There’s really no need to make unfounded accusations like that.
Go turn off the ability for users to add other users. If you already have spammers in your system, they’ll let others in. It’s under Site Admin -> Options.
Doing the easy stuff is just the first level of defense.
Guys when you re write the slug do you have to also move folders or files?
or do I simply add
define( “BP_REGISTER_SLUG”, “random slug” );
to the wp-config?
I simply did the easy things. I added yes or no questions. I put in default profile fields they would have to answer and I added a date of birth field.
What I don’t understand is right now I have registrations closed and they are still signing up.
Registration has been closed for almost an hour and I still got 8 or 9 spam accounts over the last 40 minutes.
How is that possible?
I had to close registration the spam is so bad. I’m assuming the person that is spamming our websites is someone within the community here at buddy press.
As soon as I made a rude comment about the developers ignoring spam issues I got hit by spam like never before.
Bbrian – what exactly have you implemented to stop splogs? I’m not being sarcastic. If I know what you’re tried already, I can suggest different things other than telling you things you tried already.
“I wonder where the spammers get the time to figure out ways to spam sites is there like a spam university or something”
They buy automated scripts. Seriously, I can send links. They google for default text like “powered by buddypress” and “/register/”, plus they jointly build lists of BP-powered sites and share them, so they can then drop these lists of sites into their programs.
Part of stopping them relies on figuring out how they come in, which we’ve spent time doing.
I had 110 e-mails this morning and over 60 spam accounts.
Where am I supposed to find time for this?
I looked at the bp demo site registration I don’t see much different besides the date of birth…
http://testbp.org/register/
I wonder where the spammers get the time to figure out ways to spam sites is there like a spam university or something lol
On my site I even disabled registrations and I still two splogs appear after that, which is very confusing for me indeed.
I can see one problem with sharing info on this forum about fighting spam, and that is that it will give the spammers the info they need to come up with counter attacks. I propose we start a spam eater group where we can share spam info behind the scenes, in fact I am going to start it now, not a perfect solution but still one that could work. What do you guys think?
https://buddypress.org/groups/spam-eater
Its a private group but anyone is welcome to join.
“Adding an extra feature on signup or even adding a question doesn’t help. “
If you have just the defaults, you will get hammered with spam. No question.
Part of the issue is how they are finding your site and how they are signing up. What works for one site may not work for another as there are quite a number of sploggers out there who wrote programs (I’ve seen them advertised) to hammer your sites. They look for the defaults.
But in my experience, to stop the splogs to a trickle, you have to do a number of things, not just one or two. Andy has a number of fields on signup at testbp.org and doesn’t have a splog issue. The domain has been up long enough for them to find him.
There are signup moderation plugins for MU. I have no idea if they work with BP, but someone can modify them. there are also a number of suggested bot-stopping plugins that are suggested, that I have found DO work, but many people reading about them discount it as they think it only applies to comments. Some sploggers use the exact same techniques. Bad Behavour works. Cookies for Comments works.
Adding an extra feature on signup or even adding a question doesn’t help.
Hi Andrea. Yes, that 1st part is quite easy with BP 
the 2nd part is tougher though, as far as I know:
“- the opportunity to manually approve/delete sign-ups based on their answer, at least blocking the unapproved from appearing in blog lists, sidewide activity etc, basically making it 100% private (only vsible for admins) until approved.”
You lucky, the spambots that are after me figure out the new slugs after a few days.
I am actually considering setting up a botnet to jam up their IP’s and domains as payback lol
@Bbrian017 I actually do that by manually logging in once of twice a day, and marking users and blogs as spam at my discretion. If in doubt I email the person who signed up and ask them something a spammer wouldn’t know. My site is aimed at users in my country only so there are many things I can ask them that genuine users only would be able to answer. Its tough going.
I think there must be someway to do this through WP though as you can do this with many other CMS’s and forum scripts where you can only allow registrations after approval
“A nice feature would be (plugin request!) to have:
– an extra field on signup. “
Then add an extra required filed in the BO backend.
I don’t think anybody can stop you from posting a file on your server with domains and IP’s which you advise to be blocked… I actually think it would be a good idea to have this info centralized, an Akismet for sign-ups if you please, would save a lot of effort.
Just checked wp-ban’s stats and 4 IP’s were blocked over 1000 times. Though it does not stop splogs, it serves as a good example that sharing info might help, especially if the signup page can check a database of known sploggers or words in blog titles.
A nice feature would be (plugin request!) to have:
– an extra field on signup. Skip all the usless and annoying captcha’s, just a simple question: “why you want a blog?” or more specifically: “what are you going tor write about?”
– the opportunity to manually approve/delete sign-ups based on their answer, at least blocking the unapproved from appearing in blog lists, sidewide activity etc, basically making it 100% private (only vsible for admins) until approved.
Before you ask: I cannot make this, but I will be happy to test if some more skilled person can!
Rewriting the slug works for me. @andy, would it be possible to have the slug name not in wp-config, but as an option under BP options? Or even as a required step when activating/installing BP? That way, everybody will create their own slug and all should be happier to use BP
I started the group for splogging and spam a while ago, but to be honest I haven’t experienced any for quite a while now.
@andy’s right about changing the signup slug, that made a big difference for me. I also renamed (removed) the wp-signup.php file as that’s not in use, and again that made a difference – though watch for that on a wpmu / wp upgrade as it’ll replace the file.
I removed the WordPress references in my theme footer too, just to make it a little less obvious that I’m running WP.
Also running SI-Captcha antispam and NoSpamNX, but that’s about it nowadays.
what i read here is just childish… what kind of site do you run? from what i see on your site and twitter profile, you are a SEO marketer?…
you start a site for bloggers, what do you think you will do with it… grab spammers. this is the only goal on a site with open registration and off-topics.
i had hundreds of incompetent clients in the past, who thought they were gods and they knew everything and were able to fix everything they were touching… they were also whinners and drama queens. complaining about spam?… sure you can put the fault on the guys here, but that just show that you know nothing about spam, not a single bit.
a good captcha is not useful if the spammer is a human paid by a company to post adverts… a good filtering engine is not good either when the spammers use trolling techniques to post psychadelic messages…
it is the job of the site admin to filter by hand, to approve the content, to find great topics for a site, or simply to not use the boring “off-topic” market that is so profitable… like you just did to raise your seo rank.
you’Re simply not good at seo… leave.
Any of you who continue this thread any further are simply staring the ‘gift horse in the mouth’ so to speak.
~ spam in a problem for every company, be it IBM, Google or WordPress. These companies spend millions combatting it and it’s a problem for almost any CMS, or site that has UGC. If you can’t install Askimet, and/or a couple other preventative measures on your site, then you should hire someone who knows what their doing or you have a compromised(hacked) site where once again, you should hire someone who knows what they’re doing.
while not naming names ~ I have watched ‘your’ post on this forum and you’ve offered very little contribution and quite a bit of negativity. That doesn’t bode well for an open source community who provides you a product free of charge. Perhaps providing some meaningful feedback about your experiences will help the community develop better solutions instead of glaring accusations and harsh criticism? In fact your post in this community are very much like spam for the very same reason. At this point, you’ve pretty much hit an all time low since your accusing developers, many of whom work for free, of turning a blind eye towards the issue of spam. If you’re unhappy with website, may i suggest move on to another piece of software that is magically immune to spam robots, where you’ll most positively be a great asset, not only to them, but also with your absence here on the Buddypress Forums.
The best trick I learned for fighting spam bots is to ask a question that only a human can answer and making them type it into a text box. If you change the question daily or randomize it, it makes it even tougher. Don’t do anything like math or captcha or something that a bot can calculate or decipher. Ask a question like “What color is snow?” or “How many sides does a triangle have?”
But if humans are filling out the forms, you are pretty much SOL.
The ability for an admin to mark user avatars as ‘mature/explicit’ without banning the user and switching the user avatar to a default. And a similar user setting for ‘bozo’ users so that it may appear to a user that his content is still there, but it is filtered from unregistered and other user accounts. This will discourage anyone from creating new users account as a result of being banned and/or marked as spam from a community website.
zageek how do I make it so all the accounts at my site have to be manually approved?
What section of the admin cp is that in?
Are stwc’s solutions not enough?
IMHO – being overcritical will not solicit the best help. Like any community – you’ll need to fight spam regardless of the platform and requires ongoing patience to battle.
Some tricks I use
block all MSIE456 users, block bad bots, block known spammer country CDIR ranges, rename template pages, try whatever plug-in and tweak if needed.
