The MU forums have moved to WordPress.org

Sploggers via Google - A Heads Up (15 posts)

  1. OutdoorsBlogger
    Member
    Posted 16 years ago #

    Couldn't find this covered on the forums so I wanted to give you guys a heads up. It appears that Sploggers are finding the WPMU sign up pages by this query:

    inurl:wp-signup.php +intext:"gimme a blog"

    Five visits directly from this query over the last 48 hours. I've changed the wp-signup.php to read "give me a blog" - we'll see how it works once the big G updates its cache of the page.

  2. donncha
    Key Master
    Posted 16 years ago #

    Nasty stuff, but good catch. Maybe there should be a robots.txt to block access to the signup page?

  3. mark-k
    Member
    Posted 16 years ago #

    Donncha, I don't think so. Spammers which use goggle are probably only part of the spamming culture. I'm sure that hardcore spammers operate their own search engine which ignore the robots files.

    Anyway I have the following observations about sploggers.
    1. I have added a checkbox to the signup form which everyone should check to indicate that he agrees with TOS. This small and user friendly change has prevented new splogs on my (very small) site.

    2. From my site stats, it seems like sploggers open a blog and several days later they publish content by using the xml-rpc interface. I wonder if requiring manual activation of posting via xml-rpc can stop the current generation of sploggers.

  4. donncha
    Key Master
    Posted 16 years ago #

    mark-k - I doubt they use a search engine that ignores robots.txt. If they did it would cause an uproar. The query above is a Google one.

    Differentiating your signup with the checkbox is a good idea however! I'm sure at least some spammers won't bother changing their scripts to add the new field!

    You could certainly make any post made via xmlrpc into a draft post but it might upset other users on your site?

  5. OutdoorsBlogger
    Member
    Posted 16 years ago #

    Mark, thanks for the idea. I probably need to do that anyways. I added the wpmudev sign up question and it's killed it for now, I'm sure they'll find a work around those (fill in word of choice here).

  6. mark-k
    Member
    Posted 16 years ago #

    Donncha, I will try to suggest a complete idea.

    In the options/writing admin panel there should be an option to activate posting via xmlrpc, similar in nature to the option to post via e-mail. If the option is unchecked WPMU rejects posts sent via xmlrpc, if it is checked they are being published. The default is unchecked.

    I'm sure that it is possible to write a plugin which does it, but unless there is something wrong with this suggestion it might be better if it is implemented at the core.

    (Actually I didn't understand your remark about draft post, but this never stopped me before ;) ).

  7. thierryyyyyyy
    Member
    Posted 16 years ago #

    I added a easy CAPTCHA, and sploggers continue, perhaps a little less.
    You are sure that your "simple checkbox" has changed something ?

    and my wpmu is in french, and I still have japaneese and english spams... not sure they come by google.
    But I have seen a blog listing lots of wpmu installs :( (it was in my dashboard, "link to your site" :
    http://wp free blogs.com/blog/2007/08/28/started/ (I don't want to give them a link ...wpfreeblogs is in one word)

  8. mark-k
    Member
    Posted 16 years ago #

    Nothing can stop manual splogger :(

    By analyzing the server logs I can see that there are much less blogs being opened then the number of time the signup page was accessed.

  9. andrea_r
    Moderator
    Posted 16 years ago #

    "Nothing can stop manual splogger :("

    Npthing? moderated signups, invite-only, or manual admin-only signups do. :)

  10. Bloggproffs
    Member
    Posted 16 years ago #

    check wich country the splog is comming from and bann all access from that country, unless its your own ofcource :D

  11. lunabyte
    Member
    Posted 16 years ago #

    While maybe you were half joking, I just did exactly that for a site. In fact, I limited registrations to a few choice locations only.

  12. theapparatus
    Member
    Posted 16 years ago #

    We had a discussion about this many months ago. They were searching for the error message "doesn't exist but you can create it now!" if I remember. May want to change that wording as well.

    Can't find the thread right off though.

  13. donncha
    Key Master
    Posted 16 years ago #

    *cough* http://trac.mu.wordpress.org/changeset/1068 *cough*

    This will help :)

  14. che1959
    Member
    Posted 16 years ago #

    Donncha is right, use the robots.txt to block access to the signup page and the search engines won't find it.

    I've been using the raven anti-spam plugin for comments and it works perfectly against spam. I haven't had a single bot generated spam comment in more than a year. It runs a check to see if users are using javascript when they make a comment. If they aren't, they get a captcha.

    The same could really cut down on splog registrations too I'll bet.

  15. lunabyte
    Member
    Posted 16 years ago #

    I've just completely removed wp-signup and wp-activate. Problem solved.

    Oh, folks can still register, but nowhere near either of those files.

About this Topic

  • Started 16 years ago by OutdoorsBlogger
  • Latest reply from lunabyte