The MU forums have moved to WordPress.org

Spam Sign Ups (10 posts)

  1. paulnewham
    Member
    Posted 16 years ago #

    I installed WPMU on a domain that has no content and is not used. It was just a test. I went to have dinner; and on my return there were loads of Registrations of new Users and Blogs from the same email address.

    To be honest; I found it a little frightening. Had I gone to bed I imagine there would have been hundreds or thousands by morning.

    Has anyone else experienced this and if so, is there a way of preventing it other than manually approving each User Registration?

    Many thanks.

  2. paulnewham
    Member
    Posted 16 years ago #

    Please accept apologies. I should have searched first. I need to install CAPTCHA.

  3. hhuskies
    Member
    Posted 16 years ago #

    I am using a sign up question plugin that really works well for me too. Check it out at wpmudev.

    http://wpmudevorg.wordpress.com/project/Signup-Security-Question

  4. Cruz
    Member
    Posted 16 years ago #

    My site had roughly 3,000 spam sign ups. I recently upgraded to 1.3.3 version. 3 days after the installation, I'm already getting 20 new spam accounts. (The signup page link is not even shown on the index page as I am still re-configuring the site.)

    This happened with:
    1. Captcha enabled
    2. e-mail activation required

    How did the spammers get by the sign up process? (It is possible that they are not doing this manually.) These spammers appear to be posting without logging in.

    How are you stopping this?
    Appreciate your advice!

  5. tdjcbe
    Member
    Posted 16 years ago #

    Spammers can read captcha's.

    You may want to review the blog registration table within your database and see if you see patterns within the spammers and from what IP addresses they are creating their blogs. We've noted that half of our spammers usually come from the same series of IP addresses. (ie Russian and Asian rogue ISPs, ev1/theplanet, etc.) Blocking those blogs gave us some freedom from them. (Until they got smart and moved their scripts of course)

    Some folks have also changed the filename of wp-signup.php. I've not tried this so I can't give any feedback. (I note that since you mention that you're not linking to it.)

  6. andrea_r
    Moderator
    Posted 16 years ago #

    Renaming the signup page and the calls to it works pretty darn well. And I mean from dozens a day down to single digits.

  7. hhuskies
    Member
    Posted 16 years ago #

    andrea_r how intensive is it to rename the calls to the signup pages?

  8. andrea_r
    Moderator
    Posted 16 years ago #

    Not very. I think there's 2-4 edits in wp-signup.php itself and also changing whatever links you have on the site pointing to it.

  9. lunabyte
    Member
    Posted 16 years ago #

    tdjcbe said: "Spammers can read captcha's."

    More like....

    Some spammers have bots that can read some captcha's.

    Most are too lazy, but not all.

  10. Cruz
    Member
    Posted 16 years ago #

    I'll modify the signup page right away.
    Thank you for the advice!

About this Topic