WordPress MU

Why doesn't someone write a akismet.mu, where it simple tracks IP address of blog signups. Then each MU Admin can adjust the tolerance. So maybe they would allow a new signup every 7 days per ip, or every 12 hours etc. As it being a central database, on ALL Mu blogs, it would be very effective. Once a ip or domain gets flagged, it would go back to the central database and prevent the spammer from signing up at any MU account.

This isn't a hard project, and actually would consider doing it myself if it was something people would be interest in using, so please let me know.

Brad

Difficult? No.

Cost someone out the butt for bandwidth, network, etc? Yep.

The joy of an "unlimited" bandwidth service.

I love this idea!

There's no such thing as 'unlimited bandwidth.' Companies may promote themselves as having such but almost always (if not always) there's a clause within their ToS that says that there's limits or they reserve the right to either limit you or boot you if you use too much.

Even with 3 gigs to the net, there's a limit.

But anyway, I like the idea but it's too easy to get around IP blocks. Heck I just have to switch chairs to get into a different class c.

Ok, maybe not unlimited but I think I could warrant the traffic expenses for this project, in exchange for some link love.

Yes it is easy to get around, but the idea is to make it harder for the spammers. Any attempt to bot attack mu blogs would be detected much faster.

With a central database, you could restrict it to 1 ip or e-mail sign-up per week. So you could move to the left DrMike, and sign up again, but then what, your two IP's are now used for the week. And you are stuck waiting 7 days before you can create a blog on any Mu.

The best part, as we see patterns emerge, we could add permanent blacklisted IP's. These are IP's which have been reported as spammers. So they would never be allowed to post again. I see people are slowly growing their own blacklist, having it as a central database would save beginner alot of frustration.

You would also have to deal with those on the AOLs out there who change their IP address with every click.

I like the idea. I'm just playing devil's advocate here.

I like the idea too and I just remembered the DCC spam service. If I remember right, it kind of generates a hash out of a spam mail so it is recognizing slightly altered spammails too (if I remember the concept right) could't we do that to calculate a (fuzzy) hash out of the IP and signup domain so that when a spammer tried to signup with a slightly altered email, from the same domain though, same IP or maybe other IP same email address he gets stopped for a week or another period of time depending on the percentage of consistency of the fuzzy hash?

The nice and appealing thing about this system is, that lets asume a spammer signs up on drmikes system, severall times, using different IPs and different emails from same domain, when he tries to splog our blogs too, he wouldn'T be allowed to do that :-) I love the idea, god knows how many sploggers have read andrews (right?) list of wpmu hosters and then used that list to sign up onto all of them one after another ?

I thought about providing this service through wpmudev many months ago. The only problem is (as mentioned above) dynamic IPs. However, if someone does build such a service and would like me to point a subdomain from wpmudev to their server, i'd have no problem with it. say blacklist.wpmudev.org or whatever.

I really like the comment plugin where you have to solve a CAPTCHA to post a comment.

The CAPTCHA comment plugin I use has reduced comment spam by.. about 100%. I'm thinking about adding a CAPTCHA for signing up blogs too.

I have a big problem "spam"-blogs. However, I don't see IP-based blocking as something that would solve anything at all. They are as good as useless.

I actually think "by e-mail address" would be better than by IP, but that too is kind of worthless. Sorry to say so, but the only real solution seems to be to _manually_ check blogs after 1 week and manually remove pure spam blogs..

The reason I don't like IP blocks is that many ISPs give out dynamic IP-adresses. Your a dissident who want to blog about human rights violations in your country, but now you can't, because someone else who happens to share your ISP posted a spam blog and you're banned. Banning a /24 or /16 is the only thing that would make sense if you get like 20 different IPs signing spam-blogs from one /24, and as mentioned, that's kind of bad.

By e-mail is also sad for many reasons, you can't block everyone using @gmail.com just because 10 people form gmail behaved bad.

I use the sitewide RSS feed, which makes it very easy to read new posts and see which are spam. If you nuke spam-blogs after 30 minutes every time then eventually the spammers will just give up.

Making it harder to sign up for a new blog may be a partial solution, but keep in mind that you do not want to make it so hard that the poor tortured people in countries like Norway can't sign up and tell the world how the Norwegian government pretends it's a democracy while torturing anyone who speaks out against it.

After thinking for 10 more seconds, and reading the first post once more, the "Once a ip or domain gets flagged, it would go back to the central database and prevent the spammer from signing up at any MU account." statement has some very interesting implications.

This "bradmkjr" guy seems to write about things I want to censor. I want to censor his blog about human rights violations, and I don't want annoying "bradmkjr" to get the truth out everywhere else.

So I just report that "bradmkjr"'s IP is sending spam to the central service, and I report 10 of his dissident friends as spammers to, now, without any more trouble than running a WPMU I've effectively prevented "bradmkjr" to get the word about about human rights abuses in his country anywhere...

Keep in mind that someone who signs up to take part in such a "spam blacklist" may do it to censor blogs who are NOT spam, but ARE annoying to the power elite.

Tis true, as a few bad apples could abuse the "system" for all.

For me, all I need is Bad Behavior, and a captcha.

It won't stop a non-bot, but those are few and far between. Had a few, yes. But compared to how many would be there without it, it's tolerable.

I'm kind of thinking out loud here, but I'm also considering adding something in where pings aren't sent out (like to pingomatic, etc) until the post id is greater than 5, maybe 10.

Or something like that. Either that, or once a blog is created, not allow pings for maybe 24 or 48 hours.

This way, if a spammer does "take their time" to physically sign up, it isn't being blasted to update sites.

The above, combined with myself and assistants reading the sitewide feed, should at least keep it to a minimum, and minimize the impact when the few slip through.

Akismet for splogs - sounds great!

xiand0, I read your post very carefully and understand the issues. With any centrally administrated service there is a chance of abuse.

BUT...
with my understanding of the MU interface, an administrator can create a new user and blog, without going through the sign up process. If someone wanted to create a new blog, but was on the list, they could simply e-mail the administrator, who could create the account and blog. Once the blog is created, there is no further connection to the ip blacklist.

"Build it and they will come"..
I think I will just have to build the system and see how it works. It will not be a solve all, but with this and a captcha system this should cut down on spam signups.

If someone wanted to create a new blog, but was on the list, they could simply e-mail the administrator, who could create the account and blog.

Would they though go through all of that?

Bad Behavior, plus captcha, makes this "idea" unnecessary.

Bots are the biggest problem, and some form of captcha kills that.

There was a service like askimet, only it wasn't as restrictive. I was going to make their wordpress plugin mu compatible, but I can't find it. Maybe if someone were to search google, they could find it.

Doesn't ring a bell with me. I can name a dozen anti-email spam services off the top of my head though.