[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

WordPress User/Subscriber cleanup

And finished the user cleanup, now total of 13 WordPress users:
All (13) | Administrator (3) | Editor (2) | Author (1) | Subscriber (7)

Yeah, if you want to not look like a bot, and
avoid getting removed in such a cleanup, meet one of the
exceptions for those that weren't purged:
o has posted (non-spam) content on the WordPress site
o email matches that of this list (I ignored + extension parts, did case
  insensitive checks on the matching, and also remembered to apply
  gmail.com's funkiness with . characters in the local part (stripped all
  those out before comparing)
o have a role other than Subscriber (the default)
o has name set in the WordPress user configuration

Also posted/updated on the site:
https://berkeleylug.com/2025/07/13/wordpress-user-subscriber-cleanup/
It's also visible as 2nd (most recent unpinned) post on the main page:
https://berkeleylug.com/


---------- Forwarded message ---------
From: Michael Paoli <michael.paoli@berkeley.edu>
Date: Sun, Jul 13, 2025 at 8:29 PM
Subject: Fwd: Simple Math Captcha added to registration: Re:
BerkeleyLUG site anti-spam enabled, comments & registration / sign-up
opened up.
To: Berkeley Linux Users Group (BerkeleyLUG) <berkeleylug@googlegroups.com>


So, at some point along the way, likely some upgrades or the like,
Simple Match Captcha, most notably on the WordPress registration, broke.
Anyway, have now fixed that.

Additionally, I disabled the setting option:
Hide for logged in users
Enable to hide captcha for logged in users.
Would you like to hide captcha for logged in users?
Notably so to avoid having a logged in user (e.g. bot),
massively registering additional users - with no further captcha
to register them, as they were already logged in.

Yeah, we now have 941 users:
All (941) | Administrator (3) | Editor (2) | Author (1) | Subscriber (935)
And likely the vast overwhelming majority not legitimate, but bots.
So, I expect I'll be cleaning that up soonish, as I believe I did
likewise before.

---------- Forwarded message ---------
From: Michael Paoli <Michael.Paoli@cal.berkeley.edu>
Date: Fri, Sep 13, 2019 at 8:17 AM
Subject: Simple Math Captcha added to registration: Re: BerkeleyLUG
site anti-spam enabled, comments & registration / sign-up opened up.
To: BerkeleyLUG <berkeleylug@googlegroups.com>


I added a simple Math Captcha to registration.
That will likely suffice to mostly, if not entirely,
stop spambots from registering.

As for cleaning up (removing) registered accounts of
spambots - no extreme rush on that, but shall do that over the
coming week(s)/month(s).  Probably request that users
update their profile to include something for name
(the spam bots don't bother, and generally looks better if
that's set anyway), may likely manually add that (or at least
partially so) to some older accounts (the few that were present
when site was migrated) ... maybe give user some alternative
means if they're legit, and really don't want to fill in
name field(s) at all, ... and, after some while,
remove the users that have nothing set in any of the name fields,
and haven't taken any alternative means to identify themselves
as legitimate - then the rest can mostly be reasonably presumed
to be spam bot sign-ups.

We're at 113 "users" now - the rate seems to have dropped off, as
most of the spam bots figure out they can't get their spam
content posted.  "Of course" spam attempts continue - most notably
comment attempts - but the anti-spam in place seems quite to
exceedingly good at dealing with that (thus far of many hundreds
of attempts, no spam has made it through, and no legitimate
comments or attempts have been flagged as spam - though some
(new users or unregistered?) have been held for moderation.

This Captcha also seems minimally intrusive, should be enough (hopefully)
to stop spambots - but if needed, many other Captcha options are
available.  Also, this Captcha doesn't feed some for-profit entity
human intelligence information (like training their AI by using
humans - and without those humans being paid for it!).

> From: "Rick Moen" <rick@linuxmafia.com>
> Subject: Re: BerkeleyLUG site anti-spam enabled, comments &
> registration / sign-up opened up.
> Date: Thu, 12 Sep 2019 01:06:42 -0700

> Quoting Michael Paoli (Michael.Paoli@cal.berkeley.edu):
>
>> o add some captcha or the like to raise the bar sufficiently on
>>   registration / sign-up
>
> It usually ends up being a CAPTCHA implementation people add for this
> purpose, because it's difficult to find a modest, _simple_ plug-in for
> WordPress, only baroquely complex ones.  But a complete solution would
> be anything that asks the user to answer a simple question that isn't
> standard across everyone else's WordPress, like 'What is 4+5?' and
> require a correct answer before the form submission gets processed.
>
> Bruce Schnier on his blog ('Schneier on Security') has a simple hack
> where you are asked to answer the question 'The title of this blog is
> "Schneier on ________".  What is that word?'  (I paraphrase.)  Works
> perfectly -- because it's not necessary to defeat custom attacks, just
> comment-bots aimed at commodity software.

-- 
You received this message because you are subscribed to the Google Groups "BerkeleyLUG" group.
To unsubscribe from this group and stop receiving emails from it, send an email to berkeleylug+unsubscribe@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/berkeleylug/CAPU_E%2Bc%3DR4nfJQRdzBrFPAot9oeHvTYDfyf-5JwsfpZZRHiAUg%40mail.gmail.com.