The MU forums have moved to WordPress.org

Spammed MU (19 posts)

  1. SamSB
    Member
    Posted 13 years ago #

    I was recently looking on the admin panel of my mu install. Turns out I have over 5000 blogs that have been created by bots. I've disabled registrations. But how can I blacklist their ip(and find their IP) then erase all those blogs

  2. VentureMaker
    Member
    Posted 13 years ago #

    Finding out their IPs - check your access log.
    Banning IPs - check for WP Ban plugin.

  3. tdjcbe
    Member
    Posted 13 years ago #

    I'd just drop the IP address into a deny in the .htaccess file or add them to the box's firewall if you have access. Adding a plugin that will get read each and every time your wpmu gets accessed (ie multiple millions of times a month) is just an increase in processor use.

    The IP address used is recorded in your registration table in your database. You just have to match it up. Make sure though that you do a whois first to be sure it isn't an IP address you shouldn't be blocking. (ie An AOL address where millions of folks come though.)

  4. Klark0
    Member
    Posted 13 years ago #

    Rename your wp-signup.php to something else and use WP-HashCash when you're ready to re-enable signups.

  5. buzz_lightyear
    Member
    Posted 13 years ago #

    hi,
    as i see the number 5000 in the first post...
    isn't this the same as http://mu.wordpress.org/forums/topic.php?id=10066
    ?

  6. buzz_lightyear
    Member
    Posted 13 years ago #

    sorry, please disregard my post above. I mixed two topics together in my tired mind.. ;)

  7. SamSB
    Member
    Posted 13 years ago #

    Thanks for the feedback everyone :)
    Can someone tell me where my accesslogs are?

  8. SamSB
    Member
    Posted 13 years ago #

    Also I can't even access phpmyadmin because the amount of blogs crashes it.

  9. VentureMaker
    Member
    Posted 13 years ago #

    Use something like MySQLFront to connect remotely.
    Also, you can run SQL queries with this: http://www.phpmybackuppro.net

  10. tdjcbe
    Member
    Posted 13 years ago #

    You should be able to download a copy of your mysql database as well via the webhosting backend. Use a text editor like Ultraedit to do a search for the ip address.

    Backups are a good idea anyway.

  11. MrBrian
    Member
    Posted 13 years ago #

    Find the IPs of the spammer in the wp_registration_log table of your database. Then to mass delete blogs by IP, you can use WPMU Power Tools and insert this code into the php executor for 1 time execution:

    $ip = 'IP HERE';
    $blogs = $wpdb->get_col( "SELECT blog_id FROM {$wpdb->blogs}, {$wpdb->registration_log} WHERE site_id = '{$wpdb->siteid}' AND {$wpdb->blogs}.blog_id = {$wpdb->registration_log}.blog_id
    AND {$wpdb->registration_log}.IP LIKE ('%{$ip}%')" );
    if ( !empty($blogs) ) {
       foreach ( $blogs as $blog ) {
           wpmu_delete_blog( $blog, true );
           $deletedblogs_count++;
       }
    echo $deletedblogs_count ." blogs were deleted with IP " . $ip;
    }
    else
    {
         echo 'No blogs matching that IP.';
    }
  12. tdjcbe
    Member
    Posted 13 years ago #

    I'm real iffy about using a mass delete like that. Considering all those AOL IP addresses that send all their users through a few IP addresses, it;s too easy to do a false positive.

    There is an IP search on the Site Admin -> Blogs page though that will find these for you.

  13. MrBrian
    Member
    Posted 13 years ago #

    Yeah I agree you have to be careful about the IP if spammers use proxies or AOL ip's, but it's very rare chance that the spammer and a legitimate user in the system will match IPs. Plus were talking about 5000 spam blogs, not a few dozen.

  14. SamSB
    Member
    Posted 13 years ago #

    Thanks for the feedback. When trying to use phpmybackup I get this error:

    Fatal error: Allowed memory size of 134217728 bytes exhausted (tried to allocate 78 bytes) in /var/www/mywordpressmuinstall.com/htdocs/backup/functions.inc.php on line 592

    This is SUCH a pain.

  15. MrBrian
    Member
    Posted 13 years ago #

    I use a desktop SQL manager instead of PHP because you just run into so many problems with PHP database managers on large databases. SQLyog is what I use, and it's fast.

  16. andrea_r
    Moderator
    Posted 13 years ago #

    @mrbrian - yep, agreed. I recently went through a system banning IPs and got HUGE ranges of known spammers. When you start blocking with wildcards, then you know it's bad.

    (ie; something like 84.0.0.0 through 84.255.255.255 - that's the kind we're talking about.)

    @Sam - go command-line and do a mysqldump. :D

  17. SamSB
    Member
    Posted 13 years ago #

    @andrea_r - I'm not advanced at mysql using a command line. Do you have a tutorial on how to dump it via the command line?

  18. MrBrian
    Member
    Posted 13 years ago #

    Here ya go:
    http://www.devarticles.com/c/a/MySQL/Backing-Up-Your-MySQL-Databases-With-MySQLDump/

    But once again, you could just use SQLyog. The community edition is free and can do mysql dumps and backups easily.

  19. SamSB
    Member
    Posted 13 years ago #

    Every 5 have different ip's.. What do I do?

About this Topic