Skip to:
Content
Pages
Categories
Search
Top
Bottom

BuddyPress Spam

  • Avatar of wordpressfan
    wordpressfan
    Participant

    @wordpressfan

    I’m about ready to ditch BuddyPress. I installed the latest trunk and have the BPDEV anti-spam component with a captcha. Still, people continue to register, bypassing required fields.

    The least that could happen is either BuddyPress become compatible with Akismet or enable some registration approval step, where an admin could delete accounts with empty profiles before they go “live.”

Viewing 25 replies - 51 through 75 (of 87 total)
  • Avatar of Ted Mann
    Ted Mann
    Participant

    @tedmann

    @pcwriter It’s weird. I tried a proxy server, and was still able to get to the signup page by typing in the url, which leads me to believe the htaccess change isn’t taking right. Is there anything that could be interfering?

    I had another anti-spam idea: Would there be a way to require a user to have an avatar? What I’ve noticed is that all the spam signups have no avatars. Wondering if making that essentially the same as required profile fields would help.

    Avatar of pcwriter
    pcwriter
    Participant

    @pcwriter

    @TedMann

    I think someone more knowledgeable about things .htaccess could better answer that question. I’m really still learning about all this stuff myself.

    About your other idea though… now that could be brilliantly simple! It could sure put one heck of a damper on the efforts of human sploggers who are, if their activities are any indicator, a lazy bunch. Only thing is, it wouldn’t do much for those bots who manage to squeeze through whatever “backdoor” they happen to find (or make).

    Anyone want to take on a little “Avatar Required” plugin challenge here?

    @TedMann – No, manually going to your signup page will not trip the spam alarm. Putting in the URL with all the submit stuff (like attempting to pass registration info via the URL instead of entering it like a human) will trip the alarm. What it’s checking for is the POST command, and was THAT passed through by your site. Otherwise no one would ever be able to sign up :)

    Avatar of pcwriter
    pcwriter
    Participant

    @pcwriter

    @ipstenu

    Thanks for pointing that out… clears things up! :-)

    Avatar of jwack
    jwack
    Participant

    @jwack

    O MY GOD, I am so sick of deleting spam blogs! Does anyone know if the new version of BP coming out will have anything built in to prevent these spam blogs?

    There is not anything new in BP 1.2.6 that will address any spam issues. Spam blogs, however, is a problem with multisite WordPress in general (not specific to BuddyPress). It still sucks, of course.

    Avatar of Nm
    nm
    Participant

    @nahummadrid

    I removed/commented out the create a blog option from the member registration form while still keeping blog creation on. I only left access to the bp create a blog form for users is_loggedin Only. By tucking it away within the member profile for the member to create a blog later during their profile detailing/editing process, I was able to get to the point where I only needed to delete crap members that get in, not crapmembers + crapblogs that get created at one time wasting all my low number blogIDs!

    At the end of the day, if you’re running BPmu you don’t really need to have insta-blog. The option to create a blog is link within the member profile “dash” that they can get around to when they feel settled. I’ve found it’s easier for the user to get their profile up and running first and then breathe and think of a good blog name/url after they’ve logged in for the first time.

    but if you really really want instablog, which really isn’t that instant due to the wp-admin of it all. Plus, it’s not really instant because there are too few frontend posting options in member themes for the user to start posting right away, so no need for instablog in registration process, so just indicate to your user that they can do that part later. if you still want blog creation at first registration, then you can keep up the good fight by zapping spammers and their blogs.

    Avatar of jwack
    jwack
    Participant

    @jwack

    I wish new blogs worked like comments, meaning that the first post by a new member has to be approved before the blog is active. Once the first post has been approved the blog would then become active and viewable by the public.

    Avatar of pcwriter
    pcwriter
    Participant

    @pcwriter

    @nahummadrid

    Now that is a brilliantly simple and effective tactic that I’m adding to my arsenal!

    Avatar of Nm
    nm
    Participant

    @nahummadrid

    @pcwriter, it took a while for me to think of that way, but after turning off blog creation for about the 3rd time and contemplating keeping it at all, I thought of just doing it this way and it ended up being a better process for the user while killing those instaspam blogs. which btw, with all the other available strategies for blocking spam, it ends up being a very effective barrier to spam blog creation.

    Avatar of Pisanojm
    Pisanojm
    Participant

    @pisanojm

    I’m using:

    Si Capthca
    BuddyPress Humanity Plugin
    BP Signup Xtra (with required birthdate and checkbox)
    Extra Profile Fields that require text input.
    Bad Behavior with HTTP:BL enabled…

    I’ve not noticed any spam logins yet…. knock on wood/cross fingers.

    Avatar of anindyaray
    anindyaray
    Member

    @anindyaray

    I am very new to this , I got this topic’s link from a post by @pcwriter in a topic in buddydev.com
    and reading so much about spam/splog and fighting it I’m am overwhelmed and worried and exhausted even thinking about the …….
    I have read this topic , understood some and implemented some and also didn’t understood some too …..
    I ask a very stupid question !!!
    How to change the registration slug ?
    who ever replys the above question please oblige this foolish novice (that is me) with a complete walkthrough …
    .
    I am also using Secure Invite plugin , will this slug change effect this invitation plugin ? if so how to battle it ?
    .
    Thanks to all and special thanks to @pcwriter for all usefull information …

    Avatar of Anton
    Anton
    Participant

    @antonrsa

    Add this to wp-config.php `define( “BP_REGISTER_SLUG”, “your-registration-slug” );` and change ‘your-registration-slug to your own registration slug.

    Edit * the wp-config.php file is situated in the root of your wordpress installation

    Avatar of More Ivyou
    More Ivyou
    Participant

    @moreivyou

    I’m using:
    - Buddypress Humanity
    - WPMU-Block-Spam-By-Math
    - SI CAPTCHA Anti-Spam
    and
    .htaccess
    # BEGIN ANTISPAMBLOG REGISTRATION
    RewriteCond %{REQUEST_METHOD} POST
    RewriteCond %{REQUEST_URI} .register*
    RewriteCond %{HTTP_REFERER} !.*yourhomedomain.* [OR]
    RewriteCond %{HTTP_USER_AGENT} ^$
    RewriteRule (.*) http://die-spammers.com/ [R=301,L]
    # END ANTISPAMBLOG REGISTRATION

    Avatar of pcwriter
    pcwriter
    Participant

    @pcwriter

    @AnindyaRay

    You’re very welcome :-)

    Avatar of anindyaray
    anindyaray
    Member

    @anindyaray

    Thanks @Anton

    Avatar of jwack
    jwack
    Participant

    @jwack

    I spent some time yesterday to try to stop the constant flow of spam users and blogs being created on my site. Here is what I did…
    1- deleted extra registration.php in bbpress folder
    2- changed reg. slug
    3- installed humanity
    4- installed Si Captcha
    5- added code from above to htaccess

    I am still get about 20-30 per day.
    Is there a way to tell if these are humans or bots creating these accounts and blogs?
    I don’t know what else to do, any ideas? ( I really don’t want to disable blog creation during registration)

    Avatar of More Ivyou
    More Ivyou
    Participant

    @moreivyou

    I escaped.
    install and WPMU-Block-Spam-By-Math

    Avatar of @mercime
    @mercime
    Keymaster

    @mercime

    Avatar of jwack
    jwack
    Participant

    @jwack

    Thanks. That moderate-new-blogs plugin is exactly what I was thinking of but couldn’t find anything like it!

    Avatar of Marcel
    Marcel
    Participant

    @boastboy

    A great way to stop bad bots is the Bad Bot Eliminator script http://www.marcelboast.com/badboteliminator/
    It stops bad bots dynamically by blocking IP addresses.

    *Mod note: Disclaimer – this script is a paid script

    Avatar of Richardas
    Richardas
    Participant

    @rich0o

    thanks to this http://www.marcelboast.com/badboteliminator/

    *Mod note: Disclaimer – this script is a paid script

    Avatar of anindyaray
    anindyaray
    Member

    @anindyaray

    I’m using this plugin : http://wordpress.org/extend/plugins/wordpress-mu-secure-invites/

    I have restricted registration only by invitation , yet I got one registration ….

    have to done all the spam blocking techniques mentioned here to my installation … but did some definitely

    Avatar of jwack
    jwack
    Participant

    @jwack

    Thanks to this thread I am going on almost 48 hours with no new spam signups or blogs. lol I feel like I should get a coin? Yes that’s a bad AA related joke.

    Avatar of jwack
    jwack
    Participant

    @jwack

    Thanks to this thread I am going on almost 48 hours with no new spam signups or blogs. lol I feel like I should get a coin? Yes that’s a bad AA related joke.

Viewing 25 replies - 51 through 75 (of 87 total)

The topic ‘BuddyPress Spam’ is closed to new replies.