[Wolfgang Hoeschele]

On our recently opened site (http://commonsabundance.net), a few people have registered who have not been flagged as sploggers, but have filled out no more than the minimum information on their profile that is needed to register, and since then seem to have done nothing at all. They did not respond to messages welcoming them to the network and inviting them to participate in various ways, and they have not uploaded avatars. They do not appear to be doing any harm, but at the same time I really don’t know why they are on the network.

I am wondering whether others in this forum have encountered this kind of thing too, and

1) whether you regard this as a problem,

2) if you do regard it as a problem, what you have chosen to do about it?

Regards,

Wolfgang

• This topic was modified 11 years, 7 months ago by Wolfgang Hoeschele.

[Helene Finidori]

To add to Wolfgang’s inquiry, what we would be worried about is some form of ‘trojan’ membership that would open the door to spammers and other types of sploggers that have no interest in the community… Are there known incidences of actual people that open doors for some form of more diffuse and systematic bot attacks?

Thanks

Helene

[Brock Nanson]

Maybe someone else will respond with the holy grail of splogger/spammer prevention, but I’ve found that it’s a very fine balance between restricting admission and opening the doors wide for everyone.  I do consider it a problem… at the very least it looks unprofessional to have phony names on the members list.

For the most part, a splogger username and address will look odd.  Username and actual name may not match to the point of looking suspicious.  I delete accounts at will if they look suspicious.  I believe that legitimate users will sign up with legitimate-looking usernames and email addresses, so if I lose a few along the way… they can contact me directly to be reinstated.  Might even make sense to have some comments to this effect on the site somewhere, so that new sign-ups know that you take the problem seriously.

I also set the default rights down very low, to prevent initial posting or commenting without my review.  My group is small enough that I can vet new registrants fairly quickly and up the privileges before they even realize they’re at a disadvantage!

I’ve used the WangGuard plug-in for a while now.  It seems to prevent many unwanted accounts being created, but not all.

I intend to add a skill-testing question that legitimate users would easily answer, but haven’t gone that far yet.  An example for a photographic site might be “Who was the better photographer, Ansel Adams or Albert Einstein?”  The typical bot will go right on by and foreign sploggers who likely aren’t photographers are likely to guess incorrectly, if they even bother to try.  I’ve also heard of people including a question that is not displayed on the page, but visible in the code… bots answer, people don’t see it and therefore can’t…  the sign-ups that include the answer are rejected.

 

[MySchoolStuff]

My site is geared towards High School pupils, so I am extra vigilant. You will always get people that register and do not participate. What I do for every resistant is google their email addresses, looking to see if they have signed up for multiple sites around the time they have registered with mine. If so, them I spam them (mark them as sploggers). I also do a facebook search using their email address.

I hope that helps

[Ray]

Some spammers create accounts on a site and leave them dormant.

Later on, they will log back in and start spamming.  Just a FYI.

Trying to find a good balance is hard.

There are also plugins that ping an anti-spam service to check if the IP is bad.  If it is, then that user is blocked from accessing the site.

Here are two on the wp.org repository:

http://wordpress.org/extend/plugins/avh-first-defense-against-spam/
http://wordpress.org/extend/plugins/stop-spammer-registrations-plugin/

But there could be more.

[Helene Finidori]

Thanks for these responses that combine a variety of solutions that’s good! @MySchoolStuff. Very useful tip that proved effective.

@Brock, you mention wanguard that we have running as well, and @Ray you suggest two other solutions. Can these run together? Or would we need to chose and deactivate wangguard to install one of those you suggested? And would these solutions be more effective than wangguard?

@Ray, you also suggested http://wordpress.org/extend/plugins/login-security-solution/ to deal with massive login attempts on the other thread I started.

So in the end… what would be an effective set of security plugins to run together to address the major threats in spam sign up both bot and human, login hacking, trojan spamming and external spam attacks, & other?

For spam we had activated Akismet with Conditional Captcha, but akismet did not stop the spamming and we ended up with douzans of spams per day, so awaiting a better solution, we closed comments from non members…

Thanks!

[Wolfgang Hoeschele]

I haven’t written since my first post because Helene did such a good job of asking questions that I would have asked. However, can Ray or somebody else answer the last questions that Helene asked? This discussion thread seems to have been orphaned before it was really done, and it would be really useful for us to have some answers on these points.

All the best,

Wolfgang

 

[Brock Nanson]

Somewhere I thought there was a setting to disallow comments unless the moderator had approved at least one…?  Not a fully automated solution, but might be enough of a balance between automation and moderator effort.

[Author]

Posts