Home › Forums › BulletProof Security Pro › BuddyPress Spam Registration – BuddyPress Anti-Spam Registration
- This topic has 20 replies, 4 voices, and was last updated 8 years, 3 months ago by Chazz.
-
AuthorPosts
-
AITpro AdminKeymaster
12 hour testing period from 9-5-2013 @ 11 PM to 9-6-2013 @ 11 AM
1 previously registered spammer posted spam during a 12 hour period
5 new spammer registrations during a 12 hour period5 spammers are known chinese spammers that were previously being blocked with the ip address code
1 spammer is a known french spammer that was previously being blockedNOTES: 60 spam comments posted from 11:29 PM to 11:46 PM by chinese spammer IP Address 58.22.70.77.
The amount of time and frequency between each post indicates a human spammer and not a spam bot.The login times (typical off hours for PDT timezone) for these spammers also indicates probable human spammers and not spam bots, but may
just be coincidental.Request URI is /wp-login.php so logically blocking at this point should work for stopping spam posts
but would still allow spam registrations. Filtering at the root site level is not the most desirable
method. The most desirable filtering method would be for the Register and Activate pages.Akismet caught all spam posts: 100% Accuracy
Cleanup/Site Maintenance time: 1 minute
This still falls under a site maintenance/nuisance category since there is no negative impact to the site and cleanup
time is insignificant.Spammer Info Login Time IP Address Hostname Request URI Known chinese spammer September 1, 2013 10:41 PM 202.101.111.211 202.101.111.211 /wp-login.php Known chinese spammer September 6, 2013 2:12 AM 27.154.58.238 27.154.58.238 /wp-login.php Known chinese spammer September 6, 2013 12:41 AM 27.154.58.238 27.154.58.238 /wp-login.php Known chinese spammer September 5, 2013 11:52 PM 58.23.228.209 58.23.228.209 /wp-login.php Known chinese spammer September 5, 2013 11:32 PM 58.22.70.77 58.22.70.77 /wp-login.php Known french spammer September 6, 2013 1:56 AM 94.23.194.165 ks302280.kimsufi.com /wp-login.php 24 hour testing period from 9-6-2013 @ 11 AM to 9-7-2013 @ 11 AM
3 previously registered spammers posted spam during a 24 hour period
0 new spammer registrations during a 24 hour periodActions taken: Deleted previously registered spam user accounts.
Akismet caught all spam posts: 100% Accuracy
Cleanup/Site Maintenance time: 1 minute
Using the simple crude security image bar and unique security question answer is very successful in itself. Further development of a new fun & interactive CAPTCHA interface will be developed instead of using a traditional CAPTCHA.
This code is now in testing:
# Universal Anti-Spam # Redirect by HTTP/1.0 & Referer to /spam-prevention page RewriteCond %{REQUEST_URI} ^(/register/|/activate/|wp-login\.php)$ RewriteCond %{HTTP_REFERER} !^.*ait-pro.com.* [OR] RewriteCond %{HTTP_USER_AGENT} ^(|-?)$ [NC,OR] RewriteCond %{THE_REQUEST} HTTP/1\.0$ [OR] RewriteCond %{SERVER_PROTOCOL} HTTP/1\.0$ RewriteRule ^(.*)$ /spam-prevention [R=301,L]
24 hour testing period from 9-7-2013 @ 11 AM to 9-8-2013 @ 11 AM
4 previously registered spammers posted spam during a 24 hour period
0 new spammer registrations during a 24 hour period
80 Server Protocol HTTP/1.0 spammers redirected to the /spam-prevention page
Actions taken: Deleted previously registered spam user accounts.
Akismet caught all spam posts: 100% Accuracy
Cleanup/Site Maintenance time: 1 minuteTest results are conclusive that using a CAPTCHA based login/registration method is the most effective method to prevent spam registrations/logins. Using IP blocking methods to prevent spam registrations/logins is not effective, is time consuming and is complex to implement.
AITpro AdminKeymasterStart of Testing: 9-12-2013 @ 5PM
Interactive Lightbox CAPTCHA concept:
3D image created of a fictitious Planet. The thumbnail image is too small to be read by screen readers. The image is Lightboxed to enlarge to a readable size. The images are HotLink Protected with .htaccess code. This is a very simple test using only 1 image and 1 Security Question. The goal is to not only provide anti-spam prevention, but to also provide a friendly and interesting CAPTCHA with user appeal.
AITpro AdminKeymasterThe Interactive Lightbox CAPTCHA concept would have been neat, but we came up with something new that is unique and is very effective – JTC Anti-Spam / Anti-Hacker.
It has now been several months since BPS Pro JTC Anti-Spam / Anti-Hacker was created and implemented on this Forum site. These are Akismet stats from November 2013 to February 2014. The spam that was detected and caught by Akismet are all human spammer posts. All automated spambot posts & spam registrations were blocked by JTC Anti-Spam / Anti-Hacker.
Spam detected Ham detected Missed spam False positives 2014-02 0 79 0 0 2014-01 4 564 1 2 2013-12 11 599 0 0 2013-11 5 625 19 1 ChazzParticipantOver the last 12 hours the same IP has been hammering at my site trying to login with my administrator account, and BPS has been sending me repeated BPS Login Security Alerts. Will this solution resolve the issue?
Thanx in advance
AITpro AdminKeymasterIf you have BPS Pro installed then JTC Anti-Spam|Anti-Hacker will stop/block all automated Brute Force Login attacks by bots. If you have BPS free installed then see these forum links below for additional things you can do:
Note: If you are using the WordPress default “admin” username then you should create a new Administrator User Account name and delete the default WordPress “admin” User Account.
Things you can do to protect publicly displayed usernames, not exposing author names/user account names, etc.
http://forum.ait-pro.com/forums/topic/protect-login-page-from-brute-force-login-attacks/
http://forum.ait-pro.com/forums/topic/user-account-locked/
http://forum.ait-pro.com/forums/topic/revealing-the-admin-or-editor-user-name-and-not-knowing/
http://forum.ait-pro.com/forums/topic/wordpress-author-enumeration-bot-probe-protection-author-id-user-id/ChazzParticipantok, i think i’ll create a new silent admin account and downgrade my existing account to subscriber
-
AuthorPosts
- You must be logged in to reply to this topic.