While BadBehavior and WebProfessor do very good jobs at keeping bots from registering on your WordPress site I wanted the control WebProfessor gave me and the automation that BadBehavior gave me but neither did both.
So here is a plugin to help keep bots from registering on your website. It will log all registration attempts and tell you why it bounced any bots.
You can blacklist domains, emails, and ips.
It will automatically block anyone whose ip shows up more than once, who is listed in spamhaus, or who you’ve blacklisted. If you hosting company allows ‘file_get_contents’ calls you can uncomment the StopForumSpam and check their list as well.
Anyone pretending to be a browser but whose ‘accept’ line is wrong will also get bounced.
See also:
Part 2 of 3: WordPress Security Plugin to block scrapers, hackers and more
Part 3 of 3: WordPress plugin tells you which files have been altered recently
14 responses so far ↓
1 Gilles // Jun 2, 2008 at 4:18 pm
Hello.
Nice idea.
Problem : under “Manage” page / Registration logs : [Table 'db207329036.wp_ttc_user_registration_log' doesn't exist]
SELECT ip, email, problem, accept, agent, date_format( day, ‘%M %d %Y %H:%i:%s’) AS time_stamp FROM wp_ttc_user_registration_log ORDER BY time_stamp DESC LIMIT 25
Seems your plugin does not create the MySQL table during activation.
2 ljmacphee // Jun 2, 2008 at 5:54 pm
It should have created it the first time you ran it or any time the plugin couldn’t find it.
Let me play around a bit more what version of wp are you using?
3 ljmacphee // Jun 2, 2008 at 6:03 pm
I see the problem - minor fix I just have to swap the order of two lines.
One quick test run and will upload fix to here and WP in about 10 minutes.
OK fixed copies at WP and here - you should see version 1.1 if you download it.
Thanks for letting me know about the problem!
4 Gilles // Jun 3, 2008 at 12:01 am
All perfect
Thank you.
5 bj // Jun 25, 2008 at 3:09 pm
Just thought I’d let you know. I installed all three of your security plugins and activated them all at once. I got the problem same as above, re the db table. I deactivated the plugin, then reactivated it, and everything is now fine.
Oh, and I’m running WP 2.5.1, if it makes a difference.
Thanks for these plugins. I’ll be installing them on all client sites. You’ve also been blogged.
6 ljmacphee // Jun 25, 2008 at 4:25 pm
You are welcome. It has been a big help on my sites.
One person has reported her server has been blacklisting itself. I’ve added a check for that and am testing. No one else has reported that, but a fix will be uploaded Thur or Fri or sooner if I’m happy with this afternoon’s testing.
It will also delete log entries > 7 days to keep from filling up the table.
Will check the other problem it may be that the 3 activations tripped over each other.
Be sure to check the blacklisted bot and request lists. I’m posting new trouble makers as I find them in my log files.
7 Caroline // Jun 25, 2008 at 11:42 pm
Had to manually remove some coding from the email blacklist window, now it *seems* to work, but is blocking legitimate registrations which somehow appear to be bots.
Any chance of making a whitelist?
8 ljmacphee // Jun 26, 2008 at 7:01 am
I’ve had no false positives on the email - can you tell me what it blocked and what you removed and what happened so I might fix it.
I ‘ve had a few that look suspicious get in, but had no problems w/ any of them so perhaps they are humans.
I can do a white list and comment out the code. However, If you just remove any emails from the blacklist that should fix your problem with out you ever having to go into the code. ( Unless of course you like go play in the code, I understand that. )
White listing will give far more false positives which is why I only use them in extreme circumstances.
Please send more information.
9 lithos // Jul 10, 2008 at 11:00 am
Hi
just installed you plugins to try and keep the spam bots at bay - not a huge problem but annoying.
Wondered if you had considered a WhiteList IP table . When i try and test the plugins i get into all sorts of muddle with multiple registrations from same IP
and some of our user may come via a cache
thanks for the code
site
10 ljmacphee // Jul 10, 2008 at 12:06 pm
Each list requires a database call. So adding a white list will add another db call and slow things down ever so slightly. The trick is to keep things lean and still block bad guys.
To allow multiple registrations from the same ip remove the following code ( lines 199->214 )
// check for multiple registrations from same ip address
if ( $blacklisted == 0 ){
$registration_table = $wpdb->prefix . “ttc_user_registration_log”;
$sql = “SELECT ip FROM $registration_table”;
$already_registered = $wpdb->get_results( $sql );
foreach ( $already_registered as $duplicate_ip ){
$dup_ip = $duplicate_ip->ip;
if ( strcasecmp( $http_remote_addr, $dup_ip ) == 0 ){
$blacklisted = 17;
}
}
}
This will be one less thing to check and speed things up rather than add in something to slow it down.
So if all you want is to allow multiple registrations from same ip number that is the better choice.
Is there another reason you’d like a white list? I am trying to keep code lean and fast.
11 lithos // Jul 10, 2008 at 12:37 pm
Hi, thanks for the reply, I saw that code and thought about commenting it but then thought a whitelist would be more flexible and not a huge overhead as its likely to be a very small table and only one call per visit to the registration page. We do have a tiny site though and I imagine a huge one with many may registrations per day might i guess suffer.
I am assuming (without looking!) that this code only gets called when someone tries to register rather than logging in or any other access/page in which case a small (must be tiny) extra check would be unnoticeable especially as people have to wait for a email to arrive before they can login!
I might just hard code my IP in for testing and then comment it/them out so i don’t disable the functionality for real spam bots
ps a clear log button on the admin page would be nice as the only way i can see to do it is to talk to the db ?
thanks for your time.
cheers
12 ljmacphee // Jul 10, 2008 at 2:00 pm
This code does only get called during registrations.
The log auto-purges every 8 days.
$sql = “DELETE FROM $registration_log_table_name WHERE day < (CURRENT_DATE - INTERVAL 8 DAY )";
~line 369
You can set that down to a higher or lower number.
Add the ip check after spamhaus function
near line 266
something like this:
if ( $blacklisted > 0 ){
if ( $http_remote_addr == “127.0.0.1″ ){
$blacklisted = 0;
}
}
replace 127.0.0.1 with your current ip.
13 lithos // Jul 11, 2008 at 5:15 am
Hi really apprecaite your replies and patience
thinking about the whitelist idea it can be done using just one call to the database buy replacing the current
(lines 203 ish)
$sql = “SELECT ip FROM $registration_table”;
with
// sorry for poor formatting
$sql = “SELECT ip FROM $registration_table WHERE NOT EXISTS (SELECT wl_ip FROM $whitelist_table WHERE $registration_table.ip = $whitelist_table.wl_ip);”;
which wont take any longer in real terms
14 ljmacphee // Jul 11, 2008 at 4:28 pm
But if your white list is small and doesn’t change often just add it to the if statement above. No db call at all that way.
If it will grow and change then just create a new table - cut and paste code from another of the tables and change the name from black list to white list.
Then in same spot as if statement above - check only if blacklist > 0 that will save some calls and do an ip match just like the blacklist ip table.
You should be able to cut and paste most of the code.
You must log in to post a comment.