BuddyPress.org

Hi Jeff, I can’t make the chat Wednesday as I’m going to be on a plane between London and Hamburg, but I wanted to add to this:

1. wp-recaptcha — I’m working with the developer of this plug-in so that we have one fork that works everywhere, BP included. Given that this is the topic, let me try to get that basic code up. Even with simple recaptcha support, there’s a huge decrease in spam signups. It seems not to solve the smartest scripts, the ones that send PMs (at least not on our site), so I think once we get one recaptcha working, making the “failed” recaptchas more intelligent to avoid these automated bots would be great. Thanks for the ideas above — this is great fodder — so I’d encourage people to get involved on the same fork so we can put this into action sooner rather than later. Let me post a separate update within the next couple of days.

2. Since PMs are a big problem, and this thread is getting very, very ambitious, why not at least begin testing this with a separate plugin? I’d like to at least see something that stops mass-mailings and highlights that user, as that’d be an easy way to weed people out, at least as more comprehensive solutions are developed.

3. Reviewing core is probably worthwhile. A mistake in bp_signup_validate’s code was being exploited by hackers. I know this is part of 1.2.4, but I went ahead and applied the diff attached to this (now-closed) ticket to our current 1.2.3 install:
https://trac.buddypress.org/ticket/2289
— this made a big difference. I wonder if anything else follows this pattern, and how we might hunt it down.

Grand, wide-reaching plans sound terrific, but I’d hate if that derailed some short-term fixes; seems we can have both.