[dokuwiki] spam registrations

  • From: Michiel Dethmers <michiel-dokuwiki@xxxxxxxxxxx>
  • To: dokuwiki@xxxxxxxxxxxxx
  • Date: Wed, 03 Apr 2013 18:19:26 -0300

Hi all

My dokuwiki installation <http://resources.phplist.com> has recently
been bombarded with bogus registrations. Initially it was one or two a
day, but since the 27th of March it started to become quite a few more.
In those 8 days I got 1915 signups. That's more than 200 per day. I
don't allow editing for anyone, so it is not a danger for filling my
wiki with junk, but it's still not great.

All of them are completely useless, and now I'm also seeing a lot of
bounces from Hotmail and Yahoo where these accounts are requesting their
passwords, but the emails are incorrect, so the mail bounces. That's of
course terrible for my spam rating for those providers.

When I first noticed it I installed the "badbehaviour plugin" that
Andreas made, but it didn't really stop the signups. The BB-plugin gives
"452 accesses were blocked in the last 7 days." but the above 1915 were
not blocked.

Now, a year and a half ago I wrote a class for my site
<http://www.phplist.com/formspamclass> that uses Mollom, Akismet,
Stopforumspam and Honeypot to stop spam signups to my site. That was
fairly successful, so I have now wrapped this class in a Dokuwiki plugin
and I've installed it on my own Dokuwiki site.

It's in early stages, and I need to document it and tidy it up, but you
can find it here: https://github.com/phpartisan/dokuwiki-botbouncer

At the moment I've implemented it similar to the badbehaviour plugin,
and it uses the "action.php" to disallow POST requests. In order to
avoid DOSsing the services I only do a check on a POST. But I think it
may be more sensible to work on the auth.php instead.

Anyway, I'd be interested in comments, and to hear if others have
experienced the same, and if so, what they did about it.

Michiel


Other related posts: