BuddyPress.org

Thanks Andrea I didnt even realise that other users could add new users, because I was also wondering how they were spamming me even after I disabled registrations.

I feel kind of sorry for the spammers, because if we all put our heads together they won’t have anymore sites left to spam. I still wonder why they are attacking buddypress, is it to drive users to other platforms? Enemys of Buddypress?

So far I have built a list of domains, most of them are .info or .co.cc in otherwords free domains and of course some .com domains. They get clever and get a user to sign up with gmail every now and then to trick me. So i just ban the Gmail users and send them an email from my personal account asking them who they are if they look legitamate. Luckily for me I am in South Africa and its easy to spot non South African “culture” in terms of the types of names and usernames of members.

I have also checked where the IP addresses come from and most are coming from the United States ( do they use proxy servers and could the be from elsewhere in the world) Some IP addresses are also from Sweden.

Btw, I was also angry and blamed the devs for this problem but the more I devote time to looking at the more I am starting to realise that no matter what BP devs do the spammers always try new things and if the devs had to devote lots of time to fighting spam all the time they would never have a chance to improve buddypress and sort out bugs that come along. And if they didnt sort out the issues we would be even more upset.

So I think the fight against spam is in our hands the users, it will also help us learn more about being better webmasters. Its also the least we could do to help give back something in exchange for a product that we are getting for free and that could quite easily be charged for. We need to stop expecting things for free and in our laps and learn to be greatful for what the developers of open source software are putting in and giving away for free.

I wonder where the spammers get the time to figure out ways to spam sites is there like a spam university or something lol

On my site I even disabled registrations and I still two splogs appear after that, which is very confusing for me indeed.

I can see one problem with sharing info on this forum about fighting spam, and that is that it will give the spammers the info they need to come up with counter attacks. I propose we start a spam eater group where we can share spam info behind the scenes, in fact I am going to start it now, not a perfect solution but still one that could work. What do you guys think?

https://buddypress.org/groups/spam-eater

Its a private group but anyone is welcome to join.

@emilywebber, thanks for the reply! So, I looked in my WordPress Dashboard Settings (Dashboard > Settings > General) and I don’t have a setting for allowing user registration. I think it was moved in WordPress Multi-User to this menu: Site Admin > Options, where I have these choices:

* Disabled

* Enabled. Blogs and user accounts can be created.

* Only user account can be created.

* Only logged in users can create new blogs.

Selecting “Enabled” or “user account can be created” doesn’t fix the issue.

@Sunset Cowboy, no that didn’t help. The BuddyPress 1.2 theme (appropriately) doesn’t show the link to users who are logged in. Logging out and clicking on the “Create New Account” link still just redirects to the homepage.

Is there something else I’m missing? Perhaps some other setting? I’m thinking of shutting off BuddyPress and trying to create a new account in just WPMU.

Thanks,

K

Still not working. I did find the filter itself in the file /plugins/buddypress/bp-core/bp-core-activation.php:

add_filter( ‘wpmu_welcome_user_notification’, ‘bp_core_disable_welcome_email’ );

I suppose I could just delete that line to remove the filter, but then every time BP is updated it’ll probably get overwritten and I’ll forget all about it. Not sure why your filter hook didn’t work. Any ideas?

Thanks a million for your help — I really appreciate it.

Any suggestions on this anyone? I’m still debating splitting my main news site from the community site but just wondering which one makes more sense and is easier to integrate with gigya. Should I let people register on my community site and disable registration on my main blog and just let a plugin add the users to the main blog or should i use gigya wp plugin to let people hit wp-login? I think that’s more my concern is which one is more secure. My other question is since the gigya plugin lets you create users when logging in, does that actually completely bypass the registration page from bp with all its fields?

Thanks for the help anyone.

@mercime – You my friend are the saviour of the blogosphere! Thank you so much!

Changed to 2 blogs allowed and it works – however….

Now it brings up the other issue (not life threatening), when they subscribe for a new blog it removes their role on the main blog. Which now means they can still create another blog – so essentially they can have two blogs if they want – I have searched and it seems like other users have this issue, please post an issue if you find one, but for now this problem is considered fixed! Thanks so much mercime!

1. WordPress MU 2.8.6

2. Directory

3. Root

4. Yes, 2.8.4 I believe

5. Yes

6. 1.1.3

7. 1.1.2

8. Yes, a lot, however they were installed previously

9. Customised

10. Slightly in regards to avatars not working

11. no

12. bbPress built-in

13. Few errors but nothing that I believe relates

14. Hostmonster

Seems that only fixed the admin panel problem.

However it’s throwing up errors on the front end now.

To be honest I think this plugin is maybe outdated.

I’ll list here my site’s configuration, and what errors I’m getting in-case anyone fancies making this plugin work as it should.

OK.. Groups and Blogs are disabled site-wide (Except for the main site blog).

The setting “Allow new registrations” is set to “Only user account can be created.”

And “Registration notification” set to “Yes”

1st problem (As previously mentioned in this thread)… When I go to the admin panel and try to edit the options for the plugin, and hit save, it throws up the errors that I posted here:

https://buddypress.org/forums/topic/moderate-members?replies=1#post-33514

I managed to get rid of those errors by doing as mentioned here:

https://buddypress.org/forums/topic/moderate-members?replies=1#post-33517

However… it turns out that was not a fix for the plugin, so I reverted the file back to original state.

OK, I couldn’t edit the emails that would be sent out due to those errors, but I could of worked around that (editing within the file itself)… so I continued to the next step, which was to try and create a new account, to see if the plugin actually done what it’s supposed to.

After entering all my required fields, and hitting the submit button, I was taken to the upload avatar page. I was also shown the “Check your email address for your activation email” notice. Also, at the top of the page these errors appeared:

Warning: implode() [function.implode]: Invalid arguments passed in /home2/puezq/public_html/mysite.com/v2/wp-content/plugins/bp-registration-options/bp-registration-options.php on line 639

Warning: implode() [function.implode]: Invalid arguments passed in /home2/puezq/public_html/mysite.com/v2/wp-content/plugins/bp-registration-options/bp-registration-options.php on line 642

Since I know only very little php, I had a look to see what those lines were in the plugin php file, but done nothing with them. Here are those lines:

639 $bp_groups_str = implode(",", $bp_groups);

642 $bp_blogs_str = implode(",", $bp_blogs);

So I’m guessing these errors are showing because I have blogs and groups disabled on the site?

However the plugin php file is full of terms relating to blogs and groups, so I saw no point just removing those lines from the file as other errors would appear from somewhere… surely?

Anyway, to see what happened next- I then uploaded an avatar, successfully. The errors at the top of the page disappeared when it was uploaded.

I then clicked on the activation link in the email I received, and logged into the site. I was able to EDIT my profile and browse the site pages normally, but not able to view member profiles, my own public profile, or even view the members search page.

I then received an email saying there was a new member registration (to my admin email)… and the notice also appears in the admin panel saying there’s a user awaiting moderation.

And that’s where Im at.

Come to think of it, and after having read through this post several times now- It seems that the plugin’s actually working… with the exception of those errors that are flagging up in the admin panel (when editing the emails that will be sent out), and at the top of the front end page. Hopefully one of you guys can tell me how to get rid of those errors… or at least the ones on the front end.

This truly does sound like a fantastic plugin, but with non-existent support at the forum link in the README.txt file, I think it can only carry on living if one of you geniuses are willing to fix the bugs.

Unless anyone knows of another plugin that will allow new member moderation? (I have searched, but couldnt find anything).

Found this in bp_core_activation.php:

/***

* bp_core_disable_welcome_email()

*

* Since the user now chooses their password, sending it over clear-text to an

* email address is no longer necessary. It's also a terrible idea security wise.

*

* This will only disable the email if a custom registration template is being used.

*/

function bp_core_disable_welcome_email() {

if ( '' == locate_template( array( 'registration/register.php' ), false ) && '' == locate_template( array( 'register.php' ), false ) )

return true;



return false;

}

add_filter( 'wpmu_welcome_user_notification', 'bp_core_disable_welcome_email' );

So I guess I could just remove this function?

Is sending that password really such a “terrible idea security wise”? Are criminal gangs intercepting these emails to break into WordPress accounts?

EDIT: Yes, removing that function works. A regular WPMU welcome email is sent.

But the password in the email is eight numbers instead of the eight letters password I’d entered. Why?! Does Buddypress do its own encryption on the password? Does it use other tags or “placeholders” or whatever they’re called to call the password?

Going to sit in a corner and cry…