. I've been using all the techniques found over the last several months to deal with sploggers, and I get a page or two a day and it's manageable, I have some of it automated. I generally deal with it daily and it's no problem. Something must've changed in how these bots make these accounts or something, or I'm just very unlucky;

I neglected it over the long weekend and we got about 5000 sploggers and posts and there is NO way in the system that I've found to manage anything more than a page of 20 or so entries. I've covered all this in other forums and posts here to try and get this under control and I'm not here for that, that's a loosing battle and I'm essentially done fighting it with WP. What I want to know is, can I mass delete these blogs and spammers? I went into the table directly and ran an UPDATE on all the spam bits on these users, but that's not obviously the right way since I basically did nothing in what's visible on the site from these users.

I found this article: http://trac.mu.wordpress.org/ticket/669

but it makes a lot of assumptions about your ability to decipher how i would modify that for my situation.

Any guidance appreciated - plug ins, can I pay someone, etc...can I do something easily to change how many users are shown on the user list pages?...anything to just get it back to where I can interact with it a couple pages at a time?...

Related to that, I'm testing 3.0rc right now and I thought that new-user moderation was going to be there, but it's not jumping out at me? Anyone have any guidance there - I'm definitely not expending any effort into it if the spam/splogger fixes continue to be...esoteric.

Many thanks!

Please give this a looksee:

http://wpmu.org/wpmu-power-tools-plugi/

k, well that kind of seems like the one, you're the wo/man -thanks!!! - so I need to put together a string that deletes a blog, then have that command run on all the blogs (if I'm getting this right) steps would be

1. how do I backup the 7 blogs I care about
2. then nuke the site from orbit (it's the only way to be sure)
3. restore the 7 blogs I care about or acronyms and confusing terms that end up meaning "your blogs are gone"

then a similar one to delete all users after a certain date - any nudges or faqs would be helpful, thanks!

maybe I can ask simpler:

how can I delete all my blogs but leave my groups and stuff alone?

then how can I mass delete users, but not all of them - (I'm really asking, "can I just delete these from the tables using sql commands, or do I need to invoke some wpmu structure?"

if I recreate blogs, will anything be weird, other than them being high numbered blogs?

These seem like normal things you would need to do on these systems, but it seems non-trivial or uncommon.

I think that power tools plug in looks like the right guy, but it's not clear to me where to look to find out what command and in what language I would feed into it. Any documentation you can point me to, or keywords I'm going to be looking for would be helpful, thanks! I think in order to do what I want (DELETE ALL MY BLOGS on my wpmu install) I need to put together a php command that does that on a single (current?) blog and then put it in powertools, then it will run that delete command on all the blogs. Cool.

Any guidance on what command I would use or a reference with commands and samples? What about conditionals I could use to try and save some of it, but delete just blogs made after a certain date. I'd like to preserve my members blogs if I can, but I'm find that to probably be a loosing battle.

Solved: If you get hammered by spammers, just delete the directory and database and start over.

there is no way to delete blogs or users in groups more than a single page at a time in the product without being or hiring a software developer.

If you get hammered by spammers, just delete the directory and database and start over.

No, that just pisses off your users because you just deleted all of them.

Dealing with splogs have been dealt with many times here in the forums. For us, 80% of the splogs created come from the same series of IP addresses. A simple deny in the root .htaccess file deals with that. (And an email to the abuse desk of the datacenter in question with a copy of the logs if the datacenter is antispam.)

You need to be proactive with dealing with splogs.

I have been doing those things. Here is my htaccess file deny list (http://mbca-tc.org/BP/htaccess.txt) before I finally just gave up since the sploggerbots go through IPs so fast and the ips weren't anywhere I could find to automate it - other than pull from the emails (which I know could be automated, but I was trying to stay within the db). In any case here is my denied email domains list which I parsed from the user list with a script (http://mbca-tc.org/BP/blockedemail.txt) this grew by about 10 domains a day I suppose until before the long weekend when it exploded to 4000 splogs and I can't select enough users at a time to flag them to extract the domains - other than maybe getting them ALL, but I've closed off sign-ups now.

I did the htaccess redirect hack to dis-allow access and renamed things, moved to non-standard dir locations, and that cut things almost in half I would say, but at some point, when they're making hundreds over night and I can only do something to select 20 of them at a time - well that's all just silly.

Editorially, I really appreciate your response, I never thought contacting a data center would do any good, so I take that to heart. Those links aren't unfamiliar to me and I see a LOT of responses like "this can be solved with a simple bleh hacking the bleh" and as with most things like this you need to put in about 20 of these things in concert for any of them to be effective...and that's SOP, it's expected with these systems and I agree that I signed on for that when I choose this system but someone needs to acknowledge the crossing of purposes here. Those 20 things wouldn't be needed and I suspect the collective pain of thousands of admins like me would be completely relieved, totally fixed and forever unsploggable with a simple 'moderate user sign up' function - I mean we're moderating comments, but not user sign ups? Alternatively all of that would be unnecessary, if we could determine how many entries to show on a page. I hope 1000 is one of the choices, we'll need it!

As it is, after the insanely-simple one-click install, to either be a manageable, small number of users site or an SEO bot-net for sploggers is screwy proposition.

Is it the expectation that ALL wpmu admins be versed in these granular anti-splogger fixes? What percentage of wpmu admins do you suspect, are? Asked another way, what percentage of wpmu blogs out there do you suspect are essentially SEO-bot nets for sploggers?

Is it just like me and a few other loosers?

Any guidance appreciated.

Well, partly ypou're looking in the wrong spot. You have BuddyPress. It hijacks the regualr mu signup page and uses its own. So anythign in the forums here will likely not work for you.

Go search the BP forums.

yes, it can be an issue, but I can also tell you that the main BP site, the test BP site, and a few of the very large setups run by the regualr forum members have managed to stop the sploggers. There are TONS of workable solutions there. Yes, you have to do more than one thing. I've seen too many posts from people who were given 10 things to do, they did 2, then said it didn't work.

Also try Akismet.

here's a tip: look at your logs. All of 'em. Access logs and visits in particular. Cross-check that with signups. A hell of a lot simple use GOOGLE to find your site. Change the default text on the signup page. Strip out the standard 'powered by buddypress" in your footer. Those are extremely simple things to do.

Also, these simple things work for a short while. the spammers read the forums and the source code too. If the devs build in a lot of stuff , the spammers will just read the code and work around it. Stop them at the server level.

Many thanks for the response! Is there a consolidated list of all the recommended fixes in one place you can point to?

Not that I'm aware of. Probably to not let the sloggers have it easy. ;)

I do know there's an extensive and long single thread in the BP forums with every single tip in it.