Skip to:
Content
Pages
Categories
Search
Top
Bottom

Search Results for 'spam'

Viewing 25 results - 1 through 25 (of 2,922 total)
  • Author
    Search Results
  • #238103
    Profile photo of juliantrueflynn
    juliantrueflynn
    Participant

    Yes to the first, no to the 2nd — to be direct, not sure you’re following…

    You just gave steps for overall spam reduction (which, thank you), what I’m referring to is a problem that occurred from the custom registration page. I’m talking in the matter of an hour I went from no spam to lots of spam because of the custom registration page which code I gave above. What would cause that and how can I fix it?

    Why would this custom page cause the issues and why would the Honeypot plugin you gave not fix it or my old code — it’s doing the same thing I had before that worked perfectly? I could remove the custom registration page and the spam would stop, but I rather keep it though since I don’t want the default registration page.

    #238075
    Profile photo of juliantrueflynn
    juliantrueflynn
    Participant

    Hm, so I added that plugin first to see if that would do anything. The spam requests are still very high (user spam sign-ups). Again, I’m just comparing this to before I did the new custom registration page – the code I put above in codeshare.io.

    #238047
    Profile photo of danbp
    danbp
    Moderator

    Shouldn’t a User promoted to Group Moderator be able to moderate content in that Group, regardless of their WP Role and capabilities?

    Sounds logic, but No. See documentation in bp-core/bp-core-caps.php for the “why”. ;-)

    Since BP 1.6, group moderators can only delete, move, spam group forum content.

    External reference.

    #237974
    Profile photo of S. Panda
    S. Panda
    Participant

    Thanks for the reply, unfortunately that patch didn’t help. Here’s what I have in wp-content/plugins/bbpress/includes/extend/buddypress/activity.php:

    	// Get the activity stream item, bail if it doesn't exist
    //  ===== BBPRESS BUG WHICH RETURNS DUPLICATE =====
    // ===== bbp_reply_created UPON EDITS                            =====
    //		$existing = bp_activity_get_specific( array( 'activity_ids' => $activity_id, 'show_hidden' => true, 'spam' => 'all', ) );
    //		if ( empty( $existing['total'] ) || ( 1 !== (int) $existing['total'] ) )
    // ===== END BUGGY CODE / START PATCH                    =====
    		$existing = new BP_Activity_Activity( $activity_id ); 
     		if ( empty( $existing->component ) )
    // ===== END PATCH                                                           =====
    			return null;
    		$existing = new BP_Activity_Activity( $activity_id ); 
     		if ( empty( $existing->component ) )
    		// Return the activity ID since we've verified the connection
    			return $activity_id;
    	}
    
    #237878
    Profile photo of danbp
    danbp
    Moderator

    hi @dani-girl,

    intersting question, but thought you’re wrong about Directive 95/46/CE. You have a too strict opinion ! If it would be real, nobody in Europe couldn’t use WordPress and probably also many other CMS’s.
    Which is the EU country you are off ?

    An e-mail is a personnal data and the directive applies. But…

    WordPress need it (username, email and password) to work on registering. That is a legitimate and technical reason, which is allowed.

    You don’t collect it illegaly, or by roundabout and the user has access to it any time. Emails never appear publicly on WP and are used for internal purpose only.

    Opt-in is mandatory since 2002 in Europe. This means you have to prevent/ask the user before he sign in.
    If you clearly write and expose publicly (and easy to access) your policy, explain why you ask the mail, that you freely remove any user data on demand for example, you can ask for an email. This is also valuable for cookies. You should inform the user that you use them… Resaling and forwarding emails for commercial purpose is of course forbidden, but only IF your site has no direct reason to do that. (e-commerce is not a direct reason ;-) )

    On the other side, as site owner, you can’t use your members email for advertisement or any other mailing action without their agreement. Or you will be considered as spammer. Which is also illegal in EU.

    http://www.cnil.fr/english/data-protection/official-texts/

    #237781
    Profile photo of nblxhd
    nblxhd
    Participant

    Kleo Theme.

    — WordPress Active Plugins

    bbPress: 2.5.6
    BP Group Organizer: 1.0.8
    BuddyPress: 2.2.1
    BuddyPress Activity Shortcode: 1.0.2
    BuddyPress Cover Photo: 1.0.5
    BuddyPress Edit Activity: 1.0.4
    BuddyPress Like: 0.2.0
    Buddypress Messages Spam Blocker: 1.1
    BuddyPress Toolbar: 1.6.0
    CodeStyling Localization: 1.99.30
    GD bbPress Attachments: 2.2
    iThemes Security: 4.6.12
    K Elements: 2.4
    NextScripts: Social Networks Auto-Poster: 3.4.16
    Paid Memberships Pro: 1.8.2.2
    Peter’s Login Redirect: 2.8.2
    Revolution Slider: 4.6.5
    rtMedia for WordPress, BuddyPress and bbPress: 3.7.35
    Social Articles: 1.8
    Taxonomy Metadata: 0.4
    WangGuard: 1.6.2
    WooCommerce: 2.3.7
    WordPress Importer: 0.6.1
    WordPress SEO: 2.0.1
    WPBakery Visual Composer: 4.4.2
    WP Super Cache: 1.4.4
    YITH WooCommerce Wishlist: 2.0.5

    PHP Version: 5.2.17
    MySQL Version: 50617
    Webserver Info: Apache/2.4.9-0-beget (Unix)

    ### End System Info ###

    #237623
    Profile photo of Alice-Claire
    Alice-Claire
    Participant

    Thanks for the links. The thing is, they aren’t showing as members. That’s the strange part. I was getting hit with mega spammers and then I added a few things, including a captcha, and it stopped. No more spammer accounts were being created.

    However, it does appear like they’re still building in the background somewhere, but I don’t where? They don’t show up as registered or pending members anywhere. So our member page is showing something totally different than our dashboard log.

    Any ideas?

    #237621
    Profile photo of Rosyteddy
    rosyteddy
    Participant
    #237620
    Profile photo of Rosyteddy
    rosyteddy
    Participant
    #237483
    Profile photo of danbp
    danbp
    Moderator

    Wide subject and several answered on this forum.

    Askimet covers comment spam and doesn’t avoid clever spam bots to hit directly the DB.

    Basic recommandation is to use table prefix different of the classic wp_. This calms down most bots.

    A closed door is always a challenge for any spammer. WP is not fort Knox and depending your host, what YOU did and many other security details, this has no end in fact. If your site is Facebook, you’ll probably receive more spam than if it would be mykittycat homepage. Glory has a price ! ;-)

    Some htaccess rules against reputated spam server and one or to plugins aside what exist natively in WP should be enough to protect you a little from massive spam.

    For example: buddypress honeypot + ban hammer for BP

    or more simple and rought

    http://mattts.net/development-stuff/web-development-stuff/wordpress/buddypress/anti-spam-techniques/registration-honeypot/

    … + searching this forum, maybe you can find more tips. ;-)

    Profile photo of mrgiblets
    mrgiblets
    Participant

    Hey guys,

    I’ve been developing wordpress powered sites for years, sometimes I build them locally and other times I build them live (depending on what I’m doing).

    I’m currently building my first BuddyPress powered site (live) and I have noticed a serious amount of spam accounts signing up every time that I leave “anybody can register” open.

    I’ve never seen this before with any other wordpress site that I’ve built online.

    I never use Akismet or any other kind of anti-spam filter in WP as I’ve never thought the spam account problem was serious enough to warrant it, but I’m 100% going to need one with this BP powered site because it’s getting out of control before anybody even knows the site is out there. (I’ve told WP not to index the site on search engines while I’m building it).

    So a couple of questions….

    1) Are you guys getting a large amount of fake spam accounts on your sites as well?

    2) If you are using a plug-in to prevent spam, which one are you using and does it work ok?

    3) Does anybody know what it is about a Buddypress install that is encouraging all of the spam bots through the door?

    Profile photo of danbp
    danbp
    Moderator

    @shaquana_folks

    allowing users to upload to your server some documents is a very bad idea while the registration process.

    When a user register, you don’t know if he’s a human or a spam bot.
    That’s why a newly register user is only pending and why he has to return an activation key before it is considered as a site member.
    Or the site admin can ban him during the pending time, for some reason.
    As long as you don’t be sure, a minima, of your new member, don’t allow him anything except viewing the site.

    You’re talking about pdf, doc and docx, but on the register page nothing appears about what type of file they have to upload (as it is required) and for what !

    Here you’ll be able to upload images. Try it out now! is a bit vague. And i don’t think that BuddyDrive is intended to be on the register page.

    BuddyDrive is a per member based plugin and can be used on a profile or in a group. As long as a member is pending, meaning doesn’t really exist, it cannot work.

    Profile photo of auston1
    auston1
    Participant

    When I installed BP, I unfortunately had user registration disabled in settings (cuz of bot spammers – I have no content FFS and I’m already getting spammed.)

    Anyways, what do I need to do to fix this now? I’ve created the pages and associated them in the buddypress settings –> pages tab, but they still are completely blank. The other 3 pages all work (members, activity, groups.)

    I also realized, I do not have a registration folder in buddypress. I believe this is required? I tried uninstalling, then deleting all the bp_ tables from the database, and then re-installing BP with “allow anyone to register” checked; but alas no dice. :(

    Still no page content for the two pages, still no folders in the buddypress directory.

    Side note: I’ve created the bp-custom.php and placed it in the plugins directory, but it’s still empty.

    I’m quite the noob. Please help.

    #236728
    Profile photo of rezon8dev
    rezon8dev
    Participant

    Hello I have a site using BuddyPress and some of my notification emails are being formatted, I’m actually not sure if it is BuddyPress or Paid Memberships Pro which is applying the formatting in these cases but I assume buddyPress due to the types of emails (friend request notifications) as well as new user activation emails. There is a message going to my gmail spam folder which is an error message. The email has an attachment called noname.eml and the sender is (unknown sender). When I open the attachment all looks good and Gmail says the error could be from a few things, whitespace before or after (before could be the issue here), single or double quotes. I’m also wondering if this could be do to email addresses that contain a “.”? Can anyone help shed some light one this?

    the site is shpdev.wpengine(dot)com

    #236704

    In reply to: Double entries

    Profile photo of bluedawg
    bluedawg
    Participant

    I was getting a lot of those entries before I got email registration activation working. turns out there was a conflict with another plugin and that’s why I was getting the invalid activation key error. Since I got that working I have not gotten any more spam signups but I’ll keep an eye out. I only have the live site – no local install.

    I have another question about formatting profile pages – Mine look terrible. Maybe I did something along the way to break them. I have been working feverishly at this for days but I will start another thread for that new topic :)

    #236703

    In reply to: Double entries

    Profile photo of danbp
    danbp
    Moderator

    Seems to be spammers, but IMHO, there is another problem if you receive 2 mails for each new user.

    Disallow user registration on live site and do some test on a local install before reoppening registry.

    Change also your DB tables prefix. Don’t use wp_ ! This will calm down most spammers for a little while.

    #236699

    In reply to: Double entries

    Profile photo of bluedawg
    bluedawg
    Participant

    Interestingly when I set up users myself abd registered them I only get one email notification that a new user has registered. but when others register I get a double notification. See attached screengrab. Could they be spammers?
    Screen Grab

    Also on the activity page there is a double entry of their join date with one being squished off to the right side… also see attached screen grab:
    Activity

    #236663
    Profile photo of davelr1
    davelr1
    Participant

    Hi!

    I want to change the regular group role capabilities but I just can’t find the place where these capabilities are defined. I found where I can edit side-wide admins/mods capabilities but not for the group ones.

    By now… a group moderator can only edit replies/topics and mark as spam. I would like to give them the capability to also kick/ban members. I just want to set that because some groups have a lot of members and the admin need some extra help keeping everything clean without the need to promote others as admin.

    I already set a menu above users avatar’s generating the ban/kick link.. so.. there’s no need for group mods have the permission to access group admin page.

    Wordpress 4.1.1
    Buddypress Version 2.2.1

    Thank you for your attention! =)

    #236396
    Profile photo of danbp
    danbp
    Moderator

    Any ideas on what may have caused this ?

    That question was answered here.

    It’s the user who did it wrong, so guess there is no technical solution.

    The “from” wordpress@mysite.com is a default address which redirect to site admin address (the one you indicate when you setup WP).

    This can (and should be) changed, as its a common trick used by spammers. Read here how to do this.

    #236185
    Profile photo of angslycke
    angslycke
    Participant

    @danbp True indeed, but with my previous setup with BuddyPress 1.9.2 I was able to control the spam registrations since they were never activated (I used BuddyPress Pending Activations to manually activate new users) and therefore they could never log in. They were not seen in the activity stream either.

    This is my setup: https://buddypress.org/support/topic/create-private-membership-site-with-buddypress/

    I’ve now upgraded s2Member which had no effect, and also deactivated the BuddyPress Automatic Friends plugin which didn’t have any effect either. The new user shows up as pending in the Users screen for about 1 minute after registration, but is then automatically activated.

    #236184
    Profile photo of danbp
    danbp
    Moderator

    Spam is an endless plague… and there is no radical solution, but only a set of combination for minimizing it, or at least to slow down that phenomenon..

    For example, changing the default wp_ table prefix is a good practice which i would recommand to any site owner touched (or not yet) by spammers.

    Even if you already use another prefix, but spammers found your site, you have to modify it again. Sounds a bit stupid, but the gain will be effective for a while.

    Other tips are avaible on WP Codex.

    In some case, you would prefer to use a plugin. See BuddyPress Registration Option.

    But in any case, you have to found your own combination.

    #236182
    Profile photo of angslycke
    angslycke
    Participant

    Hi!

    I recently upgraded my site with a new theme (BuddyBoss Boss. theme) and am running WP 4.1.1 and upgraded from BuddyPress 1.9.2 to 2.2.1.

    I have a setup where I redirect the activation e-mail to the site admin to be able to manually control new members and verify their information before activating them and letting them log in. This is a cruical function for my site since it’s a private network.

    After the upgrade I noticed that some spam users were automatically activated and able to log in without my manual activation. The users are automatically activated, the same issue as @RussAdams is experiencing. I’ve tried deactivating a few plugins (BuddyPress Pending Activations, BuddyPress Auto Group Join) but this issue persists. In BuddyPress 1.9.2, everything was working as expected.

    Browser sessions doesn’t seem to be the issue since clearly people on other computers have been able to create accounts which were automatically activated as well.

    This is a very serious issue for my site since I no longer have the control over new users and spam users can log in after activating. Did you get this sorted out?

    Profile photo of LoopyFrisbee
    LoopyFrisbee
    Participant

    Hi guys, I just installed the latest version of BuddyPress (2.2.1) and WordPress (4.1.1). I am still developing it in my localhost so don’t have site link

    I want to disable profile syncing of WordPress & Buddypress. However, I don’t get that option at all! Please help!

    My Settings>BuddyPress>Settings only has:

    Toolbar Show the Toolbar for logged out users
    Account Deletion Allow registered members to delete their own accounts
    Groups Settings

    Group Creation Enable group creation for all users
    Administrators can always create groups, regardless of this setting.
    Profile Photo Uploads Allow registered members to upload avatars
    Activity Settings

    Blog & Forum Comments Allow activity stream commenting on blog and forum posts
    Activity auto-refresh Automatically check for new items while viewing the activity stream
    Akismet Allow Akismet to scan for activity stream spam

    #236030
    Profile photo of @mercime
    @mercime
    Keymaster

    I created a page for each component in this plug-in and I don’t know what to do next.

    @dleit It depends. You could start adding Member Profile Fields and/or Create Groups and/or install Group and/or Sitewide Forums if you need forums.

    btw, spammers have been removed :)

    Profile photo of djsteveb
    djsteveb
    Participant

    I found with one site on one server – any emails sending via php had a weird return header thing from my server that did not get through some of this big three email clients no spam lists..

    a plugin similar to https://wordpress.org/plugins/postman-smtp/

    may change your wp to send via an smtp account on your server instead of php using a weird default server header.. you may need to create an smtp account for that work.. and even so there are other factors that could limit your email getting through.. (some shared servers are on backlist, some web hosting companies are given minus points, even if your web site is on the up and up)

    There are a lot of things that could cause it to fail the ‘real mail’ test at some of these services..

Viewing 25 results - 1 through 25 (of 2,922 total)