spam user being created even after renaming wp-signup , how?

That list is probably very out of date. Usually most hosts will (finally) shut down boxes after enough complaints. I know we have a similar thread over my way where we trade IP addresses and will usually send off a complaint after noticing a pattern. (And if they don't there's always a block at the routers.)

As noted in that thread, I'd just ban via denys (however you spell it) in your htaccess file.

As to your spam user. it's either someone doing it manually or someone who's found your page either via Google or did it manually.

I did note that the wp-signup.php page now displays a 'noindex,nofollow' meta line. Hopefully that'll help a bit.

I usually suggest to our clients that they go in and change the wording of their wp-signup.php page every so often. It's been noted that the signup page can be found quite easily via a simple google for the text on that page.

I may have a 'possible' solution to the splog problem.
For the past number of months I have been running vbulletin with wordpress via a bridge setup. Basically vbulletin handles the registration and sessions etc for wordpress.

Within vbulletin I am able to setup additional 'security' questions, recaptcha etc. I also changed all the wording on the page so it does not show up for the 'bots' to attack.

By using this route I have only had a total of 2 spam users throughout the past number of months. And even those 2 were caught by other vbulletin measures when it looked at their posts and determined that they were spam links.

Now I don't expect anyone else to run out and install vbulletin with a bridge to solve this issue. BUT, it may open people's eyes for writing custom login scripts for wordpress. At the very least the bots won't recognize your login script and will pass you by. Of course this would have to be custom per site, otherwise the bots will simply adapt to a new login plugin etc.

@johnnytee - have you turned off registrations in the site admin options?

We were able to eliminate splogs by creating a custom moderated signup process and have not had a splog in about 2 years. Not everyone agrees with that method, but it's effective and it takes less time than cleaning up splogs.

... "I have a TOS where they have to click agree" ...

Which ends up as a posted value. In general, a bot can scan a page and circumvent those, and most other values which appear in a page.

One way to accomplish something, which helps a LOT, is to create a form element... but with javascript.

In a nutshell, you would have a function in the header (or through an included js file). This function contains say, 6 or 8 variables. Each variable making up a piece of the resulting HTML for the form field. As the last step of that function, you piece together the variables in a document write.

Finally, where you want that field to appear in your document, you call your script function instead.

End result is that the bot won't pick it up, as it's not in the outputted source of the document.

You can put a little creative juice into it, and call a php file with the script tag in the header and do some other things with it, or whatever.

Now, you're also going to have to make sure you are validating the new js field value on the backend as well, and setting an error condition if it fails.

Another option is if you have a site that isn't targeted to a global audience. If not, and only desire registrations from a certain country or countries, then you can also block IP's which are not from the desired country/countries.

Everything posts through the wp-signup.php page, so you could call a function within that page to validate the country, and if it's not what you want, unset $_POST variables, and display an error message. Not too descriptive, as you don't want them to then start using an open proxy in a place you're not blocking, but it could be something as simple as, "We're sorry, but we are not currently accepting new registrations."

I've used a combination of the above (and a few other things) on several sites. Splogs: 0;

I'm getting screwed on splogs! I just created a site, and have ntoo even got my first real user yet. We are not even close to promoting it yet. For some reason though, I get doxens of splogs per day. I usually wind up deleting them 10, 20 or 30 at a time every day.

They are all coming from a user that creates somerandomname1957 or 1972 etc @myspacee.info - or at some other crap domain.

I have tried to do a lot to obfuscate the process. Included an image captcha on the signup form, and used wp-hashcach no luck.

Help please.

I've gotten two over a month fitting that desc. After the first, I installed si captcha and maybe 24 hours later got the second. that was maybe 2 weeks ago. They were both the same name setup. one was @host-my-site.info , the other was @websouthafrica.info.

So lets hear it guys, which captcha plugin/mod is your pick?

@aaron; yah but then what are you gonna do when its launched?

@Aaron, which reCaptcha do you use?

Apologies, I should've done a little more digging in threads before asking that!

Got it.

I guess for some reason they don't like my site. I don't think they can get past a reCaptcha by automated means, but have to use there army of slaves in China and what not.

Splogs reduced significantly after I did the ,.htaccess tricks for both wp-signup and /register (using bp social theme) AND i added limit signup by country using geoip as well as moderated blog approval (duh!). Whatever captcha didnt help much before.

@ron_r (aka Mr. Andrea)

We were able to eliminate splogs by creating a custom moderated signup process and have not had a splog in about 2 years.

I would KISS you :) if you could shed some light on this. I would LOVE to do a custom sign up process frankly.