boindk
Member
Posted 15 years ago #
Hi
Can anyone tell me how it is possible to signup up when our blog is protected with a captcha validation. Tha validation is done in such a way that only danish people will understand and know how to answer the questions given (also in danish).
Is there somekind of a "backdoor" I know nothing about where you can cheat with the signup process?
Our blog is currently not linked to from any page so it should not be accesible unless you know the domain name but even so it has nearly 300 unwanted signups with porn etc.
What to do?
Renaming wp-signup.php to what ever you like.php knocked out 99.99 %
Adding a security question took care of the rest!
Take this code and Name it signup_question.php
or what ever and put it in your mu-plugins folder
no problems yet have 14 blogs so far on it all seem ok before doing this 100 + a day
Download Signup Question
http://wpmudevorg.wordpress.com/project/Signup-Security-Question
go to admin back end and click on site admin it should be one of the choices
http://freeblog.co.nz
Bill007
*Edit: If you want to rename your signup page just run a search and replace for wp-signup in it and it works all fine
boindk
Member
Posted 15 years ago #
Thanks for all your replies.
However all answers deal with what you can do extra to prevent the spamming signup.
I'm still interested in knowing how it is possible to sign-up when there is a captcha validation and what appears in an automated manner? There must be a "backdoor" of somekind and I'm really interested in knowing where... please help with this one.
If captcha is the only validation check you have - well, it's been proven quite a few times that scripts can get around it.
andrea_r: You once sent me some detailed instructions on how to change the name of a signup page. That would come in handy now.
Rename the file, look inside for the calls to wp-signup and change them to your new name. I think there's 4.
Also check BO for any signup stuff it does and see if it calls wp-sing as well, because it will have ot be changed.
So... all the extra fields in BP aren't stopping splogs?
(oh, she says, probably not because the sploggers have probably written their bots to check....)
We suggest to our users that they monitor the IP addresses signing up these splogs as many of them come from just a few specific addresses over and over again.
There used to be a thread here where we were sharing those addresses here as well.
But you have to let them in first. Sure that works if you already have some that got in, but not if you want to stop them before they show up.
Just installed, tryingn it now.
