BuddyPress.org

@hnla I know that there will be a segment of the population who will be prevented from joining because I am blocking IP addresses. But, I want/need these prevented in the first place and I do not understand why this is not addressed in the core and has to be something I must “hunt through the forum threads to reducing spam signups”. Its not like this is an unknown issue.

Besides, I HAVE searched for “reduce spambots” “reduce fake sign ups” “Reduce and reducing spam sign ups” with zero results.

What I have to ask is “Why?” and “How?” are these spambots accessing and creating users? I have one site that uses WP multisite with BP and there’s a great plugin “BP Registration Options” that works well enough to grab and display all new member requests and displays IP addresses; which I then add to WP-Ban. Its taken a month but I am now down to a dozen or so spambot signups per day.

Now, I have another WP/BP site that is NOT multisite and “BP Registration Options” does not work the same. BUT I copy the IP addresses from the one and paste it into the “WP Ban” of this site. However, I am still 100+ spambot signups per day. So, I have a plugin “Pending Activations” (which doesn’t work in multisite) but this plugin does not display the IP address of the offending spambot signups. Thus, my battle with the signups continues …

So … How are the spambots signing up? Why does the registration form not have CAPTCHA? and how can we stop them from signing up?

“how to disallow bots to follow signup link?”

Put a nofollow, noindex on it, right in the theme where it is linked. And change the default text that is linked. If you look at your access logs and your visitor stats, you’ll see they basically google for you.

@imjscn try hunting for a plugin called KB robots text it allows you to edit the WP robots text from the dashboard and might be handy to have available.

#2 stops bots following the link on other pages, but BP spammers come without a reference page. They know which link is BP register page. I’m not sure if there’s another way for BP.
Jenny this is why I said or mentioned adding a referer trap in .htaccess. Yes bots do link directly so you disallow any direct links that do not contain a referer in the header get request

True search here is a chore

Robots.txt is a file that lives in the root document directory of a site, however I seem to remember issues in the past adding one as WP might be trying to add it’s own one?

What results – if any do you get from running:

http://example.com/robots.txt (your site name obviously)

@imjscn Jenny have you tried googling on ‘nofollow’ links? before asking Andrea_r how to do this or better still have you implemented my advise earlier in the thread for a robots.txt file implementation? and other tip/s?

It’s important to tell us what you have tried other than add plugins – not everything is solvable using plugins and this aspect really requires a few approaches as has already been said.

Did you track down any of the threads on this support forum that go into great detail on the various approaches one can take, a good one is to set a referrer trap in .htaccess so that direct linking to the register page is prevented and register will only accept requests that have an accompanying referrer in the header that comes from your site – mentioned in one of those threads with example code iirc

it’s no solution and pointless running as yet one more plugin, this is simply a Order Allow Deny Apache directive and would be placed in you httpd.config file preferably or in your .htaccess and then list IP or domains to deny. Blocking IPs isn’t something that should be done lightly as it can have repercussions and is only effective on domains if there is one specific troublemaker these spam bots use spoofed domains they will change on the fly so little point trying to block them.

Preventing spam is a multi faceted approach and the many areas and things that need to be done covered at length on the support forum, you need to use all of them to effectively reduce spam and if possible don’t let people sign up for blogs from the sign up page

@arezki … so … does this plugin block attempts to sign up? How does it determine if something should be blocked? I looked at the plugin file on WP.org and it isn’t very specific. I can go into my server cpanel and block IPs all day long and I still get tons of spambots. I get user activation keys and blog setups with out a spambot actually doing the compelte process. grrrr.

have they checked their junk mail / spam folders?
If your users aren’t happy about this, just wait until they start using it – lol it’s a crude work in miserable progress imho – the signup issueS are just the beginning. I would consider buddypress more of a hobby thing for those who want to spend long hours in multiple forums trying to hash out why everything does not work well together. You will find spam robots have no problem signing up and activated dozens of accounts daily. Once your users actually get activated they will have a great time trying to sort out real blog posts from spam, they may wish they never signed up in the first place – especially if they create their own group.

Disallowing bots to follow the signup page link (nofollow on the link), changing the default signup slug and adding new profile fields really really does help. And no plugins either.

@modemlooper Check out this guy’s post regarding a blackhole setup for search bots that don’t respect robots.txt: http://perishablepress.com/press/2010/07/14/blackhole-bad-bots/ Could easily be modified to to do what your talking about regarding the default register slug.

And do any of these bots respect and observe robots.txt file? in which case id them from your server stats and block that url although that should be blocked already really.

You could go the Apache Allow/Deny directive in .htaccess?

You should robots.txt exclude these files

Thanks. How do you know if there human or bots?

The code from this post is the correct one:
https://buddypress.org/community/groups/how-to-and-troubleshooting/forum/topic/buddypress-spam/?topic_page=3&num=15#post-69499

Replace example.com with your sitename.
And yes, it works just fine on my site; no bots are getting through
But lately I’ve been getting slammed by human sploggers. That’s a tougher nut to crack.

isn’t this Tasty Kitchen full of bots?…those housewifes have very strange usernames

A great way to stop bad bots is the Bad Bot Eliminator script http://www.marcelboast.com/badboteliminator/
It stops bad bots dynamically by blocking IP addresses.

*Mod note: Disclaimer – this script is a paid script

Hi, I am interested in people who are NOT login in (ie people browsing) to be able to send an email to a member from the member profile page. I was looking for a way to put an email form that does not show the members mail in the code, so it can’t be seen by bots or in the source. I considered trying to use the private messaging system in buddypress. Anyone have any ideas?
Essentially, Members pay to be on the site and set up a profile. Regular people (customers) can contact them without knowing the email of the member.