Thanks for that — I’ll take the ‘proudly powered’ bit out of the footer for the moment, too, and see how things go. Simple solutions first if possible… 
Same problem,started about a few days ago. Bots are signing up a few times a day, firstnamelastname19xx.
Interesting is that I notice in my stats some ip found my site by searching for “proudly powered by WordPress MU and BuddyPress”.That could be a reason that this particular bot is finding and attacking bussypress installs.
If this bot is getting past Captcha, I would recommend applying a reverse Captcha technique. Just do a bit of Googling on this, it uses a hidden field as a honey pot which bots will fill in, but normal users will not. When filled in you can redirect them to a page of your choosing.
Please report your findings and how you deal with this as it would be very helpful.
As a first attempt, I’ve tried changing the register slug in wp-config and some of the phrasing used on register.php (after copying it from bp-sn-parent to my child theme) to see what happens… will report back on whether or not it confuses the bots.
Me too. Same issue. They even tick a checkbox and get past a Captcha . BP User ID and required text field entry contain a short random string like A6vLtHqlgT.
The .htaccess modification described by D’Arcy Norman doesn’t work in these cases.
Make that 6.. oh, and they are all from different IP’s as well, so wp-ban also does not much good.
Yep, I had 5 like these today and several before past weeks:
firstnamelastname19xx as usernames, all from different email domains.
They did not post, but also did not have much time to do so.
I mark them as spam immediately, but am tired of doing so, so hope a splog solution is nearing…
I have never received any answer on teh original questions and I am getting really tired of deleting the splogs that happened only after installing Buddypress.
Just the last few hours 5 splogs registered, all with name-surname19xx as username, all from different email domains.
I know it is not too much to check every blog, check every user, mark him as a spammer and add the email domain to the sh*tlist under options.
But the point is that before BP I had to do this less than once per month. So I repeat, hopefully somebody wil;l at least answer the2nd question (hopefully the first as well, but I fear a standard ‘ask the plugin-author’ reply):
“So my questions to determine the best action to make sign ups easy but splogs difficult:
– why won’t the WPMU sign-up question plugin work on the BP register page? Is there a way to fix that?
– More importantly: Can the register page be renamed? If so, which file(s) and what other (internal) links?”
Many thanks,
Cheers, Harry
how about checking all blog posts and all pm to akismet/typepad antispam?
only certain trusted group are excluded.
or perhaps after the user post a dozen good, non-spam content…
oh yes, there is an entire industry in especially central Asian countries (Bangladesh is huge) where halls of people solve captcha’s for $1 per 1000-5000 captchas.
See http://ha.ckers.org/blog/20080311/human-captcha-breaking/
Don’t forget to read the last 5 comments or so 
Though I am in favour of having spammers employ and pay poor people in Asia, I hate spam even more and have abolished all captchas from my site as still too many people cannot read them, so it is chasing people away. And, as the link above proves, they do not help anyway.
possibly, there exist new semi automatic method?
a spambot that present to human a captcha so that the spammer only need to enter the captcha and everything else is automatic…?
@ Peter – sure certainly not, but each incoming door need to be monitored
since i use the trick i have no more splogs or spammer registering !
wp-ban works nice, invisible defender also and wp-spamfree did correctly his work too….
a little additionnal htaccess hack and the wp-login file hack make things going right for me.
I put some emails in the wp ban admin but i don’t know if this works correctly.
I didn’t use captcha or similar techniques.
Unless you have 1 million splogs sign up a day, you can always manually check and delete each splog. Trust me, you can discourage spammers to splog you, but you won’t be able to get rid of new spammers and new splogs. Unless you have a smart programmer that programs a good algorithm in recognizing splogs and spammers, but it probably gonna cost ya big time.
r-a-y, I’d like to try the .htaccess solution, but the instructions are very ambiguous:
# BEGIN ANTISPAMBLOG REGISTRATION
RewriteCond %{REQUEST_METHOD} POST
RewriteCond %{REQUEST_URI} .yourbpsignupslug*
RewriteCond %{HTTP_REFERER} !.*yourhomedomain.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^$
RewriteRule (.*) http://die-spammers.com/ [R=301,L]
# END ANTISPAMBLOG REGISTRATION
Should I leave the dots (.) and stars (*) around ‘register’ and ‘mywebsite.com’?! What would be mybpsignupslug if I have the registration form on my homepage as well as /register?
My spammers all sign up with .info email addresses. Is there any way to just block all .info?
Legitimate members should use normal .com emails, like normal people.
Sounds like you’ve been caught by the spam filter. One of us moderators will resolve this issue for you soon (I am at work at the moment).
We didn’t ignore your threads, they were caught in Akismet and marked as spam.
@anointed, can you try adding that line into “wp-plugins/bp-custom.php” ?
It should work in wp-config.php or any other file that loads before BuddyPress does. The goal obviously is not to modify a file that’s replaced by core updates, so wp-config.php or bp-custom.php is safer than bp-core.php.
The code…
/* Define on which blog ID BuddyPress should run */
if ( !defined( 'BP_ROOT_BLOG' ) )
define( 'BP_ROOT_BLOG', 1 );
Checks to see if BP_ROOT_BLOG was defined by any other file previous to BuddyPress loading, which is done inside the “plugins_loaded” hook which is in wp-settings.php, which is loaded after wp-config.php.
PM me again if your topics are marked as spam, and I can open them back up.
I’m not sure how Facebook connect works… but allowing sign up or not is simply another configuration setting. I think it’s under the WPMU settings menu.
@Xevo
I think I was not clear. let me explain it. I want to disable regular signup process and enable facebook connect and orher social networks. this way I think people who uses our blog has to be confirmed from another networks.
Thanks you very much David !
I have just changed the settings and it works fine !
@Erich73: Um… just change your WordPress discussion settings in the dashboard.
so how to adjust the settings in a way that “unregistered users” and “not-logged-in users” are not able to post a comment to my main-blog at all ? Only registered and logged-in-users are able to comment ?
Do I need to install a plug-in for this simple feature ?
thanks !
This might help you further.
http://wpmututorials.com/how-to/stopping-spam-comments-sitewide/
And why take the social out of a social community plugin..?
Ok then. Jeff, is it OK if I repost my question in the missing linked-to-thread? I don’t want to spam the troubleshooting board without asking. Thanks.
You sure that is not spam?
Why did you uninstall SI captcha?
SI CAPTCHA Anti-Spam works with WordPress 2.6+, WPMU, and BuddyPress
https://wordpress.org/extend/plugins/si-captcha-for-wordpress/
WP-reCAPTCHA is not up to date for BuddyPress 1.1, that is why it does not work.
