The MU forums have moved to WordPress.org

A lot of unwanted spam signups (12 posts)

  1. boindk
    Member
    Posted 16 years ago #

    Hi

    Can anyone tell me how it is possible to signup up when our blog is protected with a captcha validation. Tha validation is done in such a way that only danish people will understand and know how to answer the questions given (also in danish).

    Is there somekind of a "backdoor" I know nothing about where you can cheat with the signup process?

    Our blog is currently not linked to from any page so it should not be accesible unless you know the domain name but even so it has nearly 300 unwanted signups with porn etc.

    What to do?

  2. Bill008
    Member
    Posted 16 years ago #

    Renaming wp-signup.php to what ever you like.php knocked out 99.99 %

    Adding a security question took care of the rest!

    Take this code and Name it signup_question.php

    or what ever and put it in your mu-plugins folder

    no problems yet have 14 blogs so far on it all seem ok before doing this 100 + a day

    Download Signup Question

    http://wpmudevorg.wordpress.com/project/Signup-Security-Question

    go to admin back end and click on site admin it should be one of the choices

    http://freeblog.co.nz

    Bill007

  3. Bill008
    Member
    Posted 16 years ago #

    *Edit: If you want to rename your signup page just run a search and replace for wp-signup in it and it works all fine

  4. donncha
    Key Master
    Posted 16 years ago #

    Try wp-hashcash too. Should stop the script kiddies.

    http://ocaoimh.ie/2008/07/10/anti-spam-blog-plugin-for-wordpress-mu/

  5. boindk
    Member
    Posted 16 years ago #

    Thanks for all your replies.

    However all answers deal with what you can do extra to prevent the spamming signup.

    I'm still interested in knowing how it is possible to sign-up when there is a captcha validation and what appears in an automated manner? There must be a "backdoor" of somekind and I'm really interested in knowing where... please help with this one.

  6. andrea_r
    Moderator
    Posted 16 years ago #

    If captcha is the only validation check you have - well, it's been proven quite a few times that scripts can get around it.

  7. billdennis5
    Member
    Posted 15 years ago #

    andrea_r: You once sent me some detailed instructions on how to change the name of a signup page. That would come in handy now.

  8. andrea_r
    Moderator
    Posted 15 years ago #

    Rename the file, look inside for the calls to wp-signup and change them to your new name. I think there's 4.

    Also check BO for any signup stuff it does and see if it calls wp-sing as well, because it will have ot be changed.

    So... all the extra fields in BP aren't stopping splogs?

    (oh, she says, probably not because the sploggers have probably written their bots to check....)

  9. tdjcbe
    Member
    Posted 15 years ago #

    We suggest to our users that they monitor the IP addresses signing up these splogs as many of them come from just a few specific addresses over and over again.

    There used to be a thread here where we were sharing those addresses here as well.

  10. andrea_r
    Moderator
    Posted 15 years ago #

    But you have to let them in first. Sure that works if you already have some that got in, but not if you want to stop them before they show up.

  11. TTjip
    Member
    Posted 15 years ago #

  12. TTjip
    Member
    Posted 15 years ago #

    Just installed, tryingn it now.

About this Topic