WordPress.org

Ready to get started?Download WordPress

Forums

Multisite registration spam (29 posts)

  1. sturvey
    Member
    Posted 2 years ago #

    Hi,

    I've installed the Cookies for Comments (inc the htaccess code) and Bad Behaviour plugins but they aren't stopping spam registrations. I haven't done any configuration of these plugins as it seems you'd have to do them on a blog by blog basis, but apparently they don't need configuring for most users anyway.

    Any advice on why they aren't being effective and/or other plugins to try? I'd rather not have to admin approve registrations if possible.

    Thanks.

  2. Ed
    Member
    Posted 2 years ago #

    Is Akismet not effective for you?

  3. sturvey
    Member
    Posted 2 years ago #

    For comments yeah, but not for reistrations @ wp-signup.php

  4. Ed
    Member
    Posted 2 years ago #

    Ah, sorry I completely misread the title and your post it seems!

    We use Anti-Splog from WPMUDev but it's a paid plugin, very effective though. I recommend trying WangGuard though, it's very good.

  5. Cookies for Comments - Read this thread

    You have to add something to your .htaccess, but it works great.

    Also check out Darcy Normam's htaccess tweak

  6. sturvey
    Member
    Posted 2 years ago #

    Would one of these techniques also block genuine users seeing as most of my sign ups will come from direct links to wp-signup.php via an e-newsletter?

  7. Nope. What they do is say 'If you're trying to pass the data to wp-signup without clicking the SUBMIT button, you're a spammer.' Which is true :)

  8. sturvey
    Member
    Posted 2 years ago #

    ok, so I've got:

    # BEGIN ANTISPAMBLOG REGISTRATION
    <IfModule mod_rewrite.c>
     RewriteEngine On
     RewriteCond %{HTTP_COOKIE} !^.*59a5259c983ed123457907875dd8d758.*$
     RewriteRule ^wp-signup.php - [F,L]
    
     RewriteCond %{REQUEST_METHOD} POST
     RewriteCond %{REQUEST_URI} .wp-signup.php*
     RewriteCond %{HTTP_REFERER} !.*mywebsite.com.* [OR]
     RewriteCond %{HTTP_USER_AGENT} ^$
     RewriteRule (.*) http://lmgtfy.com/?q=spammer [R=301,L]
    </IfModule>
    # END ANTISPAMBLOG REGISTRATION
    
    # BEGIN WordPress
    ...

    This is the htaccess inside my wp folder, not my website root htaccess file. Everything look ok?

  9. Assuming you changed mywebsite.com to your website ;)

    Is WP installed in a subfolder? And if so, is it running out of mywebsite.com/wp/ ?

  10. sturvey
    Member
    Posted 2 years ago #

    subfolder and /blogs/

  11. Should be fine :) Just making sure you're not trying to install it in /blogs/ and run it out of / ;) That way lies shenanigans.

  12. sturvey
    Member
    Posted 2 years ago #

    I'm getting a 403:

    Forbidden
    You don't have permission to access /blogs/wp-signup.php on this server.

  13. And you changed mywebsite.com to your actual URL?

    It works perfectly on my site.

    Remove this for a test: You may have done that wrong.

    RewriteCond %{HTTP_COOKIE} !^.*59a5259c983ed123457907875dd8d758.*$
     RewriteRule ^wp-signup.php - [F,L]
  14. sturvey
    Member
    Posted 2 years ago #

    yep. it works if I remove those two lines. how have i done that wrong?

  15. 59a5259c983ed123457907875dd8d758 must not be right is all I can think.

    You've got css.php?k=59a5259c983ed123457907875dd8d758&o=i&t=XXXXXXXXX right? And you're ONLY getting the stuff in front of &o=i... right?

  16. sturvey
    Member
    Posted 2 years ago #

    Here's the image from view source:

    img src="http://www.mywebsite.com/blogs/wp-content/plugins/cookies-for-comments/css.php?k=59a5259c983ed12345907875dd8d758&o=i&t=1343467019"

  17. On yourwebsite.com/wp-admin/options-general.php?page=cfc_config

    Down at the bottom there's an example like this:

    RewriteCond %{HTTP_COOKIE} !^.*[mycodehere].*$
    RewriteRule ^wp-comments-post.php - [F,L]

    Does it match?

  18. sturvey
    Member
    Posted 2 years ago #

    Yes (except for wp-comments-post.php being wp-signup.php in htaccess)

  19. That is just weird... But. It's an issue with one plugin, so that could be worse :D Tagging.

  20. sturvey
    Member
    Posted 2 years ago #

    Hmm. I wonder why it's not working. Am I still pretty well covered if I leave it out, seeing as it's an added bonus of the plugin and I've got the ANTISPAMBLOG stuff there anyway?

  21. You should be okay. Darcy's method has been wonderful for me :)

  22. sturvey
    Member
    Posted 2 years ago #

    It seems I was not okay! Had 5 spam registrations over night. What's my next port of call?

  23. Are they coming from some place you can pinpoint? All the ones I ever got were from Russia, so I blocked .ru emails... The other thought is you could moderate all new registrations. I mean, do you REALLy want a totally open for anyone network?

  24. sturvey
    Member
    Posted 2 years ago #

    I don't know how to pinpoint them really. The email addresses are all random. The moderation thing is a last resort. I don't understand why these plugins/methods aren't working for me!

  25. Ed
    Member
    Posted 2 years ago #

    Does WangGuard not work at all?

  26. http://wordpress.org/extend/plugins/wangguard/

    I've never used it, but then again, I don't get a lot of spam.

  27. Ed
    Member
    Posted 2 years ago #

    The dev's pretty good if you have any problems too.

  28. sturvey
    Member
    Posted 2 years ago #

    The dev?

  29. Ed
    Member
    Posted 2 years ago #

    Sorry, the developer of the plugin.

Topic Closed

This topic has been closed to new replies.

About this Topic