Forum Replies Created
@pcwriter It’s weird. I tried a proxy server, and was still able to get to the signup page by typing in the url, which leads me to believe the htaccess change isn’t taking right. Is there anything that could be interfering?
I had another anti-spam idea: Would there be a way to require a user to have an avatar? What I’ve noticed is that all the spam signups have no avatars. Wondering if making that essentially the same as required profile fields would help.
So, I have a question re: the htaccess tweak to block spam registrations. If I type http://mybuddypressite.com/wp-signup into my browser, I should get automatically redirected to my GOAWAY page, right? If that’s not happening, am I doing something wrong?
Thank you so much, @pcwriter
I’ve been using IP banning now for two days, and that has virtually eliminated most spam signups. Much as I hate to go that route, it’s great to have something that finally works. Will make the htaccess and wp-config changes today, too. Thanks again.
@pcwriter, you rock. Going to try all of these. Few quick q’s:
1. With the list of bad blocks, you added all these to your HT access file? Is there any downside to having such a lengthy htaccess? Could you anonymize yours and post it?
2. What does “Added “deny from all” in .htaccess for wp-config.php” mean?
3. When you say you changed “register slug to something unrecognizable,” what sort of thing did you use? Garbledygook, or just something like “/whats-up”
I’m using a custom child theme, so the footer copy has been changed. At the risk of inviting more spam, here’s my signup page: http://injersey.com/join-injersey
I’ve got si-captcha, Humanity, alternate slug, htaccess tweak, and 2 required profile fields. At this point it’s just getting kind of absurd. There must be some kind of backdoor that’s letting them in. Like Matt ( @footybible ), every single one of these spam signups is registering for a sub-blog. Unlike Matt, I offer the ability to register for a town via the Group Registration Options plugin ( https://buddypress.org/community/groups/bp-registration-options/ ) developed by @Messenlehner. Worked pretty well until 2 weeks ago, when we started getting slammed every day at about 2am with spam signups and posts.
I deleted the registration.php file (and have the alternate slug). Still getting slammed with spam signups and posts. Switching to the si-captcha plugin (though I suspect that won’t do anything since the spammers are bypassing the reg form). Any other ideas?
I’ve got the Humanity plugin running on our site, with a semi-difficult question. Likewise, I’ve done the htaccess trick, register slug, and so on. Haven’t blocked CURL requests (how do you do that?).
I never configured bbpress for our site. Even if I haven’t done that, is it possible that register.php file is still lurking somewhere on the site? Are there any more drastic measures I can take? We’re getting killed every morning — not just with spam signups, but spam blog posts. Would blocking the offending IPs (quite a few) be a viable solution?
Here’s what I don’t understand: All our recent Spam registrations are completely bypassing the BP registration form. I’ve got a tricky Humanity plugin question on there, as well as several required fields. But when I look at the accounts the spammers are creating, they have none of those fields filled out.
Is there some kind of backdoor registration option in BP or WPMU? How are they getting in?!
Thanks, r-a-y. Do you have any idea what causes that error? Is there a separate BP table that shows which blogs a user belongs to?
This plugin is really sweet, but as Andy points out, it would be even better if we built some BP functions into it. I would love it if when you register you could map your name, location, etc to BuddyPress fields.
Has anyone come up with a good way for tackling this yet?
Is the method that @apeatling used in the bp-groups-externalblogs plugin a possibility? That does the good job of incorporating the sub-blog name into the activity stream
I’ve been getting pummeled with spam signups ever since the BP_REGISTER_SLUG stopped working throughout the site. I used R-A-Y’s idea of just having an .htaccess redirect. Just curious: If others have taken that approach, does it indeed cut down on spam signups?
I hadn’t checked out buddydev.com in a while. I like how the cb-addons allows you to get back the old sitewide stream. What I was truly hoping for, though, is a way to widgetize the interactive 1.2 activity stream, complete with the ability to post status updates. In my idea use for this, I’d want to add a group activity stream widget onto a blog. Haven’t dug into the code yet to see how difficult it would be to transplant the groups activity streams into a widget form, but I’m hopeful it’ll be something that we’ll be able to build out one day soon.
The irrationalgames.com example is exactly what I was thinking of. It seems to me that sites that incorporate some kind of graphic badge into their achievements systems get far more adoption than sites that do it with just text/email notifications. FourSquare, Hollrr, etc
I like @modemlooper’s idea to put the badges under a profile tab. I would also love to come up with a way to tap into this for my blog themes — so that users who have achieved different achievements would have those badges displayed with their avatar (a kind of way to display their authority and credibility).
Pretty awesome. Only suggestion would be that on the “Edit Picture” screen — the one right after you’ve uploaded — to display the picture that’s just been added. I often times upload groups of photos, and unless the file names are descriptive, you don’t always know which is the one you just added. Displaying the image on that screen would be useful.
I would kill for a widgetized version of the activity stream, sort of like how the old sitiwide activity widget worked. The ability to add a group activity widget, say, onto a blog sidebar would be extremely helpful to spurring community contributions.
I also wish there were a plugin to allow you to post to a blog from the core activity stream, as well as join blogs from the blog directory.
At first I wasn’t totally sure how useful BP achievements would be to my site, but with the rise of FourSquare and the popularity of badge-based achievements, it’s now clear that this is a phenomenal way to drive engagement.
DJPaul, do you think you’ll incorporate some sort of badge system, so that when somebody earns an achievement, you can attach an image or some kind of visual flair to trumpet their success?
I was able to get the default theme working by moving bp-default into the themes folder. I know that’s not how 1.2 is supposed to work, but the best I could come up with.
I’m having this same problem, I think. Since upgrading to 1.2, my custom BP_REGISTER_SLUG doesn’t work anywhere other than the root blog buddybar. Other blogs and login widget all direct to blank wp-signup.php page. http://injersey.com
maledei1, you made that edit to the theme.php file in wp-admin?
I really don’t want to mess with the core. Could this be a problem with WPMU 2.9.2?
I’m having this same problem. Has anyone been able to figure out why the blogs index isn’t showing in the classic theme?
I’m having this same problem when trying to upgrade tonight. Every theme displays “The active theme is broken. Reverting to the default theme.” when I try to activate. Using WPMU 2.9.2 and BP 1.2.1.
Agreed. H-mag is spectacular. I found myself spending the better part of the day poking around, earning achievements, looking through classifieds, figuring out how events work. Tried to get back to work, and here it is the evening and I’m back on h-mag spending even more time. You’ve really raised the bar, Simon. Well done!
Like, redyor, I’m dying to know how you did a bunch of these customizations — classifieds being one I’m most curious about. Is that a version of http://www.awpcp.com/ ? Something custom?
Yup, that was it. Added /groups/ to the list of strings that forces a page not to be cached. BP Twitter plugin works now.