Skip to:
Content
Pages
Categories
Search
Top
Bottom

This is why we can't have nice things


  • John James Jacoby
    Keymaster

    @johnjamesjacoby

    For the past 10 hours, the BuddyPress.org and bbPress.org codex sites have been the target of an automated spam attack, creating hundreds of pages, posts, and additional taxonomy terms.

    This happened only because of our own wishes for our documentation sites to be an active and thriving representation of everything related to the software, and not because of any bugs or glitches in WordPress or on BuddyPress.org or bbPress.org.

    We were automatically granting users the “Editor” role, so you would be able to modify pages. This has worked really well for us since 2009, but only because we’ve gotten lucky enough for no one to take advantage of the open access; until today.

    In the very near future, we’ll be officially putting together a “Codex Team” of trusted and prolific contributors to grant codex access to basically anyone that asks for it. @hnla, @mercime, and @modemlooper have already been doing this job for a long while, and we’ll bring a few others into the mix too.

    Sorry about having to restrict a few things. We had a good run there, but now it’s time to tighten things up a bit and ensure a safe and cooperative environment for everyone.

    Admin access to the codex will be turned off for a few days while we put together some guidelines and reinvent the codex access code.

    If you’re interested in helping out around the codex more, drop a note here and someone will make sure you’re taken care of shortly.

Viewing 25 replies - 1 through 25 (of 27 total)

  • bp-help
    Participant

    @bphelp

    Sorry to here this @johnjamesjacoby it is a real shame that these measures need to be taken…but I also would not want to be the one with the task of deleting hundreds of automated spam pages either so I support this choice 100 percent. Thanks for the heads up!


    Henry Wright
    Moderator

    @henrywright

    @jjj I’ve noticed 1 or 2 forum spam messages today actually. Topic subject lines were along the lines of aaaaaaaaa and the thread content was a similar kinda crap. Not sure if that was related? Anyhow, I spammed the messages when I came across them


    modemlooper
    Moderator

    @modemlooper

    Awesome


    Ben Hansen
    Participant

    @ubernaut

    darned spammers


    peter-hamilton
    Participant

    @peter-hamilton

    Needs to be done, especially if this means a stronger team that produces wicked updates and maintain a strong trustworthy codex.

    Thanks for being Buddypress.


    danbp
    Participant

    @danbp

    It seems that some publish rules where changed on the forum too.

    I just tried to publish a topic answer containing 3 links, and it wasn’t accepted before i removed one.

    This means that from now on, a topic cannot contain more than 2 links.

    A warning message to users would be much appreciated, if this new rule is effectively applied.


    Henry Wright
    Moderator

    @henrywright

    @danbp I noticed that too. A couple of times I’ve included more than 2 links as references and was unable to post.


    shanebp
    Moderator

    @shanebp

    I wish I married a businessman. Then I’d have nice things. -Homer Simpson


    danbp
    Participant

    @danbp

    We’re all son’s of a Brachiosaurus!


    @henrywright

    Yabba Dabba Doo!!! – Fred Flintstone


    @shanebp

    Why can’t they invent something for us to marry instead of women? – FRED FLINTSTONE


    John James Jacoby
    Keymaster

    @johnjamesjacoby

    @danbp How many links do you think is appropriate? Happy to experiment with different values.


    danbp
    Participant

    @danbp

    @johnjamesjacoby,

    2 is very appropriate: one for a site url, one for a screen shot… or max. 2 spam link 🙂
    But for mods (only), it could be more depending the user problem, even if 2 seems to be ok in most case.

    But the warning msg, what ever the allowed links will be, is important.

    I published my answer and…nothing. So i first thinked i did something wrong, before i realized that it could be a new forum setting. Thought other user can think the same.


    Henry Wright
    Moderator

    @henrywright

    But the warning msg, what ever the allowed links will be, is important.

    Yep! It confused me that my post didn’t show up. I even submitted two or three times without success. Then it occurred to me my post had 3 links in it so that might have been the problem. A pop up message would have saved me trying to double or triple submit

    @danbp wrote…
    2 is very appropriate: one for a site url, one for a screen shot… or max. 2 spam link 🙂

    This is WordPress’ default setting /wp-admin/options-discussion.php and I tend to agree, 2 seems quite reasonable.

    @danbp wrote…
    But for mods (only), it could be more depending the user problem, even if 2 seems to be ok in most case.

    I’ve just added a patch to bypass this altogether for moderators as it is pointless moderating moderators topics/replies that the moderator can self approve!

    @danbp wrote…
    But the warning msg, what ever the allowed links will be, is important.

    A bit of background, there was a bug in bbPress that meant ‘maximum number of links’ was never actually being checked, thus we fixed said bug and now we see the results of said fix :/

    Included in those same checks is Comment Moderation and Comment Blacklist also at /wp-admin/options-discussion.php for when a topic or reply contains any of the listed words (e.g. name, URL, e-mail, or IP) then the topic or reply will be saved with the post status pending and held in the moderation queue.

    Currently if a match occurs from the “blacklist” a notice is displayed and the post is never created
    ERROR: Your topic/reply cannot be created at this time., this behaviour will not change and only keymasters/admins can bypass this.

    For the actual “warning message”/”notice” that is posted when either the max number of links or a word trigger from the “comment moderation” word list is triggered per @JohnJamesJacoby’s comment here:

    https://bbpress.trac.wordpress.org/ticket/1988#comment:3

    Having it be nondescript, and leaving it up to the moderation/admin team to review those posts and choose whether or not to publish them, seems the simplest approach for today.


    danbp
    Participant

    @danbp

    @netweb, thank you for these explanation Stephen ! 😉

    Glad to read some good news around this little problem.

    It would also be interesting to get all mods/keymaster reaction around this subject in the next days, or at least a clear reminder on how this support forum should/could be moderated.

    I’m also wondering if we could use some interesting plugins now, like buddy-bbPress-Support-Topic by @imath, and automated topic closing after 30 days.


    @mercime
    , @hnla, @shanebp, @henrywright, @djpaul, @JohnJamesJacoby
    let’s talk together ! 😀

    It would also be interesting to get all mods/keymaster reaction around this subject in the next days, or at least a clear reminder on how this support forum should/could be moderated.

    Fixing the said bug has thrown us in the deep end… I’ve got quite a few more moderator tools/updates to go in over the next couple of days that should help us out on both BuddyPress.org and bbPress.org 🙂


    Henry Wright
    Moderator

    @henrywright

    Hi @netweb – do @-mentions count towards the link quota? If so, then the current maximum of 2 seems too low. Else, I agree that 2 seems perfectly reasonable for non-moderators (and that any limit at all for moderators seems unnecessary).

    No, mentions do not count, only http, https, and ftp links are counted.


    Steve Valencia
    Participant

    @lonewolf95665

    I have been working with a wp firewall on some thirty domains and I have saved the blocked ips. There is a definite pattern of “some” people that try to login to the wp sites. We should probably have some kind of reporting system whereby we can identify, report and black list the culprits. ON some of the sites they are actually sent to a “/Blocked/ page with text that stated you have been BLOCKED! If you can tell my why I should unblock you fill out the form below. Thus far “none” have filled out the form. Just sayin….


    kykolka
    Participant

    @kykolka

    that sucks 🙁


    zorro1965
    Participant

    @zorro1965

    Are there any best practices for I can adapt for a new site I am starting to prevent bogus members just signing up to spam things.

    @zorro1965 Please search the forum , there have been many posts on the subject over the years that should help you. Open a separate thread if you have particular questions on the subject – this thread is informational really.


    shanebp
    Moderator

    @shanebp

    @johnjamesjacoby

    @netweb

    This is still an issue for me.
    Sometimes I can only post one link, sometimes 2, never more than 2.

    Any ETA on when this might be fixed?

    @shanebp I’ll try to get a patch up today and deployed.


    brianglanz
    Participant

    @brianglanz

    Sorry to read of it! but thanks for how well you’ve handled this.

    I touched up a BP codex page today without a problem, partly to confirm I still could. @hnla et al., does this mean I’m on the Codex Team? If so then thank you, nice if anyone who had already contributed still can.

    @brianglanz Yes if you have contributed before you should still have access, thanks for confirming though, and for contributing 🙂

Viewing 25 replies - 1 through 25 (of 27 total)
  • The topic ‘This is why we can't have nice things’ is closed to new replies.
Skip to toolbar