I’m wondering whether anything can be done to keep the 100-plus “new subscribers” (who are actually spammers and bots) who register here each day from registering (so I don’t have to spend 30 minutes or more every day deleting them) while also making it easier for real people to register… anyone have ideas?
I have Captcha enabled, but these pig fuckers (the spammers and bots) seem to have no trouble sidestepping. Meanwhile, I think the way the site’s set up, it’s too hard for real people to sign up.
Second item: Tor did something very helpful this morning. He posted my “Lockdown” rant/video on LiveLeak. This sort of thing helps spread the proverbial word; helps bring more people here… which helps me to sell ads, which means less need to ask for direct reader support. So, if you are willing and able, when you find something you like here, please spread it around. Send links, post links. The more, the merrier.
Third item: We’re getting close to the black… as I type, about two-thirds of the way there. I’m hoping enough people will chip in between now and the first of Feb. so we don’t start Feb. in the negative. Thanks to all of you (esp. SafeRide) for the help to date this month.
You help me keep the wheels turning!
If you value independent media, please support independent media.Â
Our donate button is here.
 If you prefer to avoid PayPal, our mailing address is:
EPautos
721 Hummingbird Lane SE
Copper Hill, VA 24079
PS: EPautos stickers are free to those who sign up for a $5 or more monthly recurring donation to support EPautos, or for a one-time donation of $10 or more. (Please be sure to tell us you want a sticker – and also, provide an address, so we know where to mail the thing!)
Use oauth for your registration.
User logs in to browser with their gmail/facebook/twitter account. They then register or login to epautos with the oauth token. User initially is prompted with what epautos has access to in his profile (last name, first name, website, etc).
I would still use the captcha as another line of defense. I get ZERO spambot registrations using this technique. You also don’t need to deal with password management.
Hi Dave,
That sounds grrrreeeeeat! The problem is – how do I do it? I can teardown an engine, but computer stuff is Greek to me.
I’d start here: https://wordpress.org/plugins/wordpress-social-login/
I have ZERO experience with wordpress but I’ve done this successfully with Drupal and conceptually they are the same (you want to “secure” the login, registration, and/or comment forms).
Here’s the process. Download and enable plugin. As admin on your site you go to the config page. It will ask you which of the oauth providers you want to support. Start with google. Most providers will REQUIRE you to create an “application” key pair. They get the public one, the private one stays on your server. All of this is on the config page.
Now I visit epautos and wish to comment. I am asked to login with google or your existing wp registration system. I click google and google will give a little popup asking ME if I trust epautos and that epautos wants my name and email. I consentand I’m logged in.
Depending on how you have your registration system set up you’ll see my name and email address as appropriate on your site.
Trust me, you’ll have it up and running in 10 mins.
Thanks, Dave!
Plusbig problem is that not all of us participate in social media. I avoid Facebook, Google, etc. like the plague. If I understand you correctly this approach would limit participants here (at least new participants) to those who have established accounts at social media sites.
I read that at first too. But then I considered this:
“or your existing wp registration system”
We’ll probably be oldschool free range dinosaur types if he makes the change. New people will just give up a googul, facebook, twitter, android, apple, or other id and begin the posting process immediately
they likely won’t wait to go thru the process we went thru. it’ll be up to eric how responsive he’ll want to be to manual site auths.
the majority smartphone/tablet guy’s will be happy, we’ll still be happy
– – –
WordPress OAuth Server allows your WordPress site to become an authentication endpoint as well has allowing to you tie in 3rd party apps and software that requires login.
Welcome to the OAuth2.0 Server!
You have been sent here by demoapp. demoapp would like to access the following data:
friends
memories
hopes, dreams, passions, etc.
sock drawer
It will use this data to:
integrate with friends
make your life better
miscellaneous nefarious purposes
– hopefully eric can filter out the bots, and free up his time, while still letting degenerate shitposters such as myself have a little fun and freedom too
I’m right there with you. On some sites I use my google account and on others I use the site’s standard “dinosaur” registration system. Call it a gut feel but I don’t really want to custom register at every website I go to because I tend to use the same passwords on each site. If that site gets hacked then I’m screwed. Also, I fear what exactly google is tracking when I log in to certain sites with my google acct.
But hey, it’s Eric’s site, it’s his choice how he wants to handle it. I’m just saying that when I forced registration through oauth my bot and spam issues went to nil.
There’s also tools that allow manual registration that free you from the bot problem too by changing how the manual registration works to fool the bot into thinking there is no manual registration. Something to consider too. Of course then the bot technology catches up and it becomes a vicious cycle.
Hi Dave,
I just installed the “oauth” thing… I think! Is there any way to tell whether it is operating?
Might be easier if I help you through email. dave at davewentzel dot com. It’s installed correctly if you can navigate to Settings|WP Social Login.
Then do this: http://miled.github.io/wordpress-social-login/networks.html
I would enable one at a time and test each one. The first one I enabled I felt overwhelmed but then when I enabled the second I started to understand the “whys” of what the process is doing. You are basically “proving” to google/facebook/twitter that you aren’t a bot for your customers.
After that it was a breeze. Email me if you have issues.
Not at all. What will happen is people will have the choice to register/login/post comments as either a registered user of epautos OR as a social media-registered user.
Under-the-covers there is a registration table/database in wordpress. By default when you register your username/last/first/email/password is stored in that table. When you enable social_login there is an additional option where the authentication is done externally and the password is ignored. The username/last/first/email data is transferred from the social media system to epautos so that the username/last/first/email displays nicely on epautos when you comment for instance.
The only caveat is that some systems, like twitter, for safety I guess, do not send the user’s actual email to epautos. Instead they send something like [email protected].
Existing users see no difference.
Hi Dave,
I am going to try to sort this out today… have to be careful, though, because I am a computer Clover and if I mess something up, there is no one here to fix it….