The MU forums have moved to WordPress.org

Sign up Splogs Stopper Plugin request (11 posts)

  1. LaSet
    Member
    Posted 6 years ago #

    Hi

    Can someone make plugin/hack for sing up form something like this? http://blue-anvil.com/archives/wordpress-comment-spam-stopper-plugin

  2. drmike
    Member
    Posted 6 years ago #

    Why not just use that one?

  3. suleiman
    Member
    Posted 6 years ago #

    apparently he's looking to stop splog signups and not comment spam doc.

    my own feeling is the CAPTCHA is the best way around this. definitely helped me out.

    that having been said, someone did try to register "livesexcam" at my domain just yesterday.

    thank goodness for the admin e-mail on blog signup code :)

  4. Farms2
    Member
    Posted 6 years ago #

    There's always this but it's bust in 1.2.1 http://mu.bloggles.info/2007/02/10/updated-wpmu-captcha-registration/

    If anyone has a fixed up copy they'd be, like, totally great if they shared it!

    We should be generous in the fight against spam :)

    Incidentally, I installed this in mu-plugins across edublogs just a bit ago for comments spam, and it *absolutely rocks*: http://tantannoodles.com/toolkit/spam-filter/

    You'll want to edit the display text and remove the tantan auto updated but otherwise it's a GREAT way to blog a whole heap of annoying comments straight off the bat.

    I've given up on SK2 by the way... it's just too complicated / too many issues :(

  5. lunabyte
    Member
    Posted 6 years ago #

    The bad part with sign-up's is that there just isn't any information to really filter against, other than the requested name and looking for the v, c, d, or other "dirty", "spammy" word.

    Really, there are only two real solutions.

    1) Use a traffic filter, and a captcha. Then, using a combination of new blog notification to the admin, and perhaps ping options (as I've mentioned before).

    You'll cut a lot of it out, but it won't be 100% foolproof.

    2) Use a "dummy" sign-up form, combined with an invite system.

    This makes it more difficult. More like a registration approval system, with an exception if the user has a valid invitation code.

    The problem with this, is that it doesn't exist yet, and that even if it did a site admin would have to actually approve registrations, which in some cases is not desired.

    You can check against known email addresses used, but that is only as good as the data input, same goes for the username.

    To me, it seems that users want to register and start right now, and waiting even 30 minutes to be approved is going to be a turn off.

    To be honest, there is not an easy fix. The less information you have to work with, the harder it is. I'm sure even the "holy grail" of MU, wordpress.com, has to fight this battle as well. Note, they don't even have a captcha.

    The only thing you can do it stop as big a chunk as possible, and then take steps to minimize the results of the ones that do get through.

    Again, for me, I use option 1 above.
    Here is what I have going on, for the record.

    - Bad Behavior
    - Captcha
    - JS checkbox (for agreeing to TOS)

    This stops bots, the majority of BS registrations.

    A spammer actually sits there and registers...

    - Admin(s) notified of all new blogs created
    - New blogs do not ping outside sources
    - New blogs do not show up in site-wide feed
    - New blogs do not show up in other site-wide/community features

    I base the last 3 off of post ID's. Most spammers put up one post, maybe two, and roll on to the next target.

  6. Farms2
    Member
    Posted 6 years ago #

    I suspect wordpress.com has integrated akismet into the signup process... but I could be wrong.

  7. lunabyte
    Member
    Posted 6 years ago #

    I'm sure they have something unseen in place, but I do recall it being mentioned that they still get their share.

    I'm curious as to what/how their filtering. In a general description, mind you, because I know that we'll never know the actual code and such. A simple, "We check usernames for certain character combinations", or "We check email addresses associated with akismet comment submissions", or whatever would be cool. Granted, to be honest, I don't remember if we've flat out asked Donncha about it. (D, I'm "kindly" asking :D)

    We're fighting a good battle against the comment jackasses, but right now it isn't too good on the splog side.

    That in mind, maybe a check of the post content, that if they get past whatever measures an admin implements during sign-up, the first X number of posts are run against some sort of filter. If it comes back as "pretty damn sure it's spam", the blog is automatically turned off, the post content saved for admin review, and the admin notified. From there, the admin can make the final call.

  8. Farms2
    Member
    Posted 6 years ago #

    I think that preventing splogs from having an effect is great, but then again so does nofollow.. and that hasn't exactly calmed them down in the comment department!

    I'd argue that 90%+ of splogs are auto generated, if we can block that then we're 90%+ better off.

    And no offense to Akismet, it's brilliant in both how it works and how it is offered, but it needs to be OS.

  9. lunabyte
    Member
    Posted 6 years ago #

    James, the API for it is. But, I can't necessarily blame Automattic for keeping the rest of it behind closed doors.

    Why? I'm a money mongrel, right? Um, no.

    Why let the spammers have access to your code, so that they can figure a way around it?

    By no effect, or limiting the damage, what I'm referring to is this.
    They may make it into the system, but I can keep them from "telling the world" about it. Meaning, pingomatic or other services are not pinged upon the submission of a new post, for the first few posts, and they aren't added to the site-wide feed either.

    Then that gives me time to see their registration notification, review their site, and if their a spammer I can kick em out.

    @Doc:

    Might be a good "recommendation" for users to modify their site-wide feeds, so that mutags doesn't pick up a bunch of junk.

    As in:

    AND post_id >=3

    in the post select query of the site-wide feed plugin. ;)

  10. drmike
    Member
    Posted 6 years ago #

    apparently he's looking to stop splog signups and not comment spam doc.

    Oh sorry. Missed that.

    I suspect wordpress.com has integrated akismet into the signup process

    Kind of doubt it as 1) We're still seeing them pop up by the ton and 2) no one has complained yet about having their email domain blocked.

    @Doc:

    Hmm, good idea. Gotta admit that I'm manually reviwing the feeds before I pop them in. I sit on top of my Mu install anyway. The Recently updating list is going to disappear Monday I think from the front page and mutags will have a 90 day autodelete I think just to save space. (I only have 10 gigs with these folks and that kim possible screen cap site kills a lot of it.)

  11. lunabyte
    Member
    Posted 6 years ago #

    Yeah, 90 days of recent activity is probably sufficient. Maybe later on 30 days would be tops, depending on # of feeds, etc.

    Kinda hard to keep some of the stuff in Google/Yahoo/whatever from 404's maybe, but since all the links to the post are to the original site, it might not be that bad.

About this Topic