The MU forums have moved to WordPress.org

kakuro.cc spam (16 posts)

  1. billdennis5
    Member
    Posted 13 years ago #

    Did anyone else wake up this AM with hundreds spam registrations with email addresses from this domain?

    I suggest adding "kakuro.cc" to your list of banned domains.

  2. tdjcbe
    Member
    Posted 13 years ago #

    No, nothing in the logs here. I was going to comment about seeing them again since they being a GoDaddy registered domain (GoDaddy doesn't see domains being used to register for something as spam abuse) sitting on a Rackspace server (Rackspace do something about a spam report? Heh, you're funny.) but a quick google doesn't pull up any previous spam issues. And the domain was registered back in Dec 2005 so it's not a typical spam run.

    Rather interesting....

    edit: Although they must have had access to the mail servers for that domain. Is rather interesting....

    reedit: Forgot to ask: Was this from a single IP address or many of them? That's usually what we go after.

  3. billdennis5
    Member
    Posted 13 years ago #

    I Power Cleaned the bastards. Can't tell now what IP he/she/it used.

  4. VentureMaker
    Member
    Posted 13 years ago #

    It could be that someone pretended to be kakuro.cc
    Or that they were hacked, as tdjcbe mentioned.

  5. Pegasus-18
    Member
    Posted 13 years ago #

    I've done a deeper research since I faced a few registrations with that addy as well, but nothing found either. So I think they've been really hacked and no need to put them on the list.

  6. blogz
    Member
    Posted 13 years ago #

    I never got any spams or splogs from that domain whereas i see hundreds of splogs from the following domains :(

    ultimatemerchandise.info
    salesfast.info
    dealmore.info
    productsales.info
    thebestmerchandise.info
    holycowsales.info
    getgreatsales.info
    dealsace.info
    salesprogram.info
    holycowsales.info
    greatdealsanddiscounts.info

    even when i have blacklisted all these domains and use recaptcha on signup still i get splogs from these domains emails :(

  7. tdjcbe
    Member
    Posted 13 years ago #

    There are many folks in the spam fighting community who believe that any *.info domain is automatically spam. (They gave them away for free when the TLD was first introduced.) I personally disagree as we host about 800 of them ourselves but we run into problems with them sending email from those domains.

  8. blogz
    Member
    Posted 13 years ago #

    tdjcbe - I agree to what you just said but the thing about which i was wondering about is that i have applied recaptcha on signup page as well as blacklisted all the above mentioned domains but still the splogs are created almost everyday. I added the person's IP address to IPTABLES but next day i found new ip creating splogs with same domains as the person might have dynamic IP. But the thing which looks more like a fantasy is that they are able to break recaptcha and also the banned email domains list

  9. andrea_r
    Moderator
    Posted 13 years ago #

    Blacklisted where?

    If you mean the banned domains list, please make sure you have them in there properly as it *does* work.

    Also, you have to delete the *user* that has created the spam blogs as well.

    It's pretty easy for bots to break the recaptcha on signup.

    We've got a slog stopper in the member area on http://musupport.net, and it's there (rather than public) so spammers don't figure out how to get around it.

  10. blogz
    Member
    Posted 13 years ago #

    yes i did mean that banned domains list. and i have also deleted all the splogs and their users but they still get to create new users with same domains. even when i banned their ip with iptables still they do that. Now just waiting for the montyspam's anti-splog release for wpmu 2.7

  11. andrea_r
    Moderator
    Posted 13 years ago #

    The banned *email* domain list works. You have to ban the email domain they signed up with. And it has to be in there correctly.

    If it's not working, likely they aren't in there properly.

    And for a short term solution, you can hack the signup page & rename it and/or moderate the signups.

  12. billdennis5
    Member
    Posted 13 years ago #

    Andrea: At one time (a year or more I think) you pointed me to some instructions on how to rename your sign-up page and what other changed need to be made. I would really like to give that a try, but I also am wary of how it might effect some paid-for plugins from Premium WPMUDEV.

  13. andrea_r
    Moderator
    Posted 13 years ago #

    "I also am wary of how it might effect some paid-for plugins from Premium WPMUDEV. "

    Only if the plugins in question hook into the signup page. Would be easy to check and see if they use any hooks or call the page directly.

    Otherwise, make a copy of wp-signup and call it something else. In wp-signup, put a die at the top.

    Inside your new copy of wp-signup, there's about 4 places where it calls wp-signup.php. Change that to your new signup page name. that's it.

  14. andrewbillits
    Member
    Posted 13 years ago #

    I can't remember any of our plugins calling wp-signup.php. All of the signup form plugins just use the hooks. So you should be just fine.

    Thanks,
    Andrew

  15. blogz
    Member
    Posted 13 years ago #

    andrea_r - I am not sure why but after i made few changes in my wpmu 2-3 days back i just had 1 splog since then, seems like the banned domains list wasnt working earlier due to i left out something but i think its working now thats why no more splog signups

  16. billdennis5
    Member
    Posted 13 years ago #

    Thanks Andrea, Andrew.

About this Topic

  • Started 13 years ago by billdennis5
  • Latest reply from billdennis5