WordPress.org

Ready to get started?Download WordPress

Forums

Spam Splogs Buddypress GOING CRAZY (14 posts)

  1. zkwc
    Member
    Posted 3 years ago #

    have wp-ban, avh first defense against spam, askimet, wpmu-block-spam-by-math - all activated and none of them do a darn thing.

    today alone i have received over 150 spam sign ups. 150 splogs. it's driving me mad.

    is there a secret? i've searched high and low on all the forums dealing with wordpress and buddypress and i find zilch that would help.

  2. I'd give wordpress multisite solutions here, but none of them affect buddypress registrations.

    Also, listing what you *did* try helps us point out the ones you missed.

    Otherwise, if you have the default registration page with the default page slug and the default "sign up here" text, then the spammers basically google for it to find you.

  3. @mercime
    Volunteer Moderator
    Posted 3 years ago #

    @zkwc, saw one of your posts at BP forums, I empathize. Many of the anti-spam, anti-splog plugins/hacks work quite well against bots spammers. The thing is, human spammers/sploggers have increased and have been more aggressive than ever. If you have open registration, constant vigilance is a must.

  4. zkwc
    Member
    Posted 3 years ago #

    @mercime - this has to be my problem. i've done all the "nofollow" stuff. changed my registration page and and and. i have to have open registration for my site to function and i guess i'll just be a slave to the "mark member as spammer" button. this is really discouraging. but at least there's an explanation. thanks for that.

    can anyone tell me what is better at keeping them at bay? marking them as spammers or just deleting them?

    i wish there was a plug-in that would intuitively ban ips and email addresses based upon marking them as spammers. like a plug-in that would take the field info from the spammers input, email, user-name and ip address and put that in a ban field so they can't keep coming back. or so it would make the spammers work as hard as we do booting them.

    i can't believe the amount of spam users and splogs i have to constantly delete.

  5. DELETE them.

    Also, uncheck the options "allow users to add other users" under Super Admin -> Options.

    There's still a ton of stuff you haven't done. :-/

    Once they reigster, they cannot use that email again, even if you delete them. but email addresses are free & can be spoofed.

    you *can* block IP addresses at the server lever.

    There *are* way more plugins to help with the auto-fill out and yes, there are multiple long threads detailing this in the buddypress forums.

  6. zkwc
    Member
    Posted 3 years ago #

    @Andrea_r I've had the "allow users to add users" unchecked since the creation of my website. So that's not it.

    I've used my own email more than once after creating users then deleting for testing, so they CAN use an email address more than once if you just delete.

    I've been blocking IPs. There are thousands of IPs hitting me. literally.

    What thread should I read? I've gone on the BuddyPress forums and tried almost everything suggested and nothing worked. Do you have a link?

    The ONLY thing I've ever had luck with was Monty Spam. But, since all the upgrades it no longer works on the new WPMU. Monty Spam stopped them before they got to me. They couldn't even sign up. Monty Spam is really really missed! http://www.montyspam.net

  7. I've used my own email more than once after creating users then deleting for testing, so they CAN use an email address more than once if you just delete.

    If you just delete from the backend and leave their info in the signup table, then you cannot use that email address again.

    Ya gotta do *eveything* on the lists. :)

    Did you change the default text on the signup page? Add new fields? Use a custom slug? no-follow the signup page link?

    you have to start by doing *all* of that.

  8. zkwc
    Member
    Posted 3 years ago #

    Changed the default, added new fields and using custom slug. And no follow.

    I'm convinced I have human spammers.

  9. have you also used:

    hashcash
    bad behavior
    cookies for comments

    and or all in conjunction. despite the names, they do also check the registration form.

  10. zkwc
    Member
    Posted 3 years ago #

    never heard of cookies for comments. installed it, spam slowed down a little bit - at least for the 24 hours that I've had it going.

    turned on hashcash again to see if that would weed out the one's getting through and it was like a swarm of hornets descended upon me within 1/2 hour! i think there's something in hashcash code that actually attracts the spammers.

    I've tried bad behavior before and it did the same thing as hashcash and I'm not keen to try it again.

    thanks for the cookies for comments suggestion. i'll report back and to let you all know if it's actually working, or if it's just a fluke that I'm not getting splogs and spam sign ups. Some days are busier in the spam world than others.

  11. zkwc
    Member
    Posted 3 years ago #

    Cookies for comments doesn't eliminate the spam. Woke up to 26 spam sign ups instead of 150, so it's better at least. But still frustrating. Still have askimet, avh, block by math all running too.

    And it would be nice if there was a place specifically on word press where instructions and solutions were posted for this issue so we didn't have to sift through the forums and do this trial by error stuff.

    Andrea, your vagueness, can you just post a link to a discussion? I have tried all of your "solutions" and they don't work.

  12. Well, I'm vague because I don't have specifics to your install and every single thing you tried.
    Obviously, with that many getting in, something is wrong somewhere. it could be many things and I don't have the info on what you do have running and what settings you have everywhere nor the information in your access logs.

    what's the link to your site, for starters?
    Do you have a separate bbpress install integrated? If so, did you disable signups in that?
    Did you look at access logs and cross-reference them with the registration logs?

    I've been blocking IPs. There are thousands of IPs hitting me. literally.

    Have you banned whole ranges? Yes, it's drastic, but if most of them are coming from, for example, Chinese IPs and your site in English, then ban the IP at a higer level.

    ban 123.456.*.* instead of 123.456.789.012

    It's also quite possible you're on a host where the bots crawl the box endlessly. (long shot, but still applies)

    There's not much you can do on the WordPess side, as the buddypress registration completely takes over the WordPress one.
    Having said that - have you renamed wp-signup.php to a .txt file?

    You have to narrow down how they are getting to your site first. Otherwise, we're just tossing guesses around.

    Again, I can't exactly say "here's this one thing, go do it" because there isn't just one thing. I have a list of things to check; that's it. That's all any of us do. I can say I have my own sites running with open signups and don't have the same issue.

    I have no idea where your site even is. You're asking me to help blind.

    And finally - it is also quite possible that whatever version of BP you are on is just broken. will it be sorted in the next version? Possibly. But it's 100% a buddypress issues and the thread should be dealt with over in their forum. I can't even point you to old threads on their forums where I *know* we dealt with every single method, because the search on the BP site is broken.

  13. zkwc
    Member
    Posted 3 years ago #

    the spammers are uploading avatars now. they have to be human.
    i've been reporting the IP addresses to the hosting company that hosts the domain now. http://www.whois.net is handy for that. find out who hosts the email domain they use to sign up and go to the hosting company and find the report spam link. "junklessmail.com and supermailpro.com" haven't signed up in about 24 hours now. we'll see.

    and i put the domain names inside "options, banned email domains" but that didn't work. they still got through. i'm assuming that buddypress overrides that?

    buddypress. :( so much good, but the hassle is really unbearable. if the spam could get sorted somehow it would all be fantastic. but i think sites with a large number of people and heavy traffic are all getting whacked over the head with it.

    vent vent vent... :(

  14. and i put the domain names inside "options, banned email domains" but that didn't work. they still got through. i'm assuming that buddypress overrides that?

    no, there's an actual bug in buddypress. they' fixed it in the next version.

    have you seen -
    http://sillybean.net/2011/02/stopping-spam-accounts-on-buddypress/

Topic Closed

This topic has been closed to new replies.

About this Topic