BuddyPress

Hi. I have a strange problem. My e-mail domains blacklist doesn’t work.
I added some spam domains, but spammers register without any problem.

Disable BuddyPress and all other plugins. Does the blacklist work? If it doesn’t, it’s a WordPress problem. If they do work with WordPress, re-enable each plugin one at a time until it stops working. If BuddyPress is the culprit, please report a bug ticket on http://trac.buddypress.org/ using your username and password from this site.

I’m having this too…and it seems to have really gotten worse in the last 2-3 days.

I’ve recently bumbed to 1.2.3 and updated a handful of other plugins.

@mac -any luck finding the culprit?

Any chance 1.2.3 is doing this?

I can’t disable all the plugins, because my network is big, and there are many people. This problem I have for a very long time (from BP near 1.0).

It’s not 1.2.3 I’ve mentioned this but no one responded to the point . The feature doesn’t work or didn’t work in 1.1.2 and I think but am not sure yet that it’s not working in 1.2.2.

trouble is with disabling all plugins and buddypress is that on productions sites where the issue would be apparent – difficult to recreate in a local dev environ – one doesn’t really want to do this!

If you cannot rule out everything else other than BuddyPress, we aren’t going to track it down.

True, I keep a test install running live with minimal plugins other than BP, I can perhaps disable BP and take it back to WPMU and open registrations again and see what gets through and report that back which might help, but won’t be able to set that up till later.

I can’t experiment either and am getting 10+ spam signups an hour. yikes.

But there are many steps one can initiate to stem that tide of spammers, although the domain blacklist is an issue in not apparently working I have still had reasonable success in reducing spam signups to around a dozen a day and still have one or two steps that I haven’t taken yet

This has been a wordpress mu issue for a while off and on.. I discussed an idea about at mu forums:

http://mu.wordpress.org/forums/topic/13982

[blockquote]

I too have noticed that even putting domains in the block list seems to not stop future registrations. Here is a thought of mine.
MAYBE a spammer actually signs up 100 new accounts, and then only activates one a day. So even though we have added his domain to the ban list for signups, he still has 99 more that have been signed up, but not yet activated?

If this is the case I would like to see MU add core code that checks to see upon activation if the domain they originally used to signup has since been banned, and then prevent them from activating if it has.

Just a thought, not sure if this is the case – but it may be worth looking into.
[/blockquote]

It was suggested that I add this suggestion to the trac, ( http://core.trac.wordpress.org/ )
but I really don’t know how to use that thing…

not sure that it is a buddypress specific issues, but I DO believe that the spammers are looking for buddypress phrases when compiling their lists of sites to hit…

@Djsteve

This seems like a buddypress flaw, not a wordpress or mu issue.

Perhaps if buddypress can’t read the wpmu blocked domains, maybe BP needs it’s own domain banner.

There are multiple entry points for SPAM bots… so any one measure probably won’t accomplish much. I posted a list of everything I did in the “Spam, Spam and more Spam” thread. Worse case… you could try captcha.

Worse case… you could try captcha

Is there one you could recommend?

It would be great if some coder could write a simple admin defined question and answer plugin for the registration page.

I added captcha – and I still get multiple signups from the same dozen or so email-domains, even though they are already in my blacklist..

I am checking on another hunch today… I think there is a possibility that maybe having the same entry twice in the blocked domains could be causing an issue with it not working – that seemed to make it fail once before… I just pasted the domains I had banned into a spreadsheet and then sorted it alpha – and I had the same domain listed several times in several instances… now to clean it up and try it again.. I now have 437 banned domains in my list.. maybe there is an issue there?

Maybe these qualifiers should be added to the trac for fixing? on buddypress and maybe mu?

I will read the spam spam spam thread and see if there is anything else I can do as well.

FWIW, this wasn’t a problem for me until I upgraded to 1.2.3. Maybe it’s a coincidence, but I’d banned .info a few weeks ago and hadn’t gotten any registrations from them since. But since the upgrade, I get 30-50 .info’s a day.

Are we sure nothing changed in 1.2.3 that would effect this?