Search Results for 'number of members is wrong'
-
Search Results
-
All About BuddyPress Spam
From what I’ve seen over the past few days, the range of knowledge about spam in the BP community ranges from zero to PhD research project. So, to get this thread off to a productive start, I’m going to give everyone some background info on why spammers target our installations, how they do it, and what we can do to reduce or eliminate these kinds of attacks.
1) Why do spammers attack BP communities?
-> Spam is 100% economically motivated. Spammers do what they do because it’s very profitable. Even if only 1 out of a million messages the spammer sends actually reaches somebody, if it cost $2 to send out those million messages and the spammer makes $50 by tricking one person into giving them a credit card number, the spammer is going to throw every resource they have into sending out more messages …because they’re getting a 2500% return on their investment.
-> Given the choice between multiple sites, a spammer will pick the one that gives the largest payout.
Gmail is a “hard” target, with users that are experienced with spam. If a spammer sent a billion spam messages to accounts on Gmail, 99.9% of them would be probably be deleted by automated filters at other ISP’s along the way before even arriving at Gmail. The first thousand messages that arrived at gmail would likely be delivered but would be put in user’s spam folders; and the remaining 999,000 messages would be flat-out refused by Gmail’s servers.
Because anyone with an email account is familiar with spam, probably 999 of those 1000 users would ignore the spam message and 1 user might act on it. So if it cost $20 to send those billion messages and the spammer made $50 by tricking the one person into giving them a credit card number, they’ve only made $30 for all that work.
BP communities are usually “soft” targets that are inexperienced with spam.
Once a spammer gets into a BP community, every single message they send is delivered to a member, and most members are NOT expecting to be attacked by other users on the site.
If a user called “site_news” sends everyone a message that says: “Our site just got featured on Oprah! check out the video! http://www.youtube.com/watch/dQw4w9WgXcQ.cn” every single member is going to get that message, and probably half of them are going to click on the link. (did anyone notice what’s wrong with that “YouTube video” …
)Then, assuming there are 50,000 members on the BP site, half of them click on the link, half of those people are using Internet Explorer, and the attack site the link points to installs a backdoor on computers running IE …at $2 / install the spammer has just made $25,000!
Now, if *you* were a spammer, which site would you attack?
2) How do spammers find BP communities?
Using Google.
Example: http://www.google.ca/search?hl=en&q=%2B”is+proudly+powered+by+WordPress+and+BuddyPress” (front page of every BP site on the net)
Example: http://www.google.ca/search?hl=en&q=inurl:%22/community/members/%22+%2Bbuddypress (members page of every BP site on the net)3) How do spammers attack websites?
-> Most spam attacks are done using robots, because sheer volume of posts is usually the winning factor. In situations where there is a “captcha wall” or other defense blocking registration to a “high value” site (hint: yours), spammers will use people in low-wage countries to break the captcha and sign up on the site. The going rate is about $2 per 1000 captchas.
http://www.decaptcher.com/client/
Once inside the site, they will then use bots to post spam to all the members on the site.
-> There are literally *thousands* of different programs available that spam websites, and they all have *different* venerabilities.
For example, this program: http://forums.digitalpoint.com/showthread.php?t=1124949
a) Will DEFEAT a “hidden fields” challenge,
b) Will DEFEAT a “javascript proof of work” challenge,
c) Will FAIL a “captcha” challenge
d) Will FAIL an “Akismet” challenge
e) Will FAIL a “Hashed Form Field ID” challengeBut this program: http://www.botmasternet.com/more1/ , wikipedia: http://en.wikipedia.org/wiki/XRumer , video of it running: http://www.youtube.com/watch?v=AL2i4SNPJmg
a) Will DEFEAT a “hidden fields” challenge,
b) Will DEFEAT a “javascript proof of work” challenge,
c) Will DEFEAT a “captcha” challenge
d) Will DEFEAT an “Akismet” challenge (uses proxy networks, never sends the same message twice)
e) Will DEFEAT a “Hashed Form Field ID” challenge
f) Will FAIL a “enter the numbers with a triangle over them” challenge (as used by PlentyOfFish.com)
g) Will FAIL a “click on the photos of cats but not the photos of dogs” challenge4) How do we stop spammers from attacking BP communities?
-> By making it frustrating and unprofitable (but not necessarily impossible) for spammers to target us; while making these tactics invisible to normal users.
I will cover how I propose to do this in the next post.
^F^
@jivany (“I don’t understand your BP forum complaints. You don’t use forums because you have basically replicated the forum concept in blog posts/comments”)
Exactly! My point is that integrating an external forum like bbPress into Buddypress is unnecessary and only creates a lot of confusion, undermines the structure. Less is more. KISS.
I would like Buddypress to consolidate on the smallest number of parts, leverage what’s already in WordPress, instead of adding database tables and external scripts that partly overlap/clash with other parts.
But bbPress seems to be taking over Buddypress. Wrong direction imho.
I apologize for not coming back sooner to say this is solved. Been having lots of computer issues. The reason the other code didn’t work was we were reading from the wrong table. Another table had the info we needed so I swapped it out and here’s what I’m using now. Hopefully this will come in handy for a lot of people.
This goes in the head
<!-- drop down search -->
<SCRIPT LANGUAGE="JavaScript">
function formHandler(form){
var URL = document.form.site.options[document.form.site.selectedIndex].value;
window.location.href = URL;
}
</SCRIPT>
<!-- end drop down search -->And this goes in the body
<!-- drop down search -->
<form name="form">
<select name="site" size=1>
<option value="">Blah Blah</option>
<?php
$field_id = 2; // this should be the id of the
// field you want, see your wp_bp_xprofile_fields
// database table to find it
global $wpdb;
$sql = "SELECT name FROM {$wpdb->base_prefix}bp_xprofile_fields WHERE parent_id = {$field_id} ORDER BY id DESC";
$result = $wpdb->get_col($wpdb->prepare($sql));
foreach($result as $row){
if(strlen($row) > 0){
$values[$row]++;
}
}
foreach($values as $key => $value){
echo "<option value=\"members/?s=$key\">$key</option>";
}
?>
</select>
<input type=button value="Go!" onClick="javascript:formHandler(this)">
</form>
<!-- end drop down search -->Don’t forget to change the number of the field. Thanks for all of your help
