The MU forums have moved to WordPress.org

WPMU-specific spam (20 posts)

  1. gestor
    Member
    Posted 18 years ago #

    A few days ago, three nonsense-ridden blogs were created in my system. They only published one post each, and it seemed 'automatic' text culled from the web. I see from my logs several entries from the same domain of the e-mails they used to sign up:

    http://theirspammydomain.com/wpPoster/aprove.php?url=mywpmuservie.com/ theirusername&step=1&keyword=whatever

    So, this /wpPoster seems a script to semi-automatically set up a wpmu account... You may want to check your own logs to see if they're on your system, too!

    I've marked them as spam... Do you know if the wpmu system to spot 'splogs' will take care of them from now on?

  2. lunabyte
    Member
    Posted 18 years ago #

    I'm hoping the captcha I've integrated into the sign-up process will kill most of that.

    To be on the safe side, it's entered on the initial sign-up, then on the next page when you verify the details as well. They're each different from one another as well, so the same code won't work on both pages.

    I've also got an agreement form on the initial sign-up page, with a checkbox that is generated with java. It renders the submit button useless until it's checked.

    Form submission is also tied to a session variable as well, transparent to the end user.

    Initially, I was just planning on having the details submitted, but not creating the new account. Then, myself or another admin would review the submission and either create the account or terminate the request. However, with the double captcha and some other stuff, I'm hoping to curb the majority of splogs.

    It won't prevent an actual human, but 99.99% of spammers don't waste their time with something they can't auto create with a bot. Newbie spammers are an exception usually, but strong moderation will weed those out.

    I'm also going to look at bad behavior as well, and probably SK2 for additional comment protection. Heavily modded though, I'm sure.

  3. Farms2
    Member
    Posted 18 years ago #

    Bad behaviour has been an absolute life saver - very little modding required, I'll upload my tweaked version to wpmu for you to try.

    If anyone has a captcha solution for signup that they want to share I'm sure it'll be pretty popular!

  4. Ovidiu
    Member
    Posted 18 years ago #

    @ farms

    what did you change inside bad behaviour? on my testsites it seems to be running ok, without mods... (inside the mu-plugins folder)

  5. lunabyte
    Member
    Posted 18 years ago #

    I can't remember if it's BB, or SK2, but one of the two was pretty "log happy", which created some much unneeded overhead in the db.

  6. andrea_r
    Moderator
    Posted 18 years ago #

    SK2 is log-happy. *sighs* Currently rewriting and taking that out. I think it added two log entries each time it cleared the log.

    It's an awesome spam catcher for a single install, but needs a bit of work to be really effective for MU.

  7. corourke
    Member
    Posted 18 years ago #

    That script seems to be located here:
    http://ireen.sarang.net/trac/browser/snippets/blogyltransferase/egloos.py?rev=615

    I've been looking through it trying to figure out how to block it.

    I'm not an entirely big fan of captchas. I know they're effective however I just don't like the extra inconvenience.

  8. lunabyte
    Member
    Posted 18 years ago #

    IMHO, captchas are a little bit of a pain. However, the trade off of having one and not having one is worth it.

  9. quenting
    Member
    Posted 18 years ago #

    do you really get spam blogs created ? I haven't seen one in several months of operating MU, I was even wondering if wpmu was somehow immune with the emailed password or something.
    I get *a lot* of spam comments and trackbacks, which are extremely well handled by SK2, but spam blogs... nope.

  10. bmonster99
    Member
    Posted 17 years ago #

    In the past month, I have had over 100 of these spam blogs registered on autiblogger.com, most of them within the past week :( I am using SK2. Haven't figured out how to prevent this yet; just been deleting them as quickly as I can after they are created. I would be very interested in the tweaked version of Bad Behavior, Farms2.

  11. andrea_r
    Moderator
    Posted 17 years ago #

    bmonster99, have you upgraded your code base? I hardly get any soam blog signups at all. Well, I've got them disabled at the moment, but even before that. Once I upgraded and got the two-step signup process, the level went way down.

    SK2 only helps with spam comments and trackbacks, doesn't affect the signup area at all. Mine's been stopping about 10K spam a week.

  12. zylstra
    Member
    Posted 17 years ago #

    "have you upgraded your code base?" - andrea_r

    Upgraded to what?

    I'm getting tons of blog spam. Any ideas? lunabyte, any practical info - like how to install anything you've mentioned?

  13. andrea_r
    Moderator
    Posted 17 years ago #

    Upgraded to the latest version of MU is what I meant.

  14. zylstra
    Member
    Posted 17 years ago #

    andrea_r, would upgrading my code base have any effect on blocking spam? I figured bmonster99 would be using 1.0.

    lunabyte, how do I install a captcha?

    Thanks.

  15. lunabyte
    Member
    Posted 17 years ago #

    I wrote my own.

  16. zylstra
    Member
    Posted 17 years ago #

    lunabyte, do you have time to share the code with us?

  17. lunabyte
    Member
    Posted 17 years ago #

    Nope, sure don't.

  18. mohamednazmi
    Member
    Posted 17 years ago #

    Search around. This might help.

  19. zylstra
    Member
    Posted 17 years ago #

    "Nope, sure don't." Cool!

  20. zylstra
    Member
    Posted 17 years ago #

    Thanks, mohamednazmi. It looks like your link might be a winner! I'll report back here.

About this Topic