BuddyPress.org

Spam is generally only a problem if you have blog registrations on, spammers only care about creating and spamming on blogs. I think some work will be done on this, but it’s not going to be on the BuddyPress side.

Word. Patch it!

I’ve been having sign up spams (arguably a different issue) on my BP install, and just shut all signups down until I could figure out what to do about it.

Scouring the WordPress MU forums has made me realize three things:

1. Spamming is a huge problem for WordPress MU users

2. I’m betting that BuddyPress will/might have even larger problems due to the very nature of the beast (it’s all about users, right? Which is where the bots/spammers gravitate)

3. There are no sure-fire methods for preventing spammers

…well, there’s a fourth, too…

4. Many of the old hats on the WordPress MU forums are getting tired of explaining how to defend against so-called “splog” signup bots and spammers.

Just some observations, as BP just received its first official spammer. (Yes, I got the email too, and saw the small twitter firestorm this morning over it.)

Do you have any plugins other the BuddyPress installed? I ask because that is not at all the default .htaccess file configuration.

I’ve also been working on integrating a WYSIWYG editor for BP as well (but with image upload functionality).

Have tried nicEdit and DSRTE, but I’ve run into various issues with both, which is why I haven’t released it.

Xevo, tried to use jwysiwyg on another project a couple months back, but the last version then was from January 09 and didn’t play nice with the newest jQuery version. A quick look just now showed that it hasn’t changed. Haven’t had a look at the trunk though…

The first MAJOR flaw I see in this design, is that all it takes is one website to put up password stealing/sniffing code, and now you’ve given your twitter password to anyone with access to the sites malicious intentions.

OpenID and oAuth were designed very much to prevent the spreading or co-opting of passwords. Until recently many services like Twitter let other services accept their user passwords, but now oAuth routes authorization requests to the appropriate authority.

The second MAJOR flaw I see from a developers standpoint is that you as a site administrator no longer have control over the user data that is using your website.

I don’t really follow this, but I also don’t think he’s describing the situation very accurately.

I don’t plan on using Facebook for the rest of my life, so when I delete my account in a few years, that means I can no longer use your site without creating a new profile.

This is no different than, “what if I cancel my email account”

The nice thing about OpenID is that most good implementations will allow multiple ways of accessing the account (either multiple OpenIDs or the option of logging in with the native account username/email)

Also, if I’m logged into facebook on my computer, and close facebook, and then my girlfriend walks over

This isn’t unique to single-sign on services. Any time you fail to log-out of an account and give access to someone else, your account can be compromised.

Lazy is nice. I’m looking forward to see if they lazy part gets satisfied.

High fives all around then! Something for everyone!

Must be some end-of-year seasonal type holiday thing going on with all the PRESENTS!

@kimstipsen i’ll holler when it’s done. busy week tho.

I’ve spammed the user – please don’t re-post the messages in the forums since that sort of aids their cause.

I am sure Linda is a very pretty girl

@ roydeanjr: No, there’s no specific documentation about that yet. If you want to make a theme, make sure you know some theme building from the standard wordpress and check the buddypress theme/core files for the buddypress functions/template tags.

Thanks Andy, got it up and running on my local server.

Ran into something though, the random member page gives me the following error.

Fatal error: Call to undefined method BP_Core_User::get_random_users() in E:\wamp\www\wpmu\wp-content\plugins\buddypress\bp-core.php on line 929

See it running on http://80.56.54.214/wpmu/.

@ Andrea: As you can see people want the normal wp themes to be converted to bp themes, so it’s only good that your fulfilling their needs. Besides, we need more bp themes.

@Xevo

I was actually worried that the extra load might cause problems :p I took a break from refreshing the page endlessly and bought a coffee. Installing it now..Woo.

@ D Cartwright: What if you crash the trac before Andy can release the theme? lol

Oohh.. Time to spam F5 on the trac methinks

I would like to see Talkmore theme to be released first. Hope to see one of them comes out soon!

Good to see some new themes published!

May I ask something slightly off-topic? How did you get this done? I always have problems doing that outside the forums!

>>Forum Last 5 Discussions

>>How to change BP forum topic page like a normal forum page? (7) Last Post By: >>mercime Inside: How-To and Troubleshootings

>>Bp Dev Premium To Be opened soon (1) Last Post By: admin Inside: General >>Discussion/Announcements

>>Welcome to Buddydev Premium Forum (1) Last Post By: admin Inside: General >>Discussion/Announcements