A couple weeks ago we posted that D’Arcy Norman has figured out a quick htaccess method to stop those sploggers from doing their automated signups.
You can modify those rewrite rules to work with Buddypress:
- Replace yourbpsignupslug with the slug used for your BP signup (ex. register).
- And, replace yourhomedomain with the domain of you home blog (ex. wpmututorials.com).
Add these rewrite rule before the #uploaded files:
# BEGIN ANTISPAMBLOG REGISTRATION
RewriteCond %{REQUEST_METHOD} POST
RewriteCond %{REQUEST_URI} .yourbpsignupslug*
RewriteCond %{HTTP_REFERER} !.*yourhomedomain.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^$
RewriteRule (.*) http://die-spammers.com/ [R=301,L]
# END ANTISPAMBLOG REGISTRATION
Thank you for sharing this information. I used captcha protection – but it’s not perfect. The more walls between users and spammers – the better.
[rq=214,0,blog][/rq]Аддон к [CDPACK] – BuddyPress Russian Months v0.5
Thanks for the BuddyPress explanation. I’m not sure how I would test this to make sure it’s working. Got a new site so it’s not like I would see a decline in spam registrations to measure against a baseline. Any ideas?
Thanks
This would also block users who have turned off referrer reporting in their browsers. I’m guessing that is not a significant portion of users, but does anyone know?
(It would also fail to block spambots smart enough to fake their referrer info. Just the usual arms race.)
How do I know what my sign up slug is?
Sorry – I’m a WP newbe.
If you visit your site while not logged in, the signup link will be in the admin bar. Just hover over it to see the slug.
Would the slug always be register? I have
RewriteCond %{REQUEST_URI} .register*
as the entry for the slug and have deleted the WP MU register file and the bbPress ones also.
I have no idea how splog registers are signing up but I am close to looking elsewhere for a solution 12 -20 splogs a day and a deny list of close to 120 IP addresses. It is getting real old using 1/2 hour a day of my life to clean up after these jerks.
I know they are using an automated method because I installed BP-Registration-Options
and although it does not really work well enough to use yet I could tell the amount of automated to actual sign ups. Almost all sploggers are automated on my site.
Thank you!
Here is a modified re-Captcha to work with BuddyPress.
Hope this will help
http://team.pookeo.net/2009/12/22/re-captcha-for-buddypress/
Anyone’s got a copy of the recaptcha that works with BP?
it doesn’t work. I pasted the following code in .htaccess file.
# BEGIN ANTISPAMBLOG REGISTRATION
RewriteCond %{REQUEST_METHOD} POST
RewriteCond %{REQUEST_URI} .register*
RewriteCond %{HTTP_REFERER} !.*mysitename.com.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^$
RewriteRule (.*) http://die-spammers.com/ [R=301,L]
# END ANTISPAMBLOG REGISTRATION
but still blogs are being made by spammers. Is there any other solution to stop spammer?
This worked prior to wpmu2.9. I got tons of splogs right after I upgraded.
I don’t know if it’s a coincidence.
Did you also upgrade BP?
Sorry it might not be a correct place to ask, but it seems you know quite a lot about bp and I cant find this info anywhere else.
My question:
As I have a site in russian lang and when the group is created or forum it tries to use cyrillic in a slug, which messes everything up.
How can I change rewrite rules for bp, so that instead of slug id is used?
Thanks in advance
Dmitri
Thanks Ron. quick questions. The code above differs sligly from the code suggested in the WPMU readme file on spam protection.
In particular, your code does not include the following line:
RewriteEngine On
Is this line necessary?
Second question, do I just need to include my sign-up slug (in my case “register”)?
Thanks
Yep, keep the RewriteEngine On.