-
Notifications
You must be signed in to change notification settings - Fork 4
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Spam Filter: Current Captcha is not 'catching' SPAM sign ups #107
Comments
Looks like they can beat the image captcha. Only a couple options I can see at this point, we can try the honeypot Brad suggested to trick bots into filling out a hidden field, but I have a feeling if they are sophisticated enough to beat image captcha, then they can also beat that... is enabling re-captcha on the table here? |
The pattern in the log file isn't consistent enough set up something predictable for fail2ban to kick in. Regardeless, I've dropped a few IP blocks from being able to connect to the server. Working on the honey pot code now. Would like to see if that works. |
@bdolor Ok, leaving this one to you then! |
resolved via BCcampus/validate-by-domain#5 |
@paulagaube would you post an update in this comment thread to indicate how much spam ( if any ) is still getting through? |
As of this afternoon, there are 2 new "Pending" user accounts that are spam. I deleted 2 earlier in the day that Brad said he saw last night. So the honeypot has helped. |
FYI, today there are 11 new Pending users that all use these three email domains: Also, one fake subscriber which I received an email about: marshall@top-toys.info. |
Is there any way we could add a column for "account created date" in the WordPress Users page? I'd like to be able to sort users by when they created their account to see who created accounts recently. |
I look under Activity in the Dashboard to see recently created accounts |
added the spam domains to the 'blacklist' BCcampus/validate-by-domain@046b1b4 |
FYI, today I marked 10 more accounts as spam from these domains: These were created in the last couple days. The other day marked another German user as spam. |
Since April 8th there have been close to 100 new spam user accounts created on the earlyyearsbc.ca website. What has changed? I thought some of these domains had been previously blocked but they are now showing up again. Is it possible to block users from outside British Columbia or Canada from creating accounts? These domains the most prevalent in the past two days and would appreciate having these blocked: I would like to delete these user accounts rather than mark them as SPAM. Is that a good idea or a bad idea? There is a Bulk Actions feature that would allow me to delete all the users, but it looks like there is no Bulk Action option to change the Role to "No Role for this Site". |
@paulagaube - I've fixed a flaw in the spam logic that was letting these through and added a top level domain filter, so that we don't have to every variation of I've pulled these changes over to both prod and dev. I see no value in keeping the 100 or so spam user accounts. Delete away! |
Thank you, I've been converting all from subscribers to "No role" and it is annoying....I will blast these accounts away and be done with it, thank you!! |
More spam accounts created on April 21. I deleted these accounts on April 24th. |
Another spam ".pl" user created an account at 3:51pm today. I already deleted this user. |
seems to have been resolved |
There are 46 more 'pending' SPAM registrations in the earlyyearsbc.ca today
The text was updated successfully, but these errors were encountered: