Skip to:
Content
Pages
Categories
Search
Top
Bottom

Forum Replies Created

Viewing 6 replies - 1 through 6 (of 6 total)
  • @vanmurray

    Participant

    I modified the “Manual Approve” plugin by Matt Kern to work with BuddyPress (don’t think he published it to the WordPress repository). I think that may be your answer to approving manually. Just put it in mu-plugins.

    http://vanmurray.com/files/2010/06/bp-manual-member-approve.zip

    @vanmurray

    Participant

    @zlamczyk: I think we are trying to work on the same thing.
    https://buddypress.org/community/groups/how-to-and-troubleshooting/forum/topic/disable-activation-email/

    I am getting spammed (bad) and they are simply using the activation email to approve themselves. My thought was just do a manual approval to either “activate”, “send activation email” or “delete from wp-signup”.

    I have modified manual member approve for BuddyPress so I can see the signup table and manually approve members.
    http://mattkern.com/wpmu-manually-approve-new-members-on-local-install/

    I just need to stop the automatic sending of the activation email. Do you know how?

    I’ve simply tried commenting out the following line in wp-core-signup.php to test, but it’s not working.
    wp_mail( $to, $subject, $message, $message_headers );

    This is the function; but for some reason the activation email still goes out.

    @vanmurray

    Participant

    @hnla and @boonebgorges: I found this plugin a while back and modified it to work with BuddyPress. Let me know if you need it still.

    Anyone know how to stop sending the activation email? I don’t want to disable the activation function; I just want to stop sending the email automatically. I want to selectively send it. I figure I would just add this function to the manual approve plugin so I could either:
    Manually Approve
    Manually Send Activation Email
    Delete the Signup

    I’m getting killed with spam users (that are easily identifiable)
    https://buddypress.org/community/groups/how-to-and-troubleshooting/forum/topic/spam-blogs/

    @vanmurray

    Participant

    Also; each “blast” of spam users/blogs appear to come from different IPs, but the username always has a 7 digit number pattern after a random name. They all appear to come from “.info” email registrations.

    These registrations are bypassing the public registration form requirements somehow, but I believe they are legitimately activating their account (since I’ve had delays after disabling the registration form). There are entries in both _users and _signups tables that match.

    Hope this helps if anyone else is having this issue. I’m open to any temporary solutions for this particular pattern, but more importantly is there a good way to solve this long term?

    Is there a way to manually approve members? Maybe some step in between that would allow a manual send of the account activation email?

    @vanmurray

    Participant

    Update: After several days of manually adding users with a form (that matches the registration form); I attempted to re-enabled registrations. Immediately I got 2 new spam users and blogs.

    New User: terrence1603615
    Remote IP: 65.75.250.92
    terrence1603615@LIEMAIL.INFO

    New User: cooper7790557
    Remote IP: 65.75.250.92
    cooper7790557@THEINBOX.INFO

    This is only happening on one of my installs (http://anglersites.com). Running WPMU 2.9.2/BP 1.2.2.1. My other install (http://fellowmoms.com) is running WPMU 2.9.2/BP 1.2.3 and is not having this issue.

    Any reason to think BP update would resolve this? Looks like current version is 1.2.4.1.

    Is anyone else experiencing this? Looks like disabling the registrations stops it; from my previous post these were delayed notices. As soon as I disabled registrations again, I recieved a flurry of “Password Lost/Changed” for a couple users (one of them was an active user that was not newly created). I marked this user as spam.

    Surely someone else is getting hit?

    @vanmurray

    Participant

    I have a couple BuddyPress installs. The older of the 2 has received 150+ spam member registrations (and blogs) this weekend. All create members like bob45873675 and “Bob’s Blog”.

    I have changed slugs, activated recaptcha and followed several blog posts on best practices. What’s interesting is they are somehow bypassing my registration page. I have required fields and have removed the “create a blog” from the registration page; but somehow they manage to create an account and a blog. I also receive “lost password reset” email notices for each account that is created, so maybe that’s a clue to where the issue is.

    I was so fed up with it, I disabled registrations completely (only allowing blog creation by logged in users) — and I’m still getting new spam members and blogs (how is that possible??) This seems to be a pretty serious security issue that is different from previous “splogging”…

    Vulnerability/hack in the registration or lost password, etc…?? I presume this could be WPMU not necessarily BP?

Viewing 6 replies - 1 through 6 (of 6 total)
Skip to toolbar