BuddyPress Spam Registration – BuddyPress Anti-Spam Registration

Home Forums BulletProof Security Pro BuddyPress Spam Registration – BuddyPress Anti-Spam Registration

This topic contains 20 replies, has 4 voices, and was last updated by  Chazz 3 years, 11 months ago.

Viewing 6 posts - 16 through 21 (of 21 total)
  • Author
    Posts
  • #9431

    AITpro Admin
    Keymaster

    12 hour testing period from 9-5-2013 @ 11 PM to 9-6-2013 @ 11 AM

    1 previously registered spammer posted spam during a 12 hour period
    5 new spammer registrations during a 12 hour period

    5 spammers are known chinese spammers that were previously being blocked with the ip address code
    1 spammer is a known french spammer that was previously being blocked

    NOTES: 60 spam comments posted from 11:29 PM to 11:46 PM by chinese spammer IP Address 58.22.70.77.
    The amount of time and frequency between each post indicates a human spammer and not a spam bot.

    The login times (typical off hours for PDT timezone) for these spammers also indicates probable human spammers and not spam bots, but may
    just be coincidental.

    Request URI is /wp-login.php so logically blocking at this point should work for stopping spam posts
    but would still allow spam registrations. Filtering at the root site level is not the most desirable
    method. The most desirable filtering method would be for the Register and Activate pages.

    Akismet caught all spam posts: 100% Accuracy

    Cleanup/Site Maintenance time: 1 minute

    This still falls under a site maintenance/nuisance category since there is no negative impact to the site and cleanup
    time is insignificant.

    Spammer Info Login Time IP Address Hostname Request URI
    Known chinese spammer September 1, 2013 10:41 PM 202.101.111.211 202.101.111.211 /wp-login.php
    Known chinese spammer September 6, 2013 2:12 AM 27.154.58.238 27.154.58.238 /wp-login.php
    Known chinese spammer September 6, 2013 12:41 AM 27.154.58.238 27.154.58.238 /wp-login.php
    Known chinese spammer September 5, 2013 11:52 PM 58.23.228.209 58.23.228.209 /wp-login.php
    Known chinese spammer September 5, 2013 11:32 PM 58.22.70.77 58.22.70.77 /wp-login.php
    Known french spammer September 6, 2013 1:56 AM 94.23.194.165 ks302280.kimsufi.com /wp-login.php

    24 hour testing period from 9-6-2013 @ 11 AM to 9-7-2013 @ 11 AM

    3 previously registered spammers posted spam during a 24 hour period
    0 new spammer registrations during a 24 hour period

    Actions taken:  Deleted previously registered spam user accounts.

    Akismet caught all spam posts: 100% Accuracy

    Cleanup/Site Maintenance time: 1 minute

    Using the simple crude security image bar and unique security question answer is very successful in itself.  Further development of a new fun & interactive CAPTCHA interface will be developed instead of using a traditional CAPTCHA.

    This code is now in testing:

    # Universal Anti-Spam
    # Redirect by HTTP/1.0 & Referer to /spam-prevention page
    RewriteCond %{REQUEST_URI} ^(/register/|/activate/|wp-login\.php)$
    RewriteCond %{HTTP_REFERER} !^.*ait-pro.com.* [OR]
    RewriteCond %{HTTP_USER_AGENT} ^(|-?)$ [NC,OR]
    RewriteCond %{THE_REQUEST} HTTP/1\.0$ [OR]
    RewriteCond %{SERVER_PROTOCOL} HTTP/1\.0$
    RewriteRule ^(.*)$ /spam-prevention [R=301,L]

    24 hour testing period from 9-7-2013 @ 11 AM to 9-8-2013 @ 11 AM

    4 previously registered spammers posted spam during a 24 hour period
    0 new spammer registrations during a 24 hour period
    80 Server Protocol HTTP/1.0 spammers redirected to the /spam-prevention page
    Actions taken:  Deleted previously registered spam user accounts.
    Akismet caught all spam posts: 100% Accuracy
    Cleanup/Site Maintenance time: 1 minute

    Test results are conclusive that using a CAPTCHA based login/registration method is the most effective method to prevent spam registrations/logins.  Using IP blocking methods to prevent spam registrations/logins is not effective, is time consuming and is complex to implement.

    #9684

    AITpro Admin
    Keymaster

    Start of Testing:  9-12-2013 @ 5PM

    Interactive Lightbox CAPTCHA concept:

    Planet Mirron

    3D image created of a fictitious Planet.  The thumbnail image is too small to be read by screen readers.  The image is Lightboxed to enlarge to a readable size.  The images are HotLink Protected with .htaccess code.  This is a very simple test using only 1 image and 1 Security Question.  The goal is to not only provide anti-spam prevention, but to also provide a friendly and interesting CAPTCHA with user appeal.

    #12945

    AITpro Admin
    Keymaster

    The Interactive Lightbox CAPTCHA concept would have been neat, but we came up with something new that is unique and is very effective – JTC Anti-Spam / Anti-Hacker.

    It has now been several months since BPS Pro JTC Anti-Spam / Anti-Hacker was created and implemented on this Forum site.  These are Akismet stats from November 2013 to February 2014.  The spam that was detected and caught by Akismet are all human spammer posts.  All automated spambot posts & spam registrations were blocked by JTC Anti-Spam / Anti-Hacker.

    Spam detected Ham detected Missed spam False positives
    2014-02 0 79 0 0
    2014-01 4 564 1 2
    2013-12 11 599 0 0
    2013-11 5 625 19 1
    #26753

    Chazz
    Participant

    Over the last 12 hours the same IP has been hammering at my site trying to login with my administrator account, and BPS has been sending me repeated BPS Login Security Alerts. Will this solution resolve the issue?

    Thanx in advance

    #26754

    AITpro Admin
    Keymaster

    If you have BPS Pro installed then JTC Anti-Spam|Anti-Hacker will stop/block all automated Brute Force Login attacks by bots.  If you have BPS free installed then see these forum links below for additional things you can do:

    Note: If you are using the WordPress default “admin” username then you should create a new Administrator User Account name and delete the default WordPress “admin” User Account.

    Things you can do to protect publicly displayed usernames, not exposing author names/user account names, etc.
    http://forum.ait-pro.com/forums/topic/protect-login-page-from-brute-force-login-attacks/
    http://forum.ait-pro.com/forums/topic/user-account-locked/
    http://forum.ait-pro.com/forums/topic/revealing-the-admin-or-editor-user-name-and-not-knowing/
    http://forum.ait-pro.com/forums/topic/wordpress-author-enumeration-bot-probe-protection-author-id-user-id/

    #26763

    Chazz
    Participant

    ok, i think i’ll create a new silent admin account and downgrade my existing account to subscriber

Viewing 6 posts - 16 through 21 (of 21 total)

You must be logged in to reply to this topic.