Spammy Users

For splogs that I "Mark as Spam" what should I do about the associated users? I have basically done nothing with them so far, but I wonder if just having those accounts around doesn't present some sort of security issue.

What do you do with the spammy user accounts?

  • drmike

    Castration is cool. I have an evil dark side as well since I came up in the hacking/cracking crowd way back when so I know some spammers who need email addresses and profiles and the like.

    I mark the users as spam as well. I could have sworn that users got marked as so but I remember some discussion on that. The user's other blogs won't be marked though as those blogs may be used by others who aren't spammers.

    I dig out the IP address that was used to create the account out of the (oh heck what is it?) wp_registrationlog table I think it's called. You can search via IP address on the Site Admin -> Blogs and Users to see who else comes up if you want to go ahead and block them ahead of causing any trouble. May want to double check the address though before doing so as you may be blocking a proxy like AOL.

    And if it;s a very popular IP address that's only popular with spammers, it gets dropped into the htaccess file as a block. There should be a couple threads of them on the mu forums and I could have sworn we had one here on the members side.

    Hope this helps,
    -drmike

  • Christopher Price

    Though this whole splog thing is annoying, it is also very interesting.

    I disabled bbpress signups with simon wheatley's handy plugin I found here:
    http://bbpress.org/forums/topic/howto-disable-registration

    At the moment that link isn't working, and his website referenced in the code doesn't have it, so here it is so you can roll your own:
    <?php
    /*
    Plugin Name: Disable Registrations
    Description: This plugin disables access to registration.php and blocks any registrations.
    Plugin URI: http://simonwheatley.co.uk/bbpress/disable-registrations
    Author: Simon Wheatley
    Author URI: http://simonwheatley.co.uk/
    Version: 0.1
    */

    // Fires every time bbPress inits, a bit ick but it's super quick string ops
    // (which is what PHP is good at).
    function da_disable_registrations()
    {
    // Shame there isn't a hook to grab before the new user is registered on register.php
    // In the absence of that, we will check whether we're on register.php
    if ( ! da_str_ends_with( strtolower( $_SERVER[ 'PHP_SELF' ] ), 'register.php' ) ) return;
    // We are on register.php? Stop executing (with a message).
    bb_die( "Registration is not allowed on this website. Please contact the site administrators." );
    exit; // Never reached, unless bb_die fails for some freaky reason
    }

    // Checks whether string a ends with string b
    function da_str_ends_with(& $str, $end)
    {
    return ( substr( $str, - strlen( $end ), strlen( $end ) ) == $end );
    }

    add_action( 'bb_init', 'da_disable_registrations' );

    ?>

    Still, some splog registrations are getting through. The odd thing is that the users don't have any of the BuddyPress fields that I require on wp-signup.

    So how are they getting through without populating those fields?

  • Qlof

    I don't remove the spam blogs. I mark the users as spam. This will also mark their blog as spam, while marking the blog as spam will NOT mark the user as a spam-user.

    It's especially annoying as alot of splogs delete their first post. I then search for the blog, copy the username, search user and mark as spam.

    It would be great if the users were also included when you mark a blog as spam, just like the blog is included when u mark the user...