FOLLOW TRIPAWDS » ARE YOU A FAN? » DISCUSSION FORUMS » LIVE CHAT » DIRECTORY » NEWS BLOG » RANDOM TRIPAWDS BLOG »

Behind the Scenes

How We Keep the Tripawds Wordpress Multisite Blog Network Hopping Along

The Ongoing Fight Against Spam Blogs

December 12th, 2009 · 15 Comments
Information · Rants

Tripawds is a user-supported community. Thank you for your support!

The fight against Spam Blog registrations for any WordPress MU site administrator – that’s me – is an ongoing battle, that often seems to have no end. But at the risk of jinxing things I would like to think we are finally winning the war against these splogs, which are much worse than any old Spam.

Splogs - Even Worse Than Spam!

Tripawds members can feel free to report questionable blogs here in the Tech Support discussion forum. Just keep in mind, that said blogs may very well be deleted by the time you do so since we are always doing our best to immediately get rid of any that actually get created. We just can’t do so in our sleep. Thank Dog there are tactics that can!

WPMU site administrators may be interested in the available anti-splog options and these steps we took to slow the flow of splogs here at Tripawds …

Restrict WPMU User and Blog Registration

The only bulletproof way to keep splogs out of your WPMU site is to disable registration, and require users to email requests for signup. We’re not about to do that since we want all new users to have immediate access to our canine cancer discussion forums, and be able to start sharing their three legged dog stories right away.

The Secure Invitations WPMU plugin stops access to your signup page, except where the visitor has been invited and clicked the link in their invitation email. This seems like a great solution for stopping automated splog signups on private or corporate installations, but it would not work for us. Too many people find Tripawds when searching for help to allow registration on an invitation only basis.

Edit .htaccess to Stop Automated Spam Blogs

One sure fire way to stop automated spam blog registrations is to ban any signups resulting from POST requests (form submissions) for signup-18c/ that have not been sent from a web page within the WPMU site itself. D’arcy Norman makes this easier than it sounds.

For complete details, or to ask any related questions, please visit his original post about how to stop WPMU spam blogs with .htaccess file edit. Be sure to read the comments there as many concerns have been addressed.

To summarize, however, adding the following to your .htaccess file will indeed stop most if not all automated spam blog registrations:

# BEGIN ANTISPAMBLOG REGISTRATION
RewriteEngine On
RewriteCond %{REQUEST_METHOD} POST
RewriteCond %{REQUEST_URI} .wp-signup\.php*
RewriteCond %{HTTP_REFERER} !.*yourdomain.tld.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^$
RewriteRule (.*) http://die-spammers.com/ [R=301,L]
# END ANTISPAMBLOG REGISTRATION

All you need to do is change yourdomain.tld to the domain of your WPMU website, and change die-spammers.com to wherever you want potential spammers redirected. We send them here for an explanation, since there may be a rare occasion when legitimate users might get blocked – if they clicked the signup link from an email they were sent, for instance.

Another more serious tactic to deploy is banning any spam blog registrations from specific ip addresses. This can also be done by editing your .htaccess file. Check your server logs or new registration emails to find out where they’re coming from and then block their IP addresses in your .htaccess file by adding the following:

# BEGIN IP ADDRESS BAN
order allow,deny
deny from 192.168.44.201
deny from 224.39.163.12
deny from 172.16.7.92
allow from all
# END IP ADDRESS BAN

Or, block a range of IP addresses:

# BEGIN BAN IP ADDRESS RANGE
order allow,deny
deny from 192.168.
deny from 10.0.0.
allow from all
# END BAN IP ADDRESS RANGE

Please note that the IP addresses shown are examples only! Special thanks to Sarah over at WPMU.org for this one, and other tips to get rid of spam blogs once and for all.

Stop Common Spam Users in Their Tracks

Using cPanel …

At this point, I thought we had defeated the sploggers. But alas, before long we had more Money Making Tips for Tripawds. After getting tired of editing our .htaccess file, I took to banning IP addresses directly from cPanel using the Quick Deny feature of csf – ConfigServer Firewall. This is much quicker, and enables me to easily search for banned IP addresses should a legitimate user get blocked, which has not happened yet.

Banning known spammers …

Some of the most common spam blog registrations come from easily identifiable sploggers. One such known malicious username format is fullname#### – such as geraldmason1976. No such users will ever register for Tripawds Blogs ever again thanks to our WPMU Dev Premium membership. With our membership, I am able to particiapte in the WPMU Dev Premium Support Forums where I helped test this Splog Check for Known WPMU Spammers…

Within the wpmu_validate_user_signup function, I added the following hack to disallow any username ending in four digits:

// BEGIN 4-DIGIT USERNAME BAN
$tmp_user_name = substr($user_name, -4);
if (is_numeric($tmp_user_name)) {
$errors->add('user_name', __("Username not allowed"));
}
// END 4-DIGIT USERNAME BAN

Special thanks to Dr. Mike for this one. For detailed instructions, and to take advantage of many other benefits including Premium WPMU plugins and themes, please sign up for a WPMU Dev Premium membership. And if anyone is wondering why they couldn’t join Tripawds with a username ending in four digits, that’s why!

But it still wasn’t enough to keep me from deleting far too many spam blogs every morning. It was time to edit some core files…

Reword Signup Page to Confuse Sploggers

Many sploggers use Google to find WPMU signup pages by searching for their default content. Once they find pages including phrases like “Gimme a blog!” or “Just a username, please.” they know where to go to create their next blog for stretch mark creams or making money online.

By rewording the content within our signup-18c/ file, we were able to thwart some more spam blog registrations. Here is the default content from the lines I edited to re-phrase:

  • #157: 'Get <em>another</em> %s blog in seconds'
  • #178: "If you&#8217;re not going to use a great blog domain, leave it for a new user. Now have at it!"
  • #241: 'Get your own %s account in seconds'
  • #254: 'Gimme a blog!'
  • #257: 'Just a username, please.'

Be sure to use proper HTML entities where necessary, and do not edit any PHP code – like %s whatever that means. Keep a copy of the original file to be safe! And for the record, this information is based on WPMU 2.8.6 – line numbers and code may or may not change in future revisions!

This alone was still not quite enough to keep the sploggers at bay. More extreme measures measures were necessary…

Rename WPMU Signup Page to Stop Splogs

Savvy sploggers know to search for the signup page by its file name. A simple Google search like “Gimme a blog!” inurl:signup-18c/ will result in numerous sites to attack, for instance. Nefarious automated spam bots also know to go directly to signup-18c/ for immediate registration. Renaming the WPMU signup page was the final step we took to slow splog registrations to a crawl here at the Tripawds Blogs community.

There are a few important steps, however, to keep in mind when taking this measure to stop spam blogs.

If you rename signup-18c/ there are five core file locations where the link must be updated:

  • signup-18c/: rename file and update link to match on lines #26, #179, #242, #311, & #391
  • wp-login.php: update link to match on line #390
  • wpmu-settings.php: update link to match on line #154

Again, these are the line numbers in WPMU 2.8.6 – future revisions might differ. Now, the reason I put off doing this for so long was because we had linked directly to our signup page in numerous blog posts and discussion forum topics. Had I renamed the signup page to anything other than signup-18c/ all these existing links would be broken.

So, after discovering the following SQL query to easily search and replace terms via PHP MyAdmin, I went for it:

UPDATE wp_{id}_posts SET post_content = REPLACE (post_content, 'signup-18c/', 'wp-renamed.php')

Simply replace {id} with the ID number of the blog you want to search. And replace ‘wp-renamed.php’ with whatever you renamed your signup page. To run the same search and replace query within SimplePress Forum posts, just replace wp_{id}_posts with wp_{id}_sfposts.  Also, be sure to edit any theme files or sidebar widgets you may have that point directly to your signup page.

Recommended solution for stopping spam blogs

The single best suggestion I have to stop all WPMU splog registrations forever is: all of the above. And I recommend implementing these steps immediately after installation of WordPress MU – before you enable registrations.

Whatever you do, don’t give up and disable registration. Do that and the sploggers win!

Be Sociable, Share!


To remove ads from your site and others, upgrade to a Tripawds Supporter blog!



15 responses so far ↓

  • 1    wyattraydawg // Dec 14, 2009 at 2:37 am

    Dad, I just want to say that Mom and I think you are doing a GREAT JOB at all this splog stuff. Thank you!

  • 2    jim // Dec 14, 2009 at 2:10 pm

    Awwww, he called me “dad” …

  • 3    admin // Dec 15, 2009 at 8:52 pm

    EDIT: I have updated the instructions above for renaming wp-signup.php to include the link in wpmu-settings.php which must also be updated.

    This will ensure proper redirection for anyone typing in their desired blogname.domain.com!

  • 4    dino // Dec 21, 2009 at 11:23 pm

    Hello,

    Nice article there.. Good job..

    How about, creating a robots.txt file and blocking search engines to access wp-signup.php ?? Simultaneously, go in Google Webmaster tools and remove indexed link of wp-signup.php ??

    You guys have years of experience so I am asking you, will robots.txt be beneficial at all ?

    Dino

  • 5    admin // Dec 21, 2009 at 11:40 pm

    Good idea! Might help limit your site being found if done from the get-go. Many installs get passed around the spam boards once found. But I may look into that un-indexing tip myself. Thanks!

  • 6    jim // Dec 21, 2009 at 11:54 pm

    @dino Thanks for the reminder! I had blocked wp-signup, but now I’ve added the renamed page.

  • 7    Dino // Dec 22, 2009 at 12:16 am

    Just found, Google has never indexed my signup page, Headers in wp-signup.php has a line
    noindex nofollow and source code reflects it very well, so no use for robots file I guess! I will try testing your tips now.

    There are many solutions to fight spam for comments, these plugins stop comments from javascript disabled browsers. But I could not find similar system to stop spam for registrations. If it can be made, it will be number one plugin on WPMU site.

  • 8    jim // Dec 22, 2009 at 1:08 am

    Update: After visiting my Google Webmaster tools, I discovered top search queries included … lose weight “powered by wordpress mu” … with quite pretty high ranking. I have since reworded that phrase in our theme’s footer.php file. And, with more than 100 themes we offer our bloggers, I now have my homework assignment for the week.

  • 9    Dino // Dec 22, 2009 at 1:13 am

    Thankyou Jim, this will be beneficial for me and everyone visiting this page… I could not have done this research as my WPMU is quite new.. Great!

  • 10    jim // Dec 22, 2009 at 1:18 am

    this will be beneficial for me and everyone visiting this page…

    Thank you too! If you take these precautions early on, and document your work, you should save yourself a lot of trouble in the long run. My only problem was waiting as long as I did!

  • 11    Lambros // Jan 6, 2010 at 7:24 am

    I try most of them wity great success execpt renaming the wp-signup file! I would like to notice one more.. In mine WPMU the blogs that are created are wuth two many chars. Up to 10. Can i change that in order to accept only 6-7 chars?

  • 12    admin // Jan 6, 2010 at 12:13 pm

    @Lambros Sorry, I do not know how to limit the character count of blog names, might want to check the WPMU support forums. Though I don’t see how that would affect spam blog registrations in any way. When renaming the signup file, just be sure to catch all instance of where it is linked that I outline above, then search and replace the db for any existing links within your site content as described if necessary. Hope this helps, thankd for the comment!

  • 13    lambros // Jan 20, 2010 at 4:28 am

    Hi again..I did not limit the character count of blog names after all and I would like to help more with your instructions. I also put a mathematical problem at my sign up page and also I change the symbol “+” with word (greek).
    So at the end I will not rename the signup file ’cause at first I am afraid to, and second i dont know what happening if I want to update my WPMU.

  • 14    admin // Jan 20, 2010 at 11:56 am

    @lambros Thanks for the update. Upgrading can be a pain when renaming core files since the edits must be made every time. One of the reason I documented the steps (for myself) here!

    FYI: We have not had one single spam blog registration since testing the beta version of the WPMU Dev Premium Anti-Splog plugin.

  • 15    Griffin // Jun 26, 2010 at 12:07 am

    Yeah, this didn’t seem to work for me.

Leave a Comment

WP-SpamFree by Pole Position Marketing