Heh, I came to make the same post. On one site that isn’t complete yet, I had 37 sign ups yesterday. All but one from hotmail. On three other sites that are done, I had a dozen in the same vein.
The incomplete site has no spam-stop plugins installed yet as I didn’t know which to use. The others have Captcha-style plugins or other plugins.
They can’t post until approved so it isn’t a posting problem. I label as Spam Bot with no permissions. This way they can’t register again. Someone explained to me about 12 years ago, when I began using WP that it puts less strain on my server to do it this way rather than a ban via .htaccess.
12 more from hotmail since I posted
Thread Starter
Mugsy
(@mugsy)
Hey Sick,
It appears my one or two fake registrations per day… while annoying… seems to suggest I have the problem slightly more under control. Here is what I’m doing:
I have two separate Captcha plug-ins: the ubiquitous “WP-reCAPTCHA” and a separate basic math plug-in simply called “Captcha” from BestWebSoft (free). But the trick is NOT to use “digits” with the math captcha. Check the box to only use “words” (eg: “six + ___ = eight”). Most bots defeat numeric captcha’s easily.
I have the tougher (and more annoying) “reCaptcha” set to only display on the Registration page, while the easier math “Captcha” only appears for unregistered visitors posting comments.
This results in almost no spam posts (very rare) and, as I noted, about two fake registrations per day.
I also use a plug-in called “IP Blacklist Cloud” that proactively blocks known Spammers from accessing the site in the first place.
Clearly my solution isn’t perfect, but sounds like it would be a great improvement over what you’re enduring now.
Mine can’t post as I don’t approve them. But I use a capthcha on posts only. Your math capthcha sounds wondearful. If I get it, which file do I edit on registration so they can’t even register?
I have an IP ban script but I only use it for those who post via reply,which I delete without approval . First I ban email until they try to post with a new one, I ban via C class. I try to not set B a it can keep out a lot of legit folks. I compare IPs manually but soon will have a script to do it.
Since 5:00 pm I’ve had just two registrants so it must be late in whatever country they spam from. But their script finding open ports on connections is surely running.
Thread Starter
Mugsy
(@mugsy)
I’m not sure I understand “can’t post” but “use captcha’s on posts”.
But no matter, the math “Captcha” plugin is downloadable from the WordPress Plugins page and easily configurable from the settings.
They can’t post as I have to approve a registration before they can post Once approved, captcha is set for their first two posts. This way if someone slips by me, they can’t spam I check their posts very carefully. If in doubt, I email and ask them to respond by typing out a sentence. So far not a single response has come back. I also set up a forum for spam bots. Hidden from viewing, they can spam all they want. π
IF a legit user is relegated to posting there, they can email me.
Users
All (64) | Administrator (1) | Subscriber (63)
All hotmail but one .pl and one cheapEDITEDhostings.com (edited as they don’t need publicity). On another blog they are almost xlxe.pl.
I have a couple they haven’t found though I’ve had 7k hits this month on one with NO ads or links out there yet. I swear there is a spammers forum out there where they trade blog names. They run scripts to grab name of new registered domains to attack.
Thread Starter
Mugsy
(@mugsy)
There are plenty of plugins that allow you to block registrations from particular domains. I personally ban any email address ending in “.pl”, “.ru”, “.ck” (and a few more I forget.) And I have about four or five active plugins just for blocking Spam/Spammers.
I think it is safe to assume no “legitimate” users from those countries are trying to comment on my blog.
But my User numbers are also likely slightly inflated due to the flood of fake Registrations these past few months. I go through and delete the obvious ones (eg: “Chanel Bags”), but it’s like sweeping back the tide. Very annoying.
Only 2 are not Hotmail. I banned them but I can’t ban a major host like Hotmail.
I’m looking for a script tells me a user’s IP. I had such a script but …
Thanks. That logs the IP so it’s exactly what I need.plus it does more. I have a script that limits login attempted snd I can ban their IP.
Thread Starter
Mugsy
(@mugsy)
Squirrel, try the “IP Blacklist” plugin. That’s what I use.
Where do you get their IP?
Thread Starter
Mugsy
(@mugsy)
If you use the “IP Blacklist” plugin, it automatically records the IP address of the user and adds it to a group list on their server. It also checks the IP Address of registrants against their list and bans those who match.
Hm, can I ban or is it just their list they compare to?