Skip to:
Content
Pages
Categories
Search
Top
Bottom

Spam user registrations bypassing BuddyPress register page

  • Avatar of Eric Langley
    Eric Langley
    Participant

    @elangley

    Hello All,

    I am running WP 3.3.2 Multisite and BP 1.5.5

    I am getting spam user registrations that appear to be bypassing the BuddyPress register system. I have several fields setup, that are required. Spam user accounts are being created that do not have these fields filled out.

    What can I do to stop these registrations?

    ~eric

    @elangley

Viewing 6 replies - 1 through 6 (of 6 total)
  • Avatar of @mercime
    @mercime
    Keymaster

    @mercime

    @elangley the thing is that whether you have BuddyPress or not, when you have open registration, expect spammers – bots and humans. There are human spammers who are paid by companies to post backlinks in as many websites as possible and those who spam just for the heck of it, and other than making your site by invitation only, you’d have to monitor membership in your site regular and be prepared to cull the spammers.

    Avatar of Eric Langley
    Eric Langley
    Participant

    @elangley

    @mercime thanks for the reply.

    I did not realize how extensive the spam registration, comment and trackback issue is on WP/BP. I am curious though as to how these registrations are getting past the required fields.

    In doing more research there are several models for limiting spam registration;
    captcha, which appears to have been compromised through the use of attack tools and, IMHO, is unfriendly to users.
    honeypot, which places a hidden field in the registration and when filled out registration is blocked.

    Currently I am testing WangGuard. It looks like it takes a more holistic approach treating spam registrations like a virus and building a database of bad domains.

    I have not fully launched my site yet so I don’t know how effective it is.

    Anyone else have a recommendation for methods/solutions for limiting spam registrations?

    ~eric

    @elangley

    Avatar of oceanwidedesigns
    oceanwidedesigns
    Participant

    @oceanwidedesigns

    I wouldn’t use WangGuard because it sounds like that could easily cause problems for non-bots.

    I’ve been having good success with SweetCaptcha, I haven’t had any complaints from anyone & it seems to work for people from all cultures. One bot through since installing, but that is a lot less than lots of bots a day.

    Avatar of Eric Langley
    Eric Langley
    Participant

    @elangley

    @oceanwidedesigns

    You wrote: I wouldn’t use WangGuard because it sounds like that could easily cause problems for non-bots.

    I ask: What could cause problems for non-bots?

    You wrote: I’ve been having good success with SweetCaptcha,

    I ask: SweetCaptcha looks cool. Do you have to come up with your own designs or are they stock?

    One possible problem with this model, like any captcha, is that once the bots create a database of these drag and drop actions, human figures it out and then put in the database, it may become ineffective. The more adoption a model gets in WP the more attacks it will undergo from spammers.

    ~eric

    @elangley

    Avatar of Reverendspam
    Reverendspam
    Member

    @reverendspam

    In the past 6 months I was getting 50+ spam bot registrations a day. I used WangGuard, but it was not catching them.

    The bots were looking for the default registration page at http://yoursite.com/register

    I changed the permalink of my default registration page to something else and have not had any issue since then.

    Knock on wood, I have not had to delete any bogus registrations for the past month.

    I hope this helps.

    Avatar of placementmantra
    placementmantra
    Participant

    @placementmantra

    I am daily getting very much spams on http://placementmantra.net/
    no idea how.even tried plugin no use

Viewing 6 replies - 1 through 6 (of 6 total)

The topic ‘Spam user registrations bypassing BuddyPress register page’ is closed to new replies.