• Hi,

    So Ive tried everything to stop spammers on my WPMU site… Every plugin, every tip, every hack… Nothing works!!!

    Finally, I got so tired of it I decided to block entire countries! Including Korea, China, Russia, India, Turkey and Vietnam. I found lists of their entire IP address blocks and put them in my htcaccess.
    You can get the lists here

    I only deny then access to the wp-signup.php using the following:

    <Files wp-signup.php>
    order allow,deny
    deny from
    All the IP blocks go here
    </files>

    It works! Not a single splog!!! I know you’ve probably heard this hundreds of times before… But this is the only thing that has worked for me. Over 100 splogs a day to zero!

    What I want to know, is there a way I can redirect them to a explanation of what happened? just in case they are a real person…

    Also is there any downside to this I dont know about?

    My htcaccess file is huge at 200KB is there any way to make it smaller or does it matter?…

Viewing 15 replies - 1 through 15 (of 17 total)
  • Moderator Ipstenu (Mika Epstein)

    (@ipstenu)

    ?????? Advisor and Activist

    Also is there any downside to this I dont know about?

    Yeah, IPs aren’t going to help in the long run, as people can mask and munge their IPs and, sooner or later, they’ll come back. Also you’re possibly blocking legit traffic.

    Thread Starter nate123

    (@nate123)

    Hmmm… Thanks more Q’s

    Well as far as I know, they are only denied sign up, they should be able to access everything else or am I wrong? I dont know how I could test this…

    This is why Id like them to be redirected to a page explaining why they cant sign up. Then perhaps they can contact me and ask for help. I don’t know how to do this yet, still learning…

    I’m really not too concerned about blocking legit users from joining if they are in these countries. It may sound elitist, but my website is really only for bloggers that can use Google Adwords…

    So…. Your telling me that bots can use proxy? I dont know a lot about IP stuff… Sounds like it would be easier for them to find a different target.

    Can I still block their masked IP?

    All I know is after six long months Im finally getting some relief. If it comes at the cost of blocking entire countries so be it. Ive tried everything else with no stop… Id implement a new tactic promised to stop them wait five minutes and BLAM a new splog! This is the first time Ive managed to stop them with no new spam now for over a week.

    Im pretty sure if they live in countries known to the world as the Top 10 Spammers and Hacker countries in the world, they should be use to this sort of thing…

    5 bucks says that’re all coming from a small number of IP addresses and blocking countries is overkill.

    No offense against what you done. We used to average about 15% out of ev1/theplanet. Guess we’ll have to block out the US then. ??

    I had this problem a while back – like a year or so – and I installed these 2 plugins – no problems ever since
    https://www.ads-software.com/extend/plugins/bad-behavior/
    https://www.ads-software.com/extend/plugins/cookies-for-comments/

    I believe we’re talking about splogs, not comment spam.

    Moderator Ipstenu (Mika Epstein)

    (@ipstenu)

    ?????? Advisor and Activist

    Bad behavior stops them from accessing your site. Period.

    I use that and this: https://www.ads-software.com/extend/plugins/wpmu-block-spam-by-math/

    I only block by IP when they try to log into my site as root. And that’s handled by LFD (I.e. My firewall)

    The two comment plugin sam listed will also stop splogs. Don;t let that throw ya. ??

    Thread Starter nate123

    (@nate123)

    Thanks for the replies everyone!

    I know this is an old topic…

    It seems like a lot of people think this is over kill. Well I think 100+ splogs a day is overkill lol. Its either this or shut off registration completely…

    “No offense against what you done. We used to average about 15% out of ev1/theplanet. Guess we’ll have to block out the US then. ?? “

    Im not sure what you’re saying here. Are you saying you get this much spam from the US? I believe I did find a very prolific spammer located in Florida once, but they only came once and after I deleted the account they haven’t returned.

    tdjcbe I know, I dont like doing this, this is after all the W W W… Its just the only thing that has worked for me. Its ridiculous that the only way I can enjoy the awesomeness of WPMU is by blocking half the world from registering. I hang my head in shame… What have I become?!!!

    I have tried cookies for comments and bad behavior and they did nothing… Well, nothing of note. Perhaps, I didn’t set them correctly?…Maybe I didnt give them enough time? I’m willing to give them another shot but Ive heard this all before.

    Its been about 10 days WITH NO SPLOGS!!!

    Moderator Ipstenu (Mika Epstein)

    (@ipstenu)

    ?????? Advisor and Activist

    Its ridiculous that the only way I can enjoy the awesomeness of WPMU is by blocking half the world from registering.

    This is why running a site where ANYONE can register and create a blog is NOT something you should get into without a clear understanding of what that means.

    Anyway. Maybe you should look into a plugin or hack that helps moderate new users or new blogs?

    Thread Starter nate123

    (@nate123)

    This is why running a site where ANYONE can register and create a blog is NOT something you should get into without a clear understanding of what that means.

    Anyway. Maybe you should look into a plugin or hack that helps moderate new users or new blogs?

    I run several sites with other CMS and have zero problems with spam… All of them allow registration and are social type websites with user blogs, profiles, forums, video hosting, ads, messaging, and pretty much everything even entries via SMS. I cant recall more than maybe a few sporadic spams through the contact forms. The only security on any of my other sites is captcha on registration.

    WordPress seems to be a HUGE target for spam… So you’re telling me that 1000 spammers to every 1 real member is just something everyone should expect?…

    Well, I installed every Plugin suggested here Plus a few others. I took out the htcaccess IP blocks and went to bed. The next day… SPLOGS galore… After two weeks of peace.

    None of these plugins work. Ill give it another day or two but if I dont receive an actual real signup Im done allowing open registration. From there on, if anyone wants a blog they will have to contact me first to receive an invite…

    Moderator Ipstenu (Mika Epstein)

    (@ipstenu)

    ?????? Advisor and Activist

    Not really what I meant, but that’s okay ??

    WordPress is more popular as a platform than many other CMS (you can google the comparison charts). Saying ‘WordPress gets more spam because it’s less spam-secure’ is akin to saying, say, ‘godaddy is hacked more often because it’s less secure.’ Both statements have some accuracy, but realistically it’s because of size. Bigger target. Do people drink more StarBucks because it’s better or because they’re ubiquitous? ??

    If you want to run an open reg wordpress site, one presumes you’re going to do research into what that means, what the shortcomings are and all that jazz. And one thing, no matter what CMS you use, is that maintaining a site needs constant vigilance! Spammers will surprise you no matter what you use, so you have to keep your eyes out. And yes, one method is the ip blocks, but you have to know what they mean. If that’s acceptable for your site, cool. If not, you keep looking. But you have to know what your needs are, what the options are, and what you can reasonable expect ??

    My point was you MUST be aware of the whole picture when running any site ??

    Also, owners who have huge sites block spammers at the server levels after studying logs to see the kind of requests they make. this way the processing for it is outside of WP.

    Thread Starter nate123

    (@nate123)

    Also, owners who have huge sites block spammers at the server levels after studying logs to see the kind of requests they make. this way the processing for it is outside of WP.

    I tried this but it just took too long. Its an effective way to get rid of major offenders. Its tedious tho to try and blog them all individually…

    As a last ditch attempt I’m going to remove any keywords they are searching to find my website. Seems to be Yes, Id like to create a blog…

    ipstenu, I got you. Sorry if I sound rude… You’re right WP is much bigger than the other CMS out there. So I guess it doesn’t really apply. I guess Im just frustrated as heck. I dont like having to do all this extra work. Usually I can find a solution that just works but nothing seems to work here. Now, it seems as if my comment spam has increased ten Xs since implementing all these plugins, which are suppose to STOP comment spam… I know its unrelated but Im freaking sick of this…

    When you are running a blog network, you are now running server level software. Others are looking to you to support their blogs. ??

    So yeah, the learning curve is steeper and you do have to look after more things that are more difficult.

    Is it possible to change name of wp-signup.php in order to stop spam registrations? Seems spam registration is huge problem. I got a lot of automatic registrations like janet128972861.domain.com
    None of recommended plugins stopping it.

Viewing 15 replies - 1 through 15 (of 17 total)
  • The topic ‘Splog Spammer Final Solution?’ is closed to new replies.