WPMU and reCaptcha
So I got the WordPress MU blog system up and running YESTERDAY. And today I wake up to some spam in the form of a bot that created a “wow gold farmer” blog. It was completely random crap and went a pretty long way towards detailing my need of some form of bot protection.
I’m stunned that I got botted so soon after putting it up, more over on domains that didn’t exist until yesterday. BUT likely due to my post of yesterday which told the bots where to go — woops. A solution was required and fast!
I did some research and found a nice plugin that should solve the problem, and help others at the same time. The folks over at recaptcha.net are solving this problem in a new and creative way. Recaptcha is helping solve the problem of imperfect OCR readers and helping to digitize books by sending words that cannot be ready by the computer to the web in the form of captcha’s to be solved by humans. This is all kinds of clever.
Each new word that cannot be read correctly by OCR is given to a user in conjunction with another word for which the answer is already known. The user is then asked to read both words. if they solve the one for which the answer is known, the system assumes their answer is correct for the new one. the system then gives the new image to a number of other people to determine, with higher confidence, whether the original answer was correct.
By adding this spam blocker, we are helping the greater community.. I like that.
The amusing thing is BlaenkDenum JUST created this reCaptcha WPMU plug-in a couple of days ago.. lucky for me!
Hi. Do you still get sploggers trying to register to your WP MU?
I set up a WP MU blog, enable reCaptcha and still get bots registering. I’m not that familiar with WP so I did what is logical…I started disabling plugins one-by-one to check if it’s a possible security issue with one of the plugins… buddypress, adsense integrators, etc… I still kept getting sploggers even if I only have reCaptcha enabled..so I thought it could be a person manually typing in the reCaptcha codes.
As a last resort, I installed WP-Ban and ban the IP where the requests are coming from. Then I finally noticed that it’s not a person but an actual bot cracking the reCaptcha codes – I got 250+ requests in 12 hours.
Do you have alternatives to reCaptcha?
Neil, it was so bad that I finally uninstalled and gave up on the WPMU project for the time being.. they clearly have a lot of security holes and exploits that just aren’t being covered.. (or did the last time I tried it)..
I’m sorry I don’t have a good answer for you..