How I stopped Splogs and spam - and a suggestion for the WPMU DEV folks...
WPMU DEV Community
How I stopped Splogs and spam - and a suggestion for the WPMU DEV folks...
Elite
578 pointsLike some sort of WPMU DEV God"Exceptionally helpful
Saunt Valerian
Member
—
30th April 2011 16:57
I'm running a WPMU/BP site, I opened it up in February of this year and have been struggling with spam and splog registrations ever since. This week, I brought all of it - and I mean all of it - to screeching halt. There are no more spam comments and handled on the member blogs, and the splog registrations have finally stopped.
I did a number of things to make this happen. Here is my secret:
Change the wording on the default BP registration page.
Default BP has the phrase "Yes, I'd like to register a new blog" on the registration page. I discovered that sploggers were searching that phrase out in Google to find BP/WPMU based websites. To fix this, I went into my theme's register.php file and edited that phrase an others on my registration page to something matching my niche. Then I ensured for the next 2 weeks, that Google was crawling my registration page. Keyword searches for that phrase have vanished.
Network Install/Activate the Typepad Anti-Spam plugin.
This is the free alternative to the Askimet plugin. It cannot be network activated, so it must installed in your mu-plugins folder. http://wordpress.org/extend/plugins/typepad-antispam/
Use the Block Spam by Math Reloaded plugin.
I also use WPMU DEV's anti-splog plugin, which has some anti-robot features. For me, however, I found the BSBMR plugin was easier to style and handle for my theme. YMMV. http://wordpress.org/extend/plugins/block-spam-by-math-reloaded/
Use BuddyDevs One Click Mark Spammer plugin:
This one is not so essential anymore. When I was getting a lot of splog registrations, it allowed me to mark the spammers from the BP member directory on the front end. This was far faster and convenient than going to each front-end profile or into the dashboard. http://buddydev.com/plugins/one-click-mark-spammer-for-buddypress/
Use WPMU DEV's Anti-Splog plugin;
It's now available in the WP plugin repository, though you still need an account here to take advantage of the API. It is good, and well-featured (but I'll be offering my feature requests at the bottom of this post). It was catching about 75% of the spam blog registrations and marking them as spam. This was good and helpful, because I was getting about 20 of them a day. But I have read reports on these forums of popular sites getting up to 200 splog registrations a day. Those that Anti-Splog didn't pick up, I had to mark manually. http://wordpress.org/extend/plugins/anti-splog/
Use the Stop Spammer Registrations Plugin
This is the tour-de-force of the anti-spam war. It combines a trifecta of three powerful databases to blog spam registrations and comments based on the IP. It bounces the IPs off of StopForumSpam.com; Project Honeypot; and BotScout. Botscout and Honeypot both require an API key for it to work (though setup for these only took me a few minutes). This was the plugin that has saved me all the anti-spam daily maintenance work I was doing. I imagine that it would work very, very well on its own, but I haven't tested it yet. http://wordpress.org/extend/plugins/stop-spammer-registrations-plugin/
Recommendations for WPMU DEV:
IP blocking seems to be the key to good anti-spam warfare. The databases in Honeypot, Botscout, and Stop Forum Spam are free to use (I think) for developers. Including them into the Anti-Splog plugin would dramatically ramp up its power. While I know that WPMU guys probably want their plugin to be entirely proprietary it is best not to always re-invent the wheel. There is technology out there that works really well and having one plugin (instead of 4-5) as the anti-spam defense is preferable and a better operating practice. Since I installed the Stop Spammers plugin, spam on my network has completely stopped - including its feature set into the Anti-Splog plugin would be a good strategy. IP blocking by checking against the other established databases seems to be the one layer that is missing from the WPMU DEV plugin.
I'm running a WPMU/BP site, I opened it up in February of this year and have been struggling with spam and splog registrations ever since. This week, I brought all of it - and I mean all of it - to screeching halt. There are no more spam comments and handled on the member blogs, and the splog registrations have finally stopped.
I did a number of things to make this happen. Here is my secret:
Change the wording on the default BP registration page.
Default BP has the phrase "Yes, I'd like to register a new blog" on the registration page. I discovered that sploggers were searching that phrase out in Google to find BP/WPMU based websites. To fix this, I went into my theme's register.php file and edited that phrase an others on my registration page to something matching my niche. Then I ensured for the next 2 weeks, that Google was crawling my registration page. Keyword searches for that phrase have vanished.
Network Install/Activate the Typepad Anti-Spam plugin.
This is the free alternative to the Askimet plugin. It cannot be network activated, so it must installed in your mu-plugins folder. http://wordpress.org/extend/plugins/typepad-antispam/
Use the Block Spam by Math Reloaded plugin.
I also use WPMU DEV's anti-splog plugin, which has some anti-robot features. For me, however, I found the BSBMR plugin was easier to style and handle for my theme. YMMV. http://wordpress.org/extend/plugins/block-spam-by-math-reloaded/
Use BuddyDevs One Click Mark Spammer plugin:
This one is not so essential anymore. When I was getting a lot of splog registrations, it allowed me to mark the spammers from the BP member directory on the front end. This was far faster and convenient than going to each front-end profile or into the dashboard. http://buddydev.com/plugins/one-click-mark-spammer-for-buddypress/
Use WPMU DEV's Anti-Splog plugin;
It's now available in the WP plugin repository, though you still need an account here to take advantage of the API. It is good, and well-featured (but I'll be offering my feature requests at the bottom of this post). It was catching about 75% of the spam blog registrations and marking them as spam. This was good and helpful, because I was getting about 20 of them a day. But I have read reports on these forums of popular sites getting up to 200 splog registrations a day. Those that Anti-Splog didn't pick up, I had to mark manually. http://wordpress.org/extend/plugins/anti-splog/
Use the Stop Spammer Registrations Plugin
This is the tour-de-force of the anti-spam war. It combines a trifecta of three powerful databases to blog spam registrations and comments based on the IP. It bounces the IPs off of StopForumSpam.com; Project Honeypot; and BotScout. Botscout and Honeypot both require an API key for it to work (though setup for these only took me a few minutes). This was the plugin that has saved me all the anti-spam daily maintenance work I was doing. I imagine that it would work very, very well on its own, but I haven't tested it yet. http://wordpress.org/extend/plugins/stop-spammer-registrations-plugin/
Recommendations for WPMU DEV:
IP blocking seems to be the key to good anti-spam warfare. The databases in Honeypot, Botscout, and Stop Forum Spam are free to use (I think) for developers. Including them into the Anti-Splog plugin would dramatically ramp up its power. While I know that WPMU guys probably want their plugin to be entirely proprietary it is best not to always re-invent the wheel. There is technology out there that works really well and having one plugin (instead of 4-5) as the anti-spam defense is preferable and a better operating practice. Since I installed the Stop Spammers plugin, spam on my network has completely stopped - including its feature set into the Anti-Splog plugin would be a good strategy. IP blocking by checking against the other established databases seems to be the one layer that is missing from the WPMU DEV plugin.
Super post! Sending some rep points your way for typing this up. I'm a big fan of the typepad anti-spam plugin, and of course our antisplog plugin as well :)
Also, adding this thread to my 'favorites' so I can point folks back here later :D
besides that, I just wrote an article about how I combat spam but its in Romanian, so if you dare read a machine translation check it out here:translated wit hgoogle translate
just to add some more ideas to this thread I'll add what I do differently:
- I start at .htaccess level, block those without referrer string and no user agent, fake trackbackers too
- use Bad Behavior - blocks additional bots
- I don't use captchas or math checks or anything that involves user interaction and it works great so far
- if you are a project honeypot user, you can set up a honeypot and add its link into the message that BB displays to bots :-)
###edit###
anyone ever tried to download and run the typepad antispam server? I know its available but haven't found a real good tutorial for running it...
Very valuable information. Thanks! My biggest challenge is stopping spammers from creating fake accounts. Some of my sites are multi-sites but some aren't so I can't use anti-splog. I'm happy to have found these other tools here that I can use to block spammers.
I've used typepad antispam sitewide and it worked really well. Extremely well. But once upon a time when it was not compatible with a WPMU version I changed to akismet. Serial keys can be hard coaded into both plugins.
Responses (9)
Lifetime member! — 30th April 2011 17:33 #
Great suggestions, thanks!
We also love TypePad AntiSpam. I'm sure you know that you can make it work sitewide by hard-coding the API key in the plugin.
There is a modded version of the TypePad plugin here:
http://premium.wpmudev.org/forums/topic/modded-akismet-plugin-for-typepad-anti-spam
That version hides the admin menus which don't work or provide valuable information anyway.
Sales & Support Lead — 30th April 2011 23:19 #
w00t!
Super post! Sending some rep points your way for typing this up. I'm a big fan of the typepad anti-spam plugin, and of course our antisplog plugin as well :)
Also, adding this thread to my 'favorites' so I can point folks back here later :D
Thanks again!
Member — 14th May 2011 22:29 #
cool. I mentioned the stop forum spam already but nobody seemed interested: http://premium.wpmudev.org/forums/topic/new-anti-spam-plugin
and some more interesting tools here: http://premium.wpmudev.org/forums/topic/want-to-share-some-tools-to-manage-usersblogs-and-spam
besides that, I just wrote an article about how I combat spam but its in Romanian, so if you dare read a machine translation check it out here:translated wit hgoogle translate
just to add some more ideas to this thread I'll add what I do differently:
- I start at .htaccess level, block those without referrer string and no user agent, fake trackbackers too
- use Bad Behavior - blocks additional bots
- I don't use captchas or math checks or anything that involves user interaction and it works great so far
- if you are a project honeypot user, you can set up a honeypot and add its link into the message that BB displays to bots :-)
###edit###
anyone ever tried to download and run the typepad antispam server? I know its available but haven't found a real good tutorial for running it...
Founder & CEO — 16th May 2011 00:39 #
Yeh, great post, think I was on holiday or something and missed it!
We're always tweaking / improving anti splog, maybe it'll have an anti comment spam nephew down the line,who knows ;)
Member — 18th July 2011 07:49 #
Yeah im trying to not interrupt the user with math and captcha.
Have you got a nginx config lying around for these htaccess rules?
Cheers,
Johnny
Member — 25th July 2011 08:41 #
Please see http://premium.wpmudev.org/forums/topic/anti-splog-wp-hashcash-and-wptouch-compatibility
Lifetime Member — 22nd August 2011 06:54 #
Thanks for this, there's a lot of great stuff there!
Member — 10th January 2012 23:19 #
Very valuable information. Thanks! My biggest challenge is stopping spammers from creating fake accounts. Some of my sites are multi-sites but some aren't so I can't use anti-splog. I'm happy to have found these other tools here that I can use to block spammers.
Member — 11th January 2012 14:14 #
I use custom questions in the anti-spam plugin, and change them regularly. It stops most of the spambots.
Did anyone every try this plugin: http://wordpress.org/extend/plugins/stop-spammer-registrations-plugin/ It seems interesting.
I've used typepad antispam sitewide and it worked really well. Extremely well. But once upon a time when it was not compatible with a WPMU version I changed to akismet. Serial keys can be hard coaded into both plugins.
Become a member