Search Results for 'number of members is wrong' · BuddyPress.org

Skip to:: Content; Pages; Categories; Search; Top; Bottom

Search Results for 'number of members is wrong'

Viewing 25 results - 1 through 25 (of 31 total)

Author

Search Results
October 9, 2024 at 1:23 pm #335282

Topic: BBpress / Buddypress – Group Forum links to wrong forum

in forum How-to & Troubleshooting

daihlo
Participant

Found an issue.

I have several Groups with Forums made, then if I make a Group and select not to have a forum on that group, the ‘forum’ tab will still show and will link to whichever forum is my first one created.
This happens with any group that does not have a forum.

Even worse, the first forum I have created is part of a private group which should be for members of that group only.

This forum shows on the forum tab in any group that does not have a forum and even allows others to post within it this way!

I have looked up this issue in lots of dated posts and found no solution even though finding it being a long stranding issue for a number of people…

Please help as I am aiming to launch my site this month but will have to remove BBpress if cannot fix this.

Thanks

October 9, 2023 at 3:49 am #331543

In reply to: Let’s prepare the BuddyPress 12.0.0 next major release

AWOL
Participant

Unrelated to my earlier posts, I was doing some debugging on another plugin, and was getting a lot of warnings and deprecated messages regarding a couple of BP functions, most of which I have been able to track down in my code; however one in particular persists, as follows;
PHP Deprecated: Function bp_core_get_user_domain is <strong>deprecated</strong> since version 12.0.0! Use bp_members_get_user_url() instead
It would be useful for me, and I am sure others, if the full list of deprecated functions is made available, as well as anything that uses them, because several of the ones I was using were not the exact function appearing in the debug log, but changing them (because I thought they might be the ones triggering the warning or deprecated message) did cut the number of messages in the debug log. I still don’t know for certain though. It would also be useful to have a complete list of available functions and what they do, particularly those that would be commonly used, all in one place – if this is available already, I can’t find it, so apologies if that is the case. Previous changes, inconsistencies and the sheer amount of old information that is still out there, including these forums, makes it extremely difficult to find the right function in the right circumstance, which I assumed, perhaps wrongly, was a part of why the new Buddypress is needed.

November 21, 2019 at 8:09 pm #309112

In reply to: Wrong User counting

webmasterfreya
Participant

Can confirm this looks odd.

Alle leden 2.651 (all members -> of groups ?)
Mijn vrienden 3

Sorteren: Alfabetisch

Ledenoverzicht
Je bekijkt 1 – 20 van 3.325 leden (all users )

Dashboard :
Alle (3.325) -> all users
Participant (2.651) -> buddypress groups participants.

If i search members (as admin) for a non group participant it does show up.

However logging in as normal user (member of 2 groups) the total count is 2651 and non group participants don’t show up, which makes perfect sence.
However sorting alfabetcally indeed returns the number 3.325. And searching a non participant does now show up.

Something seems wrong indeed.

November 18, 2019 at 10:56 am #309054

Topic: Wrong User counting

in forum How-to & Troubleshooting

bobafotz
Participant

Hello everyone,

I encountered a weird behaviour on the total number of user :
In my dashboard, I have a total of 698 users. On my “Members” page, the total number indicated is 597. But, if I set the filter from “Active recently” (where i have 597), to “Alphabetical order”, the total number indicated goes up to 698 users.

What is happening and how can i have the right number of users ?

Thank you very much

Bobafotz

October 16, 2019 at 8:08 am #308480

Topic: Recover member counters

in forum How-to & Troubleshooting

asknotensions
Participant

we emptied out some spam memberships from your database, and we need to know what happens next to update the count on the activity page.

The registration on my website is showing the wrong figures as 112904 members the link for that page is activity page. It should be correct and we have also use repair logs but the number is still visible. How to solve the counter or reset it.

August 19, 2019 at 5:26 pm #307431

Topic: How to remove unnecessary items in profile pages?

in forum How-to & Troubleshooting

johnsag
Participant

Some time ago I updated the buddypress component, and now the member profile pages come out wrong.

The information I earlier had in this pages is listed as a separate column under the cryptic heading “View Base”, while a number of entries have been added on the left hand side “Profile, Groups, Docs”

I want to remove all of this except the personal data fields. How do I do this?

I want to remove “View Base” and “Profile, Groups 3, Docs” in all profiles like this: http://gamephilosophy.org/members/margarita/

Hope someone can give me a tip..

January 1, 2018 at 4:44 pm #269865

Topic: Display more than 20 members per page

in forum How-to & Troubleshooting

dolf h
Participant

Hi there! I ‘m trying to change the number of members per page. I changed the bp-members-template.php from 20 to 150 and I added <?php if ( bp_has_members ( ‘per_page=150’ ) ) : ?> to the members.loop.php but without succes. What am I doing wrong? Do I have to change another template?

January 25, 2017 at 6:29 am #263162

Topic: Show Name Of XProfile Field that is in error when set to required

in forum How-to & Troubleshooting
bcanr2d2
Participant
I am trying to show the field/fields that are required, but do not have any data.

The following works when they are not set (during the members first visit to the site)
```
//Check For Mandatory Profile fields - 
$has_profile_pic = get_user_meta(bp_loggedin_user_id(), 'has_avatar', true);
$has_cph_maxtopay = xprofile_get_field_data('Cost Per Hour');
$has_age_ranges = xprofile_get_field_data('Age Ranges Of Children Able To Sit');
$has_age = xprofile_get_field_data('Age');
$has_suburb = xprofile_get_field_data('Suburb');
$has_mobile = xprofile_get_field_data('Mobile Phone Number');
$has_gender = xprofile_get_field_data('Gender');
$member_type = xprofile_get_field_data('Member Type');

//Check to see if profile items are set 
//If not get error on screen to display
if (empty($member_type)) {
$error = $error + 1;
$error_text = $error_text .'<li>Member Type</li>';
} else {
if (empty($has_cph_maxtopay)) {
$error = $error + 1;
$error_text = $error_text .'<li>Cost Per Hour/Max To Pay</li>';
}
if (empty($has_age_ranges)) {
$error = $error + 1;
$error_text = $error_text .'<li>Age Ranges Of Children Able To Sit/Age Ranges of Kids</li>';
}
if (empty($has_age )) {
$error = $error + 1;
$error_text = $error_text .'<li>Age</li>';
}
if (empty($has_suburb )) {
$error = $error + 1;
$error_text = $error_text .'<li>Suburb</li>';
}
if (empty($has_mobile )) {
$error = $error + 1;
$error_text = $error_text .'<li>Mobile</li>';
}
if (empty($has_gender )) {
$error = $error + 1;
$error_text = $error_text .'<li>Gender</li>';
}
```
I know I’m probably using the wrong function, but the xprofile_get_field_data will return the currently saved item for a user. Hence the reason why it works so well on a new user, the fields are emtpy. I want to check on the unsaved data when they click on save as well, so that I can show them what field is in error, and also highlight the field as well, so they can be guided visually to fill it in.

IE They clear their cost per hour value, and I want to tell them it’s empty, and not just the generic Please make sure you fill in all required fields in this profile field group before saving.
Let me know where I am going wrong with this.
January 24, 2017 at 3:59 pm #263148

In reply to: the number of members is wrong

danbp
Participant

Hi,

Why ? Don’t know!

Have you an unique page for “members” and “groups” ?
Have you permalinks activated (and not “default”) ?
Are you on a regular or multisite install ?
Have you searched the forum before asking ?

https://buddypress.org/support/search/number+of+members+is+wrong/

For a possible solution, read for example:

[Resolved] Wrong member count

November 23, 2016 at 2:08 pm #261290

Topic: Groups slug, members and behavior

in forum How-to & Troubleshooting

Theodor Rehtisch
Participant

Hello everyone,

I’m experiencing some strange behavior of the BuddyPress 2.7.2 Groups.

First of all, the call
$bp->groups->slug
returns the wrong slug. It should return ‘gruppen’ but still returns ‘groups’. The slug of the page was set to ‘gruppen’ and the page has been set as the groups page.

Second, the number of members in a group is incorrect. I got a group with 3 members in it, but in the backend (on the groups page) and on the frontend it says that there are 4 members.

Third, after the last update some users complained that they wont see all the groups they’re in. I checked that in the backend, the users are still registered in their correct groups, so the frontend output is messed up.

What could have gone wrong? Is the database damaged?

October 24, 2016 at 3:34 am #260205

Topic: [Resolved] Wrong member count

in forum How-to & Troubleshooting

idpokute
Participant

Hi, I’m new to BP, and I’m running WPMU.
I meet a strange situation.I saw some thread about member count, but there weren’t solutions.

My test site shows “All Members 10” in Members page.
This is strange, because there are 7 users in the ‘WP_Signup’ table and 9 users in the ‘WP_Users’ table. I thought BP might pull the number of users from WP-user table, but I’m still curious why it’s 10 not 9.

I’m guessing BP has its own cache system. Does anyone have idea?

June 12, 2016 at 3:27 pm #254470

Topic: How to Count Custom Post Types in Nav Tabs?

in forum How-to & Troubleshooting
3T_MJ
Participant
I added a Post Tab to my Buddypress Navigation Tab Menu which displays the latest Posts and Custom Posts for each user.

Now I want to add the total number of all Posts (standard wordpress posts and CPT posts) but only standard posts get counted. What am I doing wrong?
```
function bpck_post_profile_setup_nav() {
	global $bp;
	$parent_slug = 'post';
	$child_slug = 'post_sub';

    $post_count = count_user_posts(  bp_displayed_user_id(), array('video','discography','post' ) );

	bp_core_new_nav_item( array(
	'name' => 'My Posts <span>'.$post_count.'</span>',
	'slug' => $parent_slug,
	'parent_url' => $bp->loggedin_user->domain . $parent_slug.'/',
	'screen_function' => 'profile_page_show_screen',
	'position' => 40,
	'default_subnav_slug' => $child_slug
	) );
	}

	function profile_page_show_screen() {
	add_action( 'bp_template_content', 'profile_post_page_screen_content' );
	bp_core_load_template( apply_filters( 'bp_core_template_plugin', 'members/single/plugins' ) );
	}

	function profile_post_page_screen_content() {
		do_action( my_profile_post);
	}
add_action( 'bp_setup_nav', 'bpck_post_profile_setup_nav' );
```
What’s even more confusing if I add
```
function my_custom_userpostcount() {
echo '<span>' . count_user_posts( bp_displayed_user_id(), array('video','discography','post' ) ) . ' Posts</span>';

}
add_action( 'bp_before_member_header_meta', 'my_custom_userpostcount');
```
to the user header, the total count number is correct, it counts all post types in the array.

Don’t know what I’m doing wrong.
November 27, 2015 at 11:01 am #247219

Topic: Incorrect all member number count

in forum How-to & Troubleshooting

Jrzwv
Participant

Please i need help, all member count on my website is showing 3 instead of 1. i am the only registered member. i have checked my database to see that i am the only one registered. i have deactivated all plugins and changed my theme to Twenty Fifteen but still showing the wrong number. Please i need help i am going crazy here

wordpress version: 4.3.1–en_GB
buddypress version: 2.4.0

link to my site

October 28, 2015 at 2:48 pm #246094

In reply to: Hide All Admins from All Buddypress Activities
splufford
Participant
Hi, struggling to get any of the the code in post #190874 to work. I have created a bp-custom.php file which I have uploaded to the root of the buddpress folder and my code looks like this:
```
<?php
// deny access to admins profile. User is redirected to the homepage
function bpfr_hide_admins_profile() {
	global $bp; 
	if(bp_is_profile && $bp->displayed_user->id == 1 && $bp->loggedin_user->id != 1) :
		wp_redirect( home_url() );
	exit;
	endif;
}
add_action( 'wp', 'bpfr_hide_admins_profile', 1 );

// Remove admin from the member directory
function bpdev_exclude_users($qs=false,$object=false){
    
    $excluded_user='1'; // Id's to remove, separated by comma
	
    if($object != 'members' && $object != 'friends')// hide admin to members & friends 
    return $qs;
	
    $args=wp_parse_args($qs);

    if(!empty($args['user_id']))
    return $qs;	
	
    if(!empty($args['exclude']))
		$args['exclude'] = $args['exclude'].','.$excluded_user;
    else
		$args['exclude'] = $excluded_user;
	
    $qs = build_query($args);

    return $qs;
	
}
add_action('bp_ajax_querystring','bpdev_exclude_users',20,2);

// once admin is removed, we must recount the members !
function bpfr_hide_get_total_filter($count){
    return $count-1;
}
add_filter('bp_get_total_member_count','bpfr_hide_get_total_filter');
// hide admin's activities from all activity feeds
function bpfr_hide_admin_activity( $a, $activities ) {	
	
	// ... but allow admin to see his activities!
	if ( is_site_admin() )	
		return $activities;	
	
	foreach ( $activities->activities as $key => $activity ) {	
		// ID's to exclude, separated by commas. ID 1 is always the superadmin
		if ( $activity->user_id == 1  ) {			
			
			unset( $activities->activities[$key] );			
			
			$activities->activity_count = $activities->activity_count-1;			
			$activities->total_activity_count = $activities->total_activity_count-1;			
					$activities->pag_num = $activities->pag_num -1;				
		}		
	}		
	// Renumber the array keys to account for missing items 	
	$activities_new = array_values( $activities->activities );		
	$activities->activities = $activities_new;	
	
	return $activities;
	
}
add_action( 'bp_has_activities', 'bpfr_hide_admin_activity', 10, 2 );
?>
```
Not sure what I am doing wrong. All help gratefully received! Thanks
May 13, 2015 at 2:16 am #239019

Topic: Wrong Member Count

in forum How-to & Troubleshooting

IHaveToDoThis
Participant

Hey all,

The “members” tab on my site-wide activity stream is showing the wrong member count and member are not showing up in the members list. It says 22 on BP, but according to my WP dashboard subscribers list I have 28.

I had two new registers in the past hour and neither one will show up in the members list on the front end although they do show up in the backend. The activity stream does show they registered as a member as well. I just did a major design change but I’ve been creating fake accounts and they showed up the member list although I didn’t notice the number glitch until today.

What could be going on that new registers would populate under members two days ago with no changes but not today? I did remove my caching plugin (W3) because it was glitching the HTML on my registration page. But I’m not sure how not having a caching plugin would interfere with how BP runs.

I’ve been digging around the members-functions file but I honestly don’t know where to start. Any pointers. I want to get this fixed asap, as you can imagine.

February 23, 2015 at 5:36 pm #235042

In reply to: Adding new 'Order By' on members loop

ch1n3s3b0y
Participant

@shanebp – Thank you this works really well. Weird, bug though. If you use the text search box, this breaks the pagination (without me editing any of your code). I’m guessing it has something to do with the URL parameters?

?s=examplesearch&members_search_submit=Search

This doesn’t break the pagination on the first page, but on page 2 and then when clicking back to page 1. The label displaying the number of members etc. is wrong and also the number of results per page is then wrong as it displays all results.

Interestingly, is it not possible to pass additional parameters either via members-loop.php? e.g.

if ( bp_has_members( bp_ajax_querystring( 'members' ).'member_type=expert' ) ) :

or via your code in bp-custom.php? I’m thinking I’m getting something mixed up when trying to add these additional parameters. It’s because I wanted to make use of the new ‘member_type’ in the latest version of BuddyPress but using a ‘member_type=exampletype’ doesn’t seem to work.

June 12, 2013 at 5:47 pm #165867

In reply to: Members count missing 1/5 of the actual number?

bp-help
Participant

@jaemaz
Most likely the reason for that discrepancy is because the users may have activated their account but have yet to login for the first time. I think this is default behavior but I could be wrong. I have noticed they do not get added to the directory until they login the first time.

June 8, 2013 at 9:03 pm #165615

In reply to: Idea: Stopping Spammers with Sandbox

shanebp
Moderator

>how is this ‘too complicated’?
Can you code it?
How would you explain it to membership?

>the user doesn’t know that they are in a sandbox
lol, and that won’t lead to a flurry of support submissions?

For public sites, there has to be a balance between driving membership numbers and ‘protecting’ existing members.
An abuse / spam flag system strikes that balance & members will recognize it & admins only deal with flags. If admins handle the flags in a timely fashion, the membership response will be very positive.

Your idea is kinda interesting, but dev’ing a generic solution will be impossible.
If you release it as a plugin, damn near everyone using it will ask for some kind of tweak.

That said, prove me wrong, please!

March 13, 2013 at 2:43 pm #156273

In reply to: Install failure with large user base

Hugo Ashmore
Participant

@emeraldryan Their advice was wrong, why come here, what are we to suggest? You have a huge user base they are saying their server config can’t handle the processes being spawned /run or timing out trying to load those members, this is a server issue, and even if it’s a case that BP may not be well written in terms of caching member objects that for the moment is how it works.

Are these all genuine members as it is a surprisingly large number, few independent social sites do truly ever get anywhere near those sorts of numbers.

August 14, 2012 at 7:10 am #139356

In reply to: Theme crash on updating to latest BuddyPress plugin

richardpd
Member

Did you check the link I gave?
Here is the post from that link:
“Not a bbPress problem. Looks like your theme is a child theme of BuddyPress’s bp-default, and it uses hardcoded relative paths in its @import rules. Any number of things could be going wrong here, but it wasn’t updating bbPress that caused this to happen.”

This reply is blaming the problem on BuddyPress & not bbPress. Surely both bbPress & BuddyPress should integrate together?
So whether it was bbPress or BuddyPress plugin update that has caused my theme to lose its format does anyone know how I can fix this please?

June 6, 2012 at 1:48 pm #135518

In reply to: Cant get bp_has_members() parameters working when using a variable

shanebp
Moderator

Your syntax is wrong. Variables can’t be in quotes. You have to build your parameter string.
Sometimes it’s less confusing to build it ‘outside’

`
$the_members_you_want = “include=” . $filtered_users . “&max=” . $dm_number . “&type=random”;
if ( bp_has_members( $the_members_you_want ) )
`

August 21, 2010 at 9:29 am #89895

In reply to: BuddyPress Presentation at WordCamp Utah (and Las Vegas)

Roger Coathup
Participant

@crashutah:

As @djpaul says live demos are the modern day equivalent of “don’t work with animals and children”. Great if you can make it work, but so many opportunities to go wrong.

You are talking about why it rocks, not an installation tutorial, so I’d also steer clear of any talk about platforms and servers. As @mercime points out, showcasing is where it’s at if you want to talk rocking.

I’d go with the following structure:

1. Whet their appetite with a quick showcase of a few real world sites

Use different types of sites – I see 3 main types in practice:- just niche social networks, pretty much the default BuddyPress with a little bespoke styling; complimentary ones where the niche social network is still obvious but there’s some additionality like a magazine (hmag, tasty kitchen, or our own Hello Eco Living or Fisherbook); and the ones where the social network is in the background supporting the main function (Travel Oregon, Volkswagen, GigaOM).

You could also show by vertical – in education (CUNY), big companies (Daily Telegraph Blogs)

Keep this short and sweet – leave them wanting more!

2. Tell them what they get out of the box

Do it with visuals of a group, activity stream, etc.

3. Tell them what they can add to the box (plugins)

Just a few strong examples – easy to appreciate ones: – e.g. EventPress (running your own event registration) and Media+ (photos, videos, who doesn’t want that!)

4. Finally walk them through one of the most exciting sites in more detail

Use screen dumps / graphics throughout (it doesn’t need a bullet anywhere – although a couple of big number slides is nice – a la Steve Jobs)

Ask them questions throughout to engage attention – “Who’s ever built a site where it would be great if they could get visitors registering?” – then show them an example in BP. “Have you ever wanted a twitter like stream on your site?”. “Have you ever wanted a site where your visitors could post from the front end, and see responses in real time?”, etc., etc.

This way, you’ve got them thinking already: oh yeah, I need that in my site, imagine what we could do if we added this, etc. You’ve painted the picture for them.

And for a bit of humour – you could always risk a live activity stream playing in the background – where a buddy sends a few ‘helpful’ messages as you talk.

Hope that helps!

June 29, 2010 at 6:12 pm #83445

In reply to: Removing Groups From Forums

lincme.co.uk
Member

@peterverkooijen; Good points about the focus of a social network being on the member, while a forum is focussed more around the information. I think @alanchrishughes has a point too though, about non-techies being put off by having to register.many people are still terrified that if they enter their name and email address then you’ll have access to their bank account – seriously!

I’ve built a number of sites in Drupal, which is very powerful indeed, and doesn’t suffer so much from update issues. It gives such fine control of everything that it’s amazing, and for those who haven’t tried it, you can basically build your own custom CMS with it. It takes so long to do though. We tried Elgg, which is kinda cool out of the box, and does a lot of social network things really well. However, its interface is naff (in my opinion) and theming is not easy. Worse still, adding extra pages to build a custom site means lots of coding, instead of WP’s simple click-to-add. We’re going to need that for custom background (paying) advert pages, and hopefully a lot of them as time goes on. Also, Elgg has almost no member control, roles, etc., and wile the Elgg team feel that’s not important, we strongly disagree. People do not behave nicely just because they signed up to a social network!

Personally, I see nothing wrong with a social network which allows unregistered users to comment with CAPTCHA, along with well defined and easy to use groups for members to join, and good role management and strong privacy for those who require it. That way, just as in the real world, you can have private places and high streets, with members themselves controlling who does what. For me, at least, that’s all a social network need be.

May 8, 2010 at 11:58 pm #77273

In reply to: Here come the spammers!!!

foxly
Participant

PART 2 – DEFEATING SPAMMERS

In the last post I covered why and how spammers attack BP installations. This post will cover how I propose to counter them.

Fast Attacks -vs- Slow Attacks

There are two basic kinds of spam attacks that get run on social networks: “fast” or “flood” attacks, and “slow” attacks.

In a fast attack, the spammer signs up for an account on the site, then sends thousands of messages as quickly as possible.

Obviously, the site admin will be deluged with complaints about the spam user and quickly delete their account …but in the hours (or days) it takes the admin to respond, hundreds and hundreds of people will read the spam messages. Then the spammer signs up for another account, and repeats the process.

In a “slow” attack, the spammer signs up for *hundreds* of accounts on the system, often over a period of many months, and only sends out spam messages one at a time …often days, weeks, or months apart.

“Slow” attacks are very difficult to counter using automation …at least without annoying legitimate users.

The best way people have come up with so far is just a “report spam” button which, when clicked, reports the member to an admin so they can investigate it and if necessary delete the account. This will be implemented as part of @francescolaffi ‘s BP content moderation plugin in a couple of months.

Unfortunately, a “report spam” button doesn’t work well against “fast” attacks.

This is because:

a) There is a delay while the admin responds to manually submitted spam reports, or,
b) When a consensus scheme is used (if X users report a member their account gets suspended), there is a delay while enough votes are accumulated to flag the member as a spammer.

During that time, people are reading the spam messages and the spammer is winning.

Goals of Proposed BP Core Anti-Spam Mods

The goal of the proposed core modifications is to counter “fast” attacks by the following means:

1) To make it difficult for a spammer to create large numbers of member accounts using automated means.

2) To make it difficult for a spammer that already has a member account to use automated means to:
a) send large volumes of PM’s
b) send large numbers of friend requests
c) create large numbers of groups
d) create large numbers of group posts
e) post large numbers of comments
f) post large numbers of status updates

3) To accomplish 1) and 2) without being annoying to legitimate users.

4) To make the system configurable, so it can be adapted to the needs of the site …for example: visually impaired users, or display on mobile phones.

5) To make the system “on by default” and “secure by default”

How We Can Accomplish This

1) New User Sign-up

a) Add a captcha on the new account sign-up screen.
b) If the “user” gets the captcha wrong on the first try, require *TWO* captchas to be solved before they can proceed. (If the odds of a bot solving ONE captcha with OCR are 1 in 100, the odds of the bot solving TWO captchas with OCR are 1 in 10,000. This is a technique Gmail uses.)

…set X to be a random number on each installation between 3 and 7…

c) If the user gets X captchas wrong in a row, block their IP for a random amount of time (15 minutes to 2 hours). (This is what Craigslist does)
d) If the user fails X captchas *again* after being blocked, permanently ban their IP and post it to akismet.
e) If a locally banned IP tries to sign-up, don’t throw an “error page”. Completely ignore the request and don’t send anything.
f) If an akismet banned IP tries to sign up, require *TWO* captchas to be solved on the first try, and if they get X captchas wrong in a row, permanently ban their IP and repost it to akismet.
g) Add an option field to the admin menu that limits the number of accounts that can be created per IP address. By default, set it at 2.

2) Existing User Sign-In

a) Use a “normal” password box on first sign-in attempt.
b) If the member gets their password wrong on the first try, require them to solve a captcha on the second try. Offer password recovery option.
c) If the member gets their password wrong on the second try, require *TWO* captchas to be solved before they can proceed. Offer password recovery option.

…set X to be a random number on each installation between 3 and 7…

d) If the user gets X logins / captchas wrong in a row, block the visitor’s IP for a random amount of time (15 minutes to 2 hours).

3) Private Messages

a) Add a field to the user table that allows PM limiting to be bypassed or set to a unique value on a user-per-user basis.
b) Add three option fields on the admin menu: allow “X” messages to be sent every 24 hours, averaged over the past “Y” hours with “Z” hysteresis
…when BP is installed, randomly set X, Y, and Z to allow a daily maximum of between 18 and 24 messages, averaged over between 2 and 24 hours, +/- 3 messages.
c) If the maximum is exceeded, require the member to solve a captcha before they can send another PM.
d) If they get the first captcha wrong, require them to solve two captchas before they can send another PM.

…set R to be a random number on each installation between 3 and 7…

e) If the user gets R captchas wrong in a row, block their IP for a random amount of time (15 minutes to 2 hours). (This is what Craigslist does)
f) If the user fails R captchas *again* after being blocked, permanently ban their IP and post it to akismet.
g) If a locally banned IP tries to visit the site, don’t throw an “error page”. Completely ignore the request and don’t send anything.

Consider how difficult the algorithm above makes it to send automated messages. A spammer can’t just send “12 messages a day” or “1 message an hour” and avoid triggering the system. Every BP installation will have a unique combination that will cause it to trip. Yet for a “normal” user, the system will hardly ever trip, and if it does, it takes all of 5 seconds to enter a captcha and continue. And the system can be bypassed entirely for edge cases, like paid advertisers or site news.

3) Friend Requests

a) Create a config option in BuddyPress that allows the admin to remove the member’s directory with one click. Disable the member directory by “default” on new installs. In my experience, the only people that use the member’s directory (in its default state, on a socially oriented site) are Spammers, Marketers, and Competitors. There’s a reason Facebook, MySpace, LinkedIn, and Twitter do not have “global” member directories.
b) Implement same scheme as private messages.

4) Group Creation

a) Add a field to the user table that allows Group limiting to be bypassed or set to a unique value on a user-per-user basis.
b) Add an option field on the admin menu that sets a maximum number of groups that can be created by a user. By default, set it at 5.

5) Group Posts

a) Add a field to the user table that allows group post limiting to be bypassed or set to a unique value on a user-per-user basis.
b) Create a “whitelist” field on the admin page that allows “trusted” media sharing URL’s like YouTube, Revver, Flickr, etc to be bypassed in spam protection.
c) Create an option that automatically “scrubs” URL’s and email addresses from group posts if they are not on the whitelist. Not just “nofollow” …complete removal. This will stop 90% of abuse dead in its tracks, because most spammers are just trying to get traffic to a site or replies to an email.
d) If the system detects a URL or email address embedded in a message, and it’s not on the whitelist, require a captcha to be solved before allowing the post.
e) If they get the first captcha wrong, require them to solve two captchas before approving the post.

…set R to be a random number on each installation between 3 and 7…

f) If the user gets R captchas wrong in a row, block their IP for a random amount of time (15 minutes to 2 hours).
g) If the user fails R captchas *again* after being blocked, permanently ban their IP and post it to akismet.
h) If a locally banned IP tries to visit the site, don’t throw an “error page”. Completely ignore the request and don’t send anything.

i) For posts that do not contain a URL or email address, run the post through akismet. If it passes, approve the post. If it fails, require a captcha to be solved before allowing the post.
j) If they get the first captcha wrong, require them to solve two captchas before approving the post.
k) If the user gets R captchas wrong in a row, block their IP for a random amount of time (15 minutes to 2 hours).
l) If the user fails R captchas *again* after being blocked, permanently ban their IP and post it to akismet.
m) If a locally banned IP tries to visit the site, don’t throw an “error page”. Completely ignore the request and don’t send anything.

6) Comments

a) Create an admin option that only allows users to comment on their *friend’s* items. Activate it by default on new BP installations.

7) Status Updates

a) Add a field to the user table that allows status update limiting to be bypassed or set to a unique value on a user-per-user basis.
b) Create a “whitelist” field on the admin page that allows “trusted” media sharing URL’s like YouTube, Revver, Flickr, etc to be bypassed in spam protection.
c) Create an option that automatically “scrubs” URL’s and email addresses from status updates if they are not on the whitelist. Not just “nofollow” …complete removal. This will stop 90% of abuse dead in its tracks, because most spammers are just trying to get traffic to a site or replies to an email.
d) If the system detects a URL or email address embedded in a message, and it’s not on the whitelist, require a captcha to be solved before allowing the activity stream post.
e) If they get the first captcha wrong, require them to solve two captchas before approving the activity stream post.

…set R to be a random number on each installation between 3 and 7…

f) If the user gets R captchas wrong in a row, block their IP for a random amount of time (15 minutes to 2 hours).
g) If the user fails R captchas *again* after being blocked, permanently ban their IP and post it to akismet.
h) If a locally banned IP tries to visit the site, don’t throw an “error page”. Completely ignore the request and don’t send anything.

i) For activity stream posts that do not contain a URL or email address, run the post through akismet. If it passes, approve the post. If it fails, require a captcha to be solved before allowing the post.
j) If they get the first captcha wrong, require them to solve two captchas before approving the post.
k) If the user gets R captchas wrong in a row, block their IP for a random amount of time (15 minutes to 2 hours).
l) If the user fails R captchas *again* after being blocked, permanently ban their IP and post it to akismet.
m) If a locally banned IP tries to visit the site, don’t throw an “error page”. Completely ignore the request and don’t send anything.

8 ) In All Cases

a) When a member account is banned, or repeatedly triggers spam protection measures, send an alert to the site administrator.
b) Allow admin alerts to be disabled if necessary, example: DDOS attack against the site.

9) CONCLUSION

While the list of modifications above may look incredibly complicated, really, it’s not.

I’d say “worst case” it’s about a week of work to research and make these modifications. Then we can push it out into beta testing with all the other new code to give it a proper shakedown.

I’m sure there are plenty of ways the algorithms above could be improved, so please go ahead and post your feedback!

Thanks!

^F^

May 6, 2010 at 6:00 pm #76958

In reply to: Here come the spammers!!!

foxly
Participant

All About BuddyPress Spam

From what I’ve seen over the past few days, the range of knowledge about spam in the BP community ranges from zero to PhD research project. So, to get this thread off to a productive start, I’m going to give everyone some background info on why spammers target our installations, how they do it, and what we can do to reduce or eliminate these kinds of attacks.

1) Why do spammers attack BP communities?

-> Spam is 100% economically motivated. Spammers do what they do because it’s very profitable. Even if only 1 out of a million messages the spammer sends actually reaches somebody, if it cost $2 to send out those million messages and the spammer makes $50 by tricking one person into giving them a credit card number, the spammer is going to throw every resource they have into sending out more messages …because they’re getting a 2500% return on their investment.

-> Given the choice between multiple sites, a spammer will pick the one that gives the largest payout.

Gmail is a “hard” target, with users that are experienced with spam. If a spammer sent a billion spam messages to accounts on Gmail, 99.9% of them would be probably be deleted by automated filters at other ISP’s along the way before even arriving at Gmail. The first thousand messages that arrived at gmail would likely be delivered but would be put in user’s spam folders; and the remaining 999,000 messages would be flat-out refused by Gmail’s servers.

Because anyone with an email account is familiar with spam, probably 999 of those 1000 users would ignore the spam message and 1 user might act on it. So if it cost $20 to send those billion messages and the spammer made $50 by tricking the one person into giving them a credit card number, they’ve only made $30 for all that work.

BP communities are usually “soft” targets that are inexperienced with spam.

Once a spammer gets into a BP community, every single message they send is delivered to a member, and most members are NOT expecting to be attacked by other users on the site.

If a user called “site_news” sends everyone a message that says: “Our site just got featured on Oprah! check out the video! http://www.youtube.com/watch/dQw4w9WgXcQ.cn” every single member is going to get that message, and probably half of them are going to click on the link. (did anyone notice what’s wrong with that “YouTube video” … )

Then, assuming there are 50,000 members on the BP site, half of them click on the link, half of those people are using Internet Explorer, and the attack site the link points to installs a backdoor on computers running IE …at $2 / install the spammer has just made $25,000!

Now, if *you* were a spammer, which site would you attack?

2) How do spammers find BP communities?

Using Google.

Example: http://www.google.ca/search?hl=en&q=%2B”is+proudly+powered+by+WordPress+and+BuddyPress” (front page of every BP site on the net)
Example: http://www.google.ca/search?hl=en&q=inurl:%22/community/members/%22+%2Bbuddypress (members page of every BP site on the net)

3) How do spammers attack websites?

-> Most spam attacks are done using robots, because sheer volume of posts is usually the winning factor. In situations where there is a “captcha wall” or other defense blocking registration to a “high value” site (hint: yours), spammers will use people in low-wage countries to break the captcha and sign up on the site. The going rate is about $2 per 1000 captchas.

http://www.decaptcher.com/client/

Once inside the site, they will then use bots to post spam to all the members on the site.

-> There are literally *thousands* of different programs available that spam websites, and they all have *different* venerabilities.

For example, this program: http://forums.digitalpoint.com/showthread.php?t=1124949

a) Will DEFEAT a “hidden fields” challenge,
b) Will DEFEAT a “javascript proof of work” challenge,
c) Will FAIL a “captcha” challenge
d) Will FAIL an “Akismet” challenge
e) Will FAIL a “Hashed Form Field ID” challenge

But this program: http://www.botmasternet.com/more1/ , wikipedia: http://en.wikipedia.org/wiki/XRumer , video of it running: http://www.youtube.com/watch?v=AL2i4SNPJmg

a) Will DEFEAT a “hidden fields” challenge,
b) Will DEFEAT a “javascript proof of work” challenge,
c) Will DEFEAT a “captcha” challenge
d) Will DEFEAT an “Akismet” challenge (uses proxy networks, never sends the same message twice)
e) Will DEFEAT a “Hashed Form Field ID” challenge
f) Will FAIL a “enter the numbers with a triangle over them” challenge (as used by PlentyOfFish.com)
g) Will FAIL a “click on the photos of cats but not the photos of dogs” challenge

4) How do we stop spammers from attacking BP communities?

-> By making it frustrating and unprofitable (but not necessarily impossible) for spammers to target us; while making these tactics invisible to normal users.

I will cover how I propose to do this in the next post.

^F^
Author

Search Results

Viewing 25 results - 1 through 25 (of 31 total)