The MU forums have moved to WordPress.org

How to stop Automated registrations? (33 posts)

  1. tohave
    Member
    Posted 15 years ago #

    Hi, my blog keeps registering not real users and puts adverts and staff on the blog!! I used to put some domains into blacklist but it stops any one from being registered!! is there a way to make registerants to put some letters (of does like image) in a box then send the registration?

  2. Ovidiu
    Member
    Posted 15 years ago #

    short answer: use the nice search we have here. suggested search terms would be "signup, wp-signup, captcha" just try and search before asking

    long answer: there are several approaches to this, myself I use a small javascript that forces users signing up to check a checkbox saying they agree to my TOS, another one is using a captcha or a php solution. Its been discussed a few days ago, again: use the search button.

  3. lunabyte
    Member
    Posted 15 years ago #

    My sign-up form is under protection by bad behavior, captcha, and a js checkbox.

    Needless to say, bots don't get through. The only ones that have have been idiots that actually sit there and register, log in, and paste their crap into a post. It happens, why they waste their time I don't know, but at least it stops it for the majority of the spamming bastards out there.

    Ugh, I hate spammers.

  4. sanjeevsarma
    Member
    Posted 15 years ago #

    FYI !!!

    I setup a captcha utility i discovered on these forums (wp-valid).

    works well in IE, not in Mozilla FireFox.

    Regards
    Sanjeev

  5. drmike
    Member
    Posted 15 years ago #

    Please remember that some folks do have issues with captcha, both with their browser setup and with their ISPs. I do hope you include contact information for those who have issues and are incorrectly blocked, right?

    Had a thought last night on the walk home. What if we required folks to type in their password after clicking on the link in the confirmation email?

  6. SteveAtty
    Member
    Posted 15 years ago #

    Visual Captchas are user unfriendly - its very hard to sign up if you are visually impaired, and to be honest I've got perfect vision and I sometimes have problems trying to decipher the jumbled mess offered up as letters. Research has shown that some visual captchas are no longer a barrier to bots signing up.

    Some people use logic type captchas which do seem to work quite well but I'm sure that sooner or later, if the captcha is in common use, that the spammers will work out a way to answer the bulk of questions it asks.

    I also hate to say it but its obvious from some work my brother did on his site that a lot of sign-ups aren't bots at all - they are people being paid to sign up. What he did was put up random pictures from a large selection which fall into a number of distinct categories and on the submission form you have to select the category that the picture falls in. All images are delivered with random file names so there is no link between file name and category.... he still gets a good number of spam postings.

  7. drmike
    Member
    Posted 15 years ago #

    The math captchas have been defeated as well. We had a discussion about them over at wp.com. I can dig for the link if needbe but am currently behind...

    You'd still have an issue with the images as well. if you're behind a broken proxy, you'll just see the same image over and over again. I have the issue when I'm over at CPCC, one of the schools that I use.

  8. mrball
    Member
    Posted 15 years ago #

    Has anyone shown like a picture of an apple and multiple choice answers like 1) orange 2) balloon 3) apple - kinda thing?

  9. lunabyte
    Member
    Posted 15 years ago #

    "Visual Captchas are user unfriendly - its very hard to sign up if you are visually impaired, and to be honest I've got perfect vision and I sometimes have problems trying to decipher the jumbled mess offered up as letters."

    Depending on the target audience, yes.

    "...he still gets a good number of spam postings."

    Nothing will stop a human. That's why I implemented a little thing with posts on my site(s). If the post id is less than a number I specify it does not ping external sites or get added to my site wide feed, and instead I get an email with the contents of the post.

    It isn't perfect, but if one of those bastards does sit there and sign up then at least "the world" isn't notified.

    Since implementation a couple months ago, it's been a nice work around. I can go in and delete the blog without any serious side effects, and still keep it out of the mainstream.

    I guess you might say that a downside is that legitimate users don't have external pings for a few posts, but if they are serious about using the service then it doesn't matter in the long run. If they are only trying it out and make a post or two, then it actually works out better in the long run.

    That being said, in what little time I've had for MU lately (been writing another open source project that's taken up a ton of time), I've come up with an alternative "math" type solution that I'm planning on putting together sometime soon. Granted it's only applicable to my corner of the audience, so it won't benefit any site other than mine, but it will still be an acceptable alternative.

    Since with comments the "captcha" is pretty much a back-up to SK2, it probably won't make much of a difference. But, it will be a "cool" little deal for my site. :D

  10. DarkPepe
    Member
    Posted 15 years ago #

    How do you add a JS Checkbox to the wp-signup script?

  11. oscarrovira
    Member
    Posted 15 years ago #

    After looking for some plugin or hack that would incorporate a captcha in wordpress mu and not finding any solution, I decided to program my own script captcha and some hacks for EterBlogs and make it available to those who would like to integrate it to their wordpress sites

    You can see the captcha working in:
    http://eterblogs.com/wp-signup.php

    You can Download the script, the hacks and get help in:
    http://eterblog.com/2007/11/21/trucos/wp-captcha-10-captcha-system-for-wordpress-mu/

  12. carnold
    Member
    Posted 14 years ago #

    @lunabyte-how do you make your signup form protected by bad behaviour and how do you get a JS checkbox on your signup form? I have search for "JS checkbox" and did not find anything in regards to how to do this.

  13. JuanManuel
    Member
    Posted 14 years ago #

    @Ovidiu how do you had Bad Behavior to the signup page?

  14. DailyTestimony
    Member
    Posted 14 years ago #

    One idea I had is I use SpamKarma2 for comment spam, why couldn't the same principals be used to monitor say the first 2 or 3 posts of every blog since splogs only contain 1 maybe 2 posts max. It won't stop them from registeing but it will stop their contnet fom going live.

  15. trcwest
    Member
    Posted 13 years ago #

    i have set up re capcha on my wp-signup form page and its working when i try but its still letting spammers make fake accounts

  16. SteveAtty
    Member
    Posted 13 years ago #

    MontySpam kills it pretty dead.

    If you have bbpress installed and integrated then dont forget to remove the register.php file from the bbpress folder!

  17. andrea_r
    Moderator
    Posted 13 years ago #

    Find a plugin that adds another field to the signup form. that also kills it.

  18. slambert1971
    Member
    Posted 13 years ago #

    I recently added the reCaptcha plugin:

    http://wordpress.org/extend/plugins/wp-recaptcha/

    to a 2.7 version of MU with only a few steps and it works great. I even asked two SPAMmers I know to try and create a couple splogs automatically and they could not do it. One of them created it manually and claimed it was automatic - but after showing him the logs on my server he rescinded his message of success. :)

  19. trcwest
    Member
    Posted 13 years ago #

    i even tried capcha and they got through that no problem they managed to skip my wp-config page and re write the page and by waps wp-config.php any thoughts??

  20. Rage00001
    Member
    Posted 13 years ago #

    I have the same problem on one of my test sites now…

    I’ve got over 50 automated registrations every day and are using WP-reCAPTCHA which don’t stop them at all.

    What can i do to stop this?

  21. andrea_r
    Moderator
    Posted 13 years ago #

    If you read the tons of threads her eon the issue, captcha doesn't work effectively at all.

    Adding another extra field on signup DOES though.
    Like this:
    http://premium.wpmudev.org/project/terms-of-service

  22. tdjcbe
    Member
    Posted 13 years ago #

    Also keep an eye on the ip address being used. We've noted that 80-90% of the splogs being created come from the same IP address. Heck, it even helps catch the ones that get by you.

  23. Rage00001
    Member
    Posted 13 years ago #

    What's the difference between the plugin which you have to buy at wpmudev.org and the code used in this topic?

    I have this terms-of-service code in wp-signup.php but those boots seems to ignore it...

    I just removed wp-recaptcha since it didn't do the job...

    Do i really have to buy this plugin to stop this?

  24. Rage00001
    Member
    Posted 13 years ago #

    any news on this guys??

    I have for the past two days received over 250 automated registrations and from what i can see, no information anywhere in how to stop it...

    I do have a working “Moderate New Blogs” plugin which stop these bastards from actually post anything since I manually have to activate their new blog.

    But since i have a working TOS on my wp-signup.php file i suppose there has to be another option...

    Could renaming the file help?

  25. andrea_r
    Moderator
    Posted 13 years ago #

    Yes, renaming the file helps a lot. There's about 4 calls to wp-signup within that file, so change them too.

  26. PerS
    Member
    Posted 13 years ago #

    Although not written for wpmu, this one is worth reading: http://www.smashingmagazine.com/2009/01/26/10-steps-to-protect-the-admin-area-in-wordpress/

    Step 1 in the article, is that hard to do for wpmu ?

  27. andrea_r
    Moderator
    Posted 13 years ago #

    Yeah, it is. People in here have been crying for it. If we ever take the time to figure it out, I'll let you know.

    haven't tried step 3 in MU, but it should be possible. The code is there.

    Step 5 will lock you out. :D Although it's a good idea to have a second admin account.

  28. Rage00001
    Member
    Posted 13 years ago #

    I think i actually have manage to stop this madness now...

    I have added some serous amount of code to wp-signup.php and i have not received any spam registrations since that change..

    I will post the solution here when I’m 100% sure that nothing gets through...

  29. Rage00001
    Member
    Posted 13 years ago #

    Crap..... I really don't understand how this is possible..

    What kind of security do we have to put into that file when it can register without seing the page...

    Look at this page and type inn password "adminpass".

    How is it possible that this automated spamming service still is possible to register new blogs??

    I tried to remove the file, which did help :P

  30. PerS
    Member
    Posted 13 years ago #

    Can't see recaptcha on your signup page. Any reason why you're not using it ?

    .. lykke til videre

About this Topic