spam user being created even after renaming wp-signup , how?
how are spam users still being created? I renamed wp-signup.php
Also can I enter IPs in the banned domains.
I want to use this list http://mu.wordpress.org/forums/topic.php?id=817
Help & Support from WPMU Dev members and staff
That list is probably very out of date. Usually most hosts will (finally) shut down boxes after enough complaints. I know we have a similar thread over my way where we trade IP addresses and will usually send off a complaint after noticing a pattern. (And if they don't there's always a block at the routers.)
As noted in that thread, I'd just ban via denys (however you spell it) in your htaccess file.
As to your spam user. it's either someone doing it manually or someone who's found your page either via Google or did it manually.
I did note that the wp-signup.php page now displays a 'noindex,nofollow' meta line. Hopefully that'll help a bit.
I usually suggest to our clients that they go in and change the wording of their wp-signup.php page every so often. It's been noted that the signup page can be found quite easily via a simple google for the text on that page.
Just to mention in passing, you;re never going to get rid of splogs. To be honest, I tell my clients to brag every so often how many splogs that they shut down. In fact we have code that counts and outputs the number of blogs marked splogs. Some in fact even have it on their front page of their sites.
I may have a 'possible' solution to the splog problem.
For the past number of months I have been running vbulletin with wordpress via a bridge setup. Basically vbulletin handles the registration and sessions etc for wordpress.
Within vbulletin I am able to setup additional 'security' questions, recaptcha etc. I also changed all the wording on the page so it does not show up for the 'bots' to attack.
By using this route I have only had a total of 2 spam users throughout the past number of months. And even those 2 were caught by other vbulletin measures when it looked at their posts and determined that they were spam links.
Now I don't expect anyone else to run out and install vbulletin with a bridge to solve this issue. BUT, it may open people's eyes for writing custom login scripts for wordpress. At the very least the bots won't recognize your login script and will pass you by. Of course this would have to be custom per site, otherwise the bots will simply adapt to a new login plugin etc.
Rewording the signup page seems to be a very big help. I have a couple of installs where that's done nearly every week and splogs are pretty much non existent on them. Of course we also keep track of IP addresses and block on sight when possible.
Have to admit that I'm half tempted to submit a ticket to make that text editable from the Site Admin pages although I know it'll be sent over to the regular wp trac and we all know how well that'll go over.
edit: Do remember though that if you rename the signup page, the link is present elsewhere and has to be changed. Some themes have it. The simple forums plugin has it. (Actually it has an incorrect link for wpmu if I recall.)
@johnnytee - have you turned off registrations in the site admin options?
We were able to eliminate splogs by creating a custom moderated signup process and have not had a splog in about 2 years. Not everyone agrees with that method, but it's effective and it takes less time than cleaning up splogs.
@drmike thanks for all the help and suggestions, I'm just trying to figure how to accomplish what they are doing. I think if I could figure out how they are being registered I could come up with a solution. Any ideas o how to recreate? They create a user and I'm not notified? Is this a possible security hole? No blogs are being created just users.
@ron_r I do have registrations open. I want to try and keep it that way if possible, I have a TOS where they have to click agree , so I'm not sure it's automatted or a person doing it. Like I said I don't get an email. I'm about to start digging through code to see if I can find out how it's being done.
... "I have a TOS where they have to click agree" ...
Which ends up as a posted value. In general, a bot can scan a page and circumvent those, and most other values which appear in a page.
One way to accomplish something, which helps a LOT, is to create a form element... but with javascript.
In a nutshell, you would have a function in the header (or through an included js file). This function contains say, 6 or 8 variables. Each variable making up a piece of the resulting HTML for the form field. As the last step of that function, you piece together the variables in a document write.
Finally, where you want that field to appear in your document, you call your script function instead.
End result is that the bot won't pick it up, as it's not in the outputted source of the document.
You can put a little creative juice into it, and call a php file with the script tag in the header and do some other things with it, or whatever.
Now, you're also going to have to make sure you are validating the new js field value on the backend as well, and setting an error condition if it fails.
Another option is if you have a site that isn't targeted to a global audience. If not, and only desire registrations from a certain country or countries, then you can also block IP's which are not from the desired country/countries.
Everything posts through the wp-signup.php page, so you could call a function within that page to validate the country, and if it's not what you want, unset $_POST variables, and display an error message. Not too descriptive, as you don't want them to then start using an open proxy in a place you're not blocking, but it could be something as simple as, "We're sorry, but we are not currently accepting new registrations."
I've used a combination of the above (and a few other things) on several sites. Splogs: 0;
@luke thanks I plan on validating countries, I just found the issue. I have bbpress integrated, and the spam users were coming through bbpress registration.php. I only will have users that can user bbpress if the are a wpmu subscriber, therefore i can delete registration.php on the bbpress side.
I have not had any splog created yet, so I think I'm good to go for the time being.
I'm getting screwed on splogs! I just created a site, and have ntoo even got my first real user yet. We are not even close to promoting it yet. For some reason though, I get doxens of splogs per day. I usually wind up deleting them 10, 20 or 30 at a time every day.
They are all coming from a user that creates somerandomname1957 or 1972 etc @myspacee.info - or at some other crap domain.
I have tried to do a lot to obfuscate the process. Included an image captcha on the signup form, and used wp-hashcach no luck.
Help please.
Are they all coming from different IPs are a certain set of IPs?
Thanks,
Andrew
I've gotten two over a month fitting that desc. After the first, I installed si captcha and maybe 24 hours later got the second. that was maybe 2 weeks ago. They were both the same name setup. one was @host-my-site.info , the other was @websouthafrica.info.
So lets hear it guys, which captcha plugin/mod is your pick?
If it's not launched yet you could disable registrations.
@aaron; yah but then what are you gonna do when its launched?
I use a reCaptcha and moderate new blogs. Never had a splog get past the reCaptcha though in over a year.
@Aaron, which reCaptcha do you use?
Now that I read that again, you mean that you reCapcha somewhere past the signup as well or before account activation or somewhere?
Apologies, I should've done a little more digging in threads before asking that!
Got it.
Splogs actually got past recaptcha when I was using it. They're not getting past the super captcha plugin though. But whatever works, works.
I guess for some reason they don't like my site. I don't think they can get past a reCaptcha by automated means, but have to use there army of slaves in China and what not.
http://www.dralegal.org/cases/private_business/nfb_v_target.php
Friendly reminder that most Captchas also shut out those on ISPs with broken proxies. Like many Comcast users and the entire city state of Singapore. Oh, and me here in the library.
Splogs reduced significantly after I did the ,.htaccess tricks for both wp-signup and /register (using bp social theme) AND i added limit signup by country using geoip as well as moderated blog approval (duh!). Whatever captcha didnt help much before.
One new thing we've done is added a list of ip address matches to the emailed notice the site admins get when a new blog is created. That's a quick and easy way to tell if you've got a bot creating accounts.
If there's no matches listed, chances are it's a real person creating that account. If there's five blogs listed, (we max the list out at five) chances are it;s a bot.
We also include the rDNS for that IP address and the timestamps when those blogs were created.
@ron_r (aka Mr. Andrea)
We were able to eliminate splogs by creating a custom moderated signup process and have not had a splog in about 2 years.
I would KISS you :) if you could shed some light on this. I would LOVE to do a custom sign up process frankly.
There's this:
http://mattkern.com/wpmu-manually-approve-new-members-on-local-install/
Some discussion here as well: