WordPress MU

Being honest on the title. :)

I've been going through and removing spam blogs today and getting rid of never used blogs. (More about the second half later on)

Anyway, here's my list of blocked domains that do nothing but register spblogs on my sites. Feel free to post your own. I'm sure I have more and I'm getting real tempted to start blocking the hotmails of the net.

Hope this helps,
-drmike

forex-broker-news.com
lawyer.com
163.com

here are mine:

chazears.biz
altaairconditioner.info

This is going to sound extreme but I'm considering banning all .info domains... too much splogging.

Otherwise: 126.com mail.ru .info

Users from mail.ru have been spamming my drupal site and i've put that domain permantly in my sh*tlist. It drove me insane.

Heres a few others

cashette.com
gawab.com
web.de
yoricksite.biz
newpostcash.org

Others you may wish to consider are located here

http://www.securitywatch.co.uk/forum-spam/more-spam-emails-183.html

info-webs.org

Disagree on the *.infos by the way. I host a couple hundred of them.

I noted web.de and cashette.com a few days ago. I've gone ahead and added them.

I'm going to submit a ticket to get the Banned domain adress line made into abox or something larger. It's too small for me. :(

I would also like to see the usage of a default ban list but I don't know if Donncha would go for that.

Made the text box into a textarea which should make the list easier to enter.

We probably need some sort of plugin that throttles registrations in a smart way to stop the spammers.
Or what about something that sends an email to the site admin giving a summary of signups during the day? Count by IP, registration domain, patterns in blogs like xxxx1, xxxx2, xxx3 etc.
Anyone want to code that?

Sure, why not.

For the registration, I assume you're thinking of some kind of flood control?
Like block ip's that try to register more than once within the last XX (like 60 seconds, or 15 minutes, or 24 hours)?

Sign-up summary wouldn't be difficult.

My only "concern" is (last I looked) there weren't any hooks for registration functions.

Me personally, I'd love for there to be some hooks for all the signup functions so I can quick hacking in my registration captcha. :D

Of course, it would help out for the flood control deal as well.

I have to agree that some sort of registration hook would be great.

We could include Terms and conditions boxes there, capchas etc without hacking core.

I have to admit i haven't put the capcha back on on 1.1 yet as i'm truly trying to not hack any core files.

Not hack core files? I couldn't live with that. Have 17 of mine hacked to get the stats program running, new links load upon blog creation, the internal feeds to show up on the wp-admin/index.php page, the ToS/AUP to show up on the signup page, (I need to put that back in) etc.

Friendly reminder that I mentioned the idea of seeing the IP address where an account has been registered from was something I suggested a while back. I know you made mention that it's in the table but it would be easier to do a lookup if it was available on the wp-admin side.

Maybe on the edit user page as a display instead of a field that can be edited maybe?

There are plenty of hooks already in wp-signup.php - look through the file for do_action and apply_filters.

Most of it should be self explanatory, but it might take a while to get your head around because it's not simple.
Hopefully I'll get around to posting something about those hooks on the wiki at some stage next week because it's something I've been meaning to document for a while.

Oh that would be really handy Doncha :)

Strange Donncha, I guess I flat out missed them then.

I'll breeze through them later this evening and see what's cookin.

I have yandex.ru on my list as of this morning.

Regards,
-drmike

Looks like we can add in highestnet.info to that list as well.

I also have 126.com and chazears.biz banned.
ibuzzmachine.com is not yet mentioned in this thread.

Also agree on the mail.ru

Why doesn't someone write a akismet.mu, where it simple tracks IP address of blog signups. Then each MU Admin can adjust the tolerance. So maybe they would allow a new signup every 7 days per ip, or every 12 hours etc. As it being a central database, on ALL Mu blogs, it would be very effective. Once a ip or domain gets flagged, it would go back to the central database and prevent the spammer from signing up at any MU account.

This isn't a hard project, and actually would consider doing it myself if it was something people would be interest in using, so please let me know.

Brad

Agreed as it being easy but blocking IP addresses wouldn't affect it. For example, I could move two tables over and be in a completely different class C. Go upstairs and I would be in a third class C. (I'm sitting in a university library currently.)

I'm still eyeing gmail and yahoo though as they lead my spammers.

I did note that highestnet.info is still bale to sign up even though they're on my list. I opened a ticket about it with trac on the issue.

Adding the following:

wanettavais.info
tashiavanhamme.info
lynellvantrump.info
alejandrinarynes.info
sheryllvasaure.info

For starters, consider whoo and Balupton's WP-Deadbolt plugin http://www.village-idiot.org/archives/2007/01/10/wp-deadbolt/ to prevent people from registering with domains you don't like. Then update the plugin's array. Here are the domains I no longer permit to create an account:

$badmails = array(
	'126.com',
	'163.com',
	'2youm.info',
	'alejandrinarynes.info',
	'altaairconditioner.info',
	'blah.org',
	'bumpymail.com',
	'cashette.com',
	'centermail.com',
	'centermail.net',
	'chazears.biz',
	'discardmail.com',
	'dodgeit.com',
	'e4ward.com',
	'email.net',
	'email.ru',
	'emailias.com',
	'fakeinformation.com',
	'forex-broker-news.com',
	'front14.org',
	'gawab.com',
	'ghosttexter.de',
	'ibuzzmachine.com',
	'info-webs.org',
	'jetable.net',
	'kasmail.com',
	'lawyer.com',
	'link2mail.net',
	'lynellvantrump.info',
	'mail.ru',
	'mailexpire.com',
	'mailinator.com',
	'mailmoat.com',
	'messagebeamer.de',
	'mcn.com',
	'mtmlcore.info',
	'mytrashmail.com',
	'nervmich.net',
	'netmails.net',
	'netzidiot.de',
	'newpostcash.org',
	'nurfuerspam.de',
	'privacy.net',
	'punkass.com',
	'sheryllvasaure.info',
	'sneakemail.com',
	'sofort-mail.de',
	'sogetthis.com',
	'spam.la',
	'spambob.com',
	'spambob.net',
	'spambob.org',
	'spamex.com',
	'spamgourmet.com',
	'spamhole.com',
	'spaminator.de',
	'spammer.com',
	'spammotel.com',
	'spamtrail.com',
	'tashiavanhamme.info',
	'trash-mail.de',
	'trashmail.net',
	'wanettavais.info',
	'web.de',
	'wuzup.net',
	'yandex.ru',
	'yoricksite.biz'
);

Nice list, but MU already has a "disallow from domain" function. So the plugin part isn't needed, but that list is quite appreciated.

The thing with web.de, mail.ru and yandex.ru is that they are yahoo.com or aol.com equivalent. You can't really block them if you cater a particular region (PITA esp. in Europe). Imagine e.g. a German MU site blocking yahoo.com ... That's just weird and may be even slighty ignorant to other countries (or services the operator simply may not be aware of).

The best way would be to have a wiki page where each one of us can add their sh*t list domains, so any one can access the whole list and ban those sites:)

-1 Gotta admit that I would rather see who's suggesting them and if I trust that person.

No offense meant of course.

Add in etwe.com :(

It's nothing but a link site anyway.

inbox.lv

is a new one on my list as of this morning.

i am getting slammed with fake@gmail.com accounts.

Can't really do anythng about gmail unless you want to block them for good.

Well, if they are fake though, then they shouldn't be fully signed up, right?

I'll admit that a good share of users on any of my domains have gmail accounts.

I think demon means that they're just spammers using those accounts and not true users.

I'm dropping ev1/theplanet IPs into my block list. Hmm, I wonder why. (They've been blocked at the router level for years)