BuddyPress.org

I don’t think anybody can stop you from posting a file on your server with domains and IP’s which you advise to be blocked… I actually think it would be a good idea to have this info centralized, an Akismet for sign-ups if you please, would save a lot of effort.

Just checked wp-ban’s stats and 4 IP’s were blocked over 1000 times. Though it does not stop splogs, it serves as a good example that sharing info might help, especially if the signup page can check a database of known sploggers or words in blog titles.

A nice feature would be (plugin request!) to have:

– an extra field on signup. Skip all the usless and annoying captcha’s, just a simple question: “why you want a blog?” or more specifically: “what are you going tor write about?”

– the opportunity to manually approve/delete sign-ups based on their answer, at least blocking the unapproved from appearing in blog lists, sidewide activity etc, basically making it 100% private (only vsible for admins) until approved.

Before you ask: I cannot make this, but I will be happy to test if some more skilled person can!

Adding an extra feature on signup or even adding a question doesn’t help.

Bbrian – what exactly have you implemented to stop splogs? I’m not being sarcastic. If I know what you’re tried already, I can suggest different things other than telling you things you tried already.

“I wonder where the spammers get the time to figure out ways to spam sites is there like a spam university or something”

They buy automated scripts. Seriously, I can send links. They google for default text like “powered by buddypress” and “/register/”, plus they jointly build lists of BP-powered sites and share them, so they can then drop these lists of sites into their programs.

Part of stopping them relies on figuring out how they come in, which we’ve spent time doing.

Go turn off the ability for users to add other users. If you already have spammers in your system, they’ll let others in. It’s under Site Admin -> Options.

Doing the easy stuff is just the first level of defense.

@Bbrian017 I feel for you, ma. I am scratching my head. On my prod site, in over 18 months (since pre-BP alpah no less) I have had maybe 9 or 10 spam accounts. While I have a bit more of an involved signup process (just a bunch of addl required fields) I don’t have anything else. Blog creation IS disabled, so maybe that help? Not sure.

Ieven had sCaptcha going for awhile btu took it down as folks had so much trouble reading the stupid characters.

Still thinking of what’s up in your case. Hang in there.

zageek and Bbrian017 – what are the URLs of the websites that are getting spammed? I will take a look at them for you.

^F^

I’m getting about 50 spam registrations a day on one client site since the start of this week.

We’ve modified the register slug, changed text on the register page, deleted the wp-signup.php file, and implemented the following in our .htaccess file:

# BEGIN ANTISPAMBLOG REGISTRATION

RewriteCond %{REQUEST_METHOD} POST

RewriteCond %{REQUEST_URI} .join-lorem*

RewriteCond %{HTTP_REFERER} !.*mydomain.com.* [OR]

RewriteCond %{HTTP_USER_AGENT} ^$

RewriteRule (.*) http://mydomain.com/spam-prevention [R=301,L]

# END ANTISPAMBLOG REGISTRATION

Still the spammers are getting through.

Turning off blog creation / new user registration is not an option… otherwise, there would be no point in trying to offer a blog platform / social community.

Asking users to wait until their application to join is approved, or asking them to fill in additional fields at signup will just hamper the chances of them signing up and using the site.

Anyone have any suggestions?

I don’t want to tell clients: “we’ll build on BuddyPress for you, but you might have to remove 100s of spam blogs every week”

Note: the problem is worse than just the backlinks they create, it also reflects badly on the professionalism / appearance of your site, as their spam posts show up in activity streams, in aggregators (such as showing recent site wide posts and so on).

This is a serious problem.

Note: a lot of these registrations come from a small number of IP addresses, is there anyway to block certain IP addresses from registering?