BuddyPress.org

DJPaul,

That’s the basic idea. So, people that have joined a specific group can email out their friends to come and join the same group directly. Essentially it would make the registration process unique to how the person was referred to the BuddyPress install.

Kind of like on Facebook, when a friend invites me to be part of Facebook and I’m not a member, then when I sign up I’m automatically their friend. Of course, in this case I want a BuddyPress “group” to be added automatically. I guess it does also make sense to make the person requesting that I join my friend also.

That’s the backend need.

The front end need is to make the registration page a customized landing page based on who requested that you sign up to participate in the BuddyPress install.

Both challenges, but I think the modification of the sign up process like I’m describing will open up some really interesting doors to innovation with BuddyPress. The key for Facebook’s success is getting people signed up. Modifying the registration page to increase conversions seems like a logical next step to making this happen. Just interested in hearing if other people have done it and where I might start looking to make these changes.

@hachimaki

Instead of modifying all the BP templates, you could try the Registered Users Only 2 plugin:

https://wordpress.org/extend/plugins/registered-users-only-2/

I’ve made a few mods to that plugin to better support BP here:

https://buddypress.org/forums/topic/bp12-plugin-wishlists#post-42114

@nipponmonkey

Use what I suggested above.

Then turn off registration and manually create users. Assign these users a role of contributor or higher.

Did this never get developed? It is a right pain at the moment, I have loads of spam registrations and people posting unsuitable content! Something like a Registration Approval system is very important, spam and abusive posters ruin many a good forum blog etc!

I would have thought something as important as this, would be high on the priority list of available options on buddypress! Or is there something already out there ?

Another easy solution is to use a maintenance mode plugin permanently on. Create your own landing page and in the admin allow access to your registration page.

If the plugin is activated, then the registration to buddypress is not possible. 404 error on registration activation page.

Just got another registration from a .info email address. It occurs to me that that is not necessarily the domain they are coming from since my htaccess deny had no effect. The email ban setting also had no effect. Nor does hashcash or any of the other multiple measures I have put in place. I have no idea what to do anymore. I’ve tried everything. I’m resorting now to banning individual IP’s as they come in.

I’ll try. I just got a new registration from ANOTHER .info email address. Minutes ago. Ugh Unreal.

I’ve done everything mentioned in this thread and MORE. And no dice. Kind of at my wits end. How the heck are they signing up?! Unless it’s humans signing up. But I assume all SPAMers use bots. Even if it’s not a bot… I don’t know how you’d ever find the signup page with Google. It has a custom slug and I’ve gotten rid of the default BuddyPress text.

Anyway. Thanks Andrea.

I wonder if this would work in .htaccess

deny from .*\\.info.*

@Andrea_r How do your say “SPAMbots please screw off” in Latin? LOL. Maybe Google can translate for me.

No more SPAM registrations since my last post. Fingers crossed.

Did you find out how to use regex in the WPMU “banned domains” setting?

Add the standard instructions to your registration page for new users to whitelist yourdomain.com in their email accounts.

I wonder if attempting to rename bp-core-signup.php might help. Who know how many things I could break though. LOL.

Anyway, I just duplicated the /registration/register.php file in my child theme and completely deleted this line… maybe that will help

<p><?php _e( 'Registering for this site is easy, just fill in the fields below and we\'ll get a new account set up for you in no time.', 'buddypress' ) ?></p>

Okay… I am STILL getting SPAM registrations. I’ve done the following:

• Changed signup slug
• Installed hashcash (works with BP now)
• Disabled “Allow blog administrators to add new users…”
• Deleted BuddyPress credit in footer.php
• Deleted wp-signup.php
• Created a robots.txt file to disallow robots from my signup slug

Any more ideas? Short of Catcha? Altho’ I’m thinking even that won’t work.

In MU, there *is* an option to block certain email domains. There’s a funny way to put in wildcards though.

,

Thing is Andrea that doesn’t appear to make a blind bit of difference, we had a number of signups from half a dozen email domains repeated over and over, easy I thought, first line of attack drop those domains in the block list. Didn’t do a thing those same email domains kept coming through. I suspect that when someone looks into it they will find that BP registration bypasses this check somehow! sadly!

So to sum up:

• Change your signup slug
• Add some required custom profile fields (or use the hashcash trick posted at the start of this thread)
• Disable “Allow blog administrators to add new users to their blog via the Users->Add New page”
• Delete BuddyPress credit in footer.php
• Delete wp-signup.php
• Create a robots.txt file with User-agent: * Disallow: /register/ (or whatever your slug is)
• If all else fails, use CAPTHCA or preferably a simple random question (what colour is snow)

Am I wrong or missing anything?

Also… all of my SPAM registrations were coming from .info domains. I added this to my .htaccess file but I’m not sure it’s correct. I found a million examples via Google search for how to ban full domains or subdomains… but nothing about blocking an entire extension (i.e… whatever.info). Anyway, this is what I wrote:

RewriteCond %{REMOTE_HOST} \\.info$

RewriteRule .* - [F]

Parts of the necessary plugin:

1) Upon activation, create “General” BP group, with forums enabled

2) After creation, have a script add all existing members

3) Hook into registration so that new members join the group

4) Write a function that filters the content of bp_has_groups everywhere it appears to remove the General group from all group listings

5) Sit back and watch the (free and open source) jack roll in

Someone please build it so that I can stop seeing this argument recur on these forums every few weeks. If I didn’t have seven thousand other things to do I’d do it myself but hey – I just took all the thinking out of it by drawing a map

not too sure if this is the solution that you want; but what i have on my website is that the activity stream becomes the homepage; so whenever someone registers, they go the homepage that now has the activity stream.

see it on my testing website: http://esastera.org

let me know if you’d like details on how to make the activity stream becoming the homepage.

I’m starting to get hit now :o( I have had a custom slug for weeks. I added a robots file today disallowing bot access from /my-signup-slug/ and also installed invisible defender but I’m still getting spam registrations. I also just deleted my wp-signup.php file. I’m going to try hashcash. I’m also considering a htaccess file that simply bans ALL traffic to the entire website from Russia, China and any .info domains.

Yes, there’s a bug in 1.2.2 which is super frustrating as it was fairly obvious. I’m tagging 1.2.2.1 which fixes it and will be out in the next 30 minutes.

yep same problem

Please post an issue on Trac as soon as possible:

https://trac.buddypress.org/newticket

Use the same login credentials you use here on bp.org.

Yup I’m having exactly the same problem. It looks like 1.2.2 isn’t putting a recipient address in the email. I have several unsent mails on my server as there is no sender information in them.

Block the registration page from the search engines. JUST the register page.

Well, I pretty much tried most of the suggestions here on this thread, and for a couple of days it was quiet. But since yesterday a new and much more aggressive wave is battering my poor little site with as much as 70 new accounts and blogs per hour.

The last wave started shortly after this log entry:

http://www.webwarper.net/ww/~av/www.google.com/search?hl=en&q=site:.NET%20inurl:%22register%22%20intext:%22Registering%20for%20this%20site%20is%20easy,%20just%20fill%20in%20the%20fields%20below%20and%20we%27ll%20get%20a%20new%20account%20set%20up%20for%20you%20in%20no%20time.%22&start=10&sa=N

These accounts don’t have ANY fields filled out from the BP registration form. Even if I re-write that page they’ll just pick something else to hunt for. I’m back to asking folks to contact me if they want to join the site, but that’s a major deterrent for most, understandably.