I’d like to know this as well. I get spam blog that apparently go around my custom signup process – name not capitalized etc.
Can you “safely” delete certain WP or WPMU registration files? Which ones are obsolete when you use BP? Would that fix part of the problem?
I installed a plugin called WP-BAN. It is doing a terrific job. In a week it halted about 100 attempts in just 4 days from the list below…. and no more of those… I recommend trying it and use the list below for your list banning.
htt://*.onlq.com
http://*.myspacee.info
http://*.host-a-site.info
zhanglingjuan*
87.233.174.250
174.139.12.106
I would try to prevent member registration through .htaccess:
http://wpmututorials.com/how-to/spam-blogs-and-buddypress/
If not .htaccess, then try WP Hashcash, but I prefer the simplistic method of blocking through .htaccess. This will block most spam signups, but of course you can’t block everything! 
Thanks to Darcy Norman for the original tip!
hi zageek,
Since mounth, zhanglingjuan appears with several different ending numbers.
Personnaly i banned it from 112 to 116 in wp-options ->banned domain’s over 40 days now.
additionnally, i add some ip’s used by zhang… into the htaccess
If you can verify in your server log file, you would see that they are offten the same ip’s which are used.
I also blocked access to all trafic comming from libwww-perl witch brings a lot a lot of brut force tempting.
A little mail to abuse@gmail…. will not resolve the problem with zhang…., but will stress a bit the giant…. (i believe in the “butterfly effect”)
Using wp-spammfree and invisible defender widgets would also help you.
Of course, daily cleanning in the DB in wp-register and wp-signup tabs
since 40 days, no zhang… registered on my site.
Instead some new spammer appeared: firstnamelastname 1961 or any other year, mostly with mail on mysace.info or onlq.com
spamm is a never ending desease
I worked with building a website for academics in psychology in my country. After two years of hard work the website lives on its own pretty much. I’ve found that in my population of interest there’s 1 out of 10 who will actively participate; write something. The rest will just read and lurk. That means that you should calculate with this in mind.
You could always try to partner with that Ning-network and build something with them. If you’ve got an interesting system they might be interested.
I’m about to build my second community and have lots of contacts to get help from now. I’ve got them from the first project so all the hard work has paid off. I’m going to ask them to help me. They will be able to invite people to the network (WPMU plugin). It won’t be spam like (as per DJ Pauls comment).
Any luck with bad behavior? I was having good success with wp-hashcash but recently found it was blocking all registrations. Even a legitimate one could never get off the wp-signup page. I finally had to disable it so people could register, and now I’m back to getting splogs again. All of them seem to be a name then numbers (angie539034). Very frustrating.
check your junk/spam mail and see if it landed there. if you’re using mail services like yahoo or aol it may take a while to get in your inbox. i’ve had mail delay by several hours using those services… very rarely, but it happens.
Admins can change the name of their groups because they are the rulers of their little kingdoms. If you don’t trust the admin – don’t join the group.
Of course there are many ways to look at the group functionality. For my part, I see the group as a community within the community – a place where a few people can coordinate something, discuss something, or whatever. A group has it’s dynamics, and part of that is being able to change. Perhaps the “Event X Planning Group” will later take on a new event and thus change their name to “Event Y Planning Group”, or perhaps they’ll just bask in their old glory and rename the group “We who were behind event X”.
Another way to see the group functionality is the way they have evolved on Facebook – a sort of name list, each group a statement on a particular issue, with no function other than to be spammed and show up on profile pages.
If you prefer the latter, I can understand your predicament. A plugin can probably be built to provide the functionality you are looking for.
3635122Inactive
Thanks, I’ll give this a try.
3635122Inactive
Hi
I posted this 3 days ago and received several responses (thanks!) but never received a follow-up on my question regarding how/where I go to check the wp-signups or wp-users thingie.
Also, I was hammered again by a spammer/bot yesterday and this time, it wasn’t through FaceBook. Any ideas on how/why this is happening and what I can do to prevent it from happening again in the future?. For more info/details, please scroll up to see my origin post(s).
Thanks again, Steve
All of the *Press forums use Akismet. When you have as much activity as these collective forums get, you’ll have the occasional false positive from time to time. The algorithm that Akismet uses is always being adjusted to accommodate for this, but thankfully as we unmark posts that were incorrectly marked as spam, it learns as it goes and usually doesn’t happen again for that user.
Hey John,
Regarding the spam comment, do you know if these forums are using the bbPress Akismet plugin?
You bet. Some of your posts were getting marked as spam, along with some other users. Happens from time to time. I’m marking as resolved.
Perhaps, but personally I dislike spam inviter tools (see what I did there?).
3635122Inactive
Hey, thanks for the replies.
Looks like you folks may be onto something. How/where do I go to check the wp-signups or wp-users thingie though?. Is this something I can check from the admin center?.
Thanks again!, Steve
Some people have suggested installing WP Hashcash to block signups, though I haven’t tried it myself.
But you’re saying that someone signed up on your BP install with the Facebook Connect plugin?
So it sounds like a problem with the FB plugin… not sure though.
Sounds like DJPaul suspects the same thing!
FB-Connect isn’t my favourite bit of software in the world as I spent some time checking out the code once, so there may be a hole there. </randomguess> Certainly my money is on a plugin.
Have a look at the record in wp-signups or wp-users; any clues or differences vs a user who registered properly? Any clues?
Totally clear. Thank you so much!
When you are installing Buddypress, the only plugin you want in your /plugins folder is buddypress itself. Nothing in /mu-plugins either. Your plugins which run on buddypress are causing this error.
I have a few plug-ins running, but without the admin back end working, I can’t deactivate them. Can I place them in a separate folder temporarily without causing even more havoc? i.e. welcome pack, monty spam, wp ban, limited log in attempts, askimet, etc.
Hey Jfcarter,
Sorry for not being clear there.
If you’re using the default BP member theme, I replaced instances of bp_send_message_button with the newly, created bp_send_message_to_friend_button in these files:
* /bp-themes/bpmember/activity/just-me.php
* /bp-themes/bpmember/wire/latest.php
* /bp-themes/bpmember/profile/index.php
Keep in mind that if you’re using a different BP member theme, that those template links might be different.
Hope that was clear enough!
@r-a-y,
Thanks for this information. It was a manual signup.
I like what you’ve suggested and plan to use the code in my bp-custom file.
But what did you mean by this: “Then I edited the template files mentioned above with the new function call – bp_send_message_to_friend_button().”?
What exactly did you add to the templates, and which templates were you referring to?
Much, much appreciated.
Thx
I liked this idea, so I implemented it on my BP install.
I decided to do step #2.
Here’s what I added to my /wp-content/plugins/bp-custom.php:
function bp_send_message_to_friend_button() {
global $bp;
if ( bp_is_home() || !is_user_logged_in() || !friends_check_friendship($bp->loggedin_user->id,$bp->displayed_user->id) )
return false;
$ud = get_userdata( $bp->displayed_user->id );
?>
<div class="generic-button">
<a class="send-message" title="<?php _e( 'Send Message', 'buddypress' ) ?>" href="<?php echo $bp->loggedin_user->domain . $bp->messages->slug ?>/compose/?r=<?php echo $ud->user_login ?>"><?php _e( 'Send Message', 'buddypress' ) ?></a>
</div>
<?php
}
Then I edited the template files mentioned above with the new function call – bp_send_message_to_friend_button().
Now, the “Send Message” button only shows up if you are a friend of said user.
I’ve added a trac ticket about this issue as an enhancement, so maybe the above change will be built into the bp_send_message_button() function in the next BP release instead of having to add your own function.
—
There’s still the autocomplete feature in the “My Messages > Compose” area, as well as the wire and group wire to worry about though… one step at a time!
Is this a bot or a manual signup who manually sends messages to the users?
Anyway, the way I see it, there are two ways to combat this problem in the interim:
1) do a check to see if the logged-in user is a friend of that user, if so run the bp_send_message_button() function
2) code own function based on bp_send_message_button() and do the check within this function
Either option will require modifying the Buddypress member theme template in three places:
* /bp-themes/bpmember/activity/just-me.php
* /bp-themes/bpmember/wire/latest.php
* /bp-themes/bpmember/profile/index.php
(I’m using the default BP member theme as an example)
This is only for the “Send message” button though… how did the person spam your users?
