Aaaand we’re off topic. This thread is for reporting spammers on buddypress.org, not about how to implement anti-spamming measures on your own site. I am going to lock this thread.
If you are looking to report spamming issues on THIS SITE, please send a message to a forum moderator or find us in IRC chat.
If you are looking to discuss spam prevention on your own site, please make a new post or find an existing one.
Guys, But seriously,, even if the bot-spammer gets through — its still very taxing on my server!
Im thinking of installing “BAD Behavior” but im really trying to limit the stuff I have installed/
any suggestions?
Here’s something else that might interest a few: I installed WPMU Super Captcha over the weekend (running WPMU2.9.1 & BP1.2rc). Since then, there have been no bot signups at all, and the plugin has blocked exactly 50 attempts. Plus, it logs each attempt that it blocks so I can keep track.
I’ve also added a comment on the registration form directed towards human signer-uppers with a support email address just in case. None of the 50 blocked attempts have used it, so…
Bots had managed to get around other plugins I’ve tried before, but not this one.
@Boone, yep, thx !
So i progressed on my site. I downgraded to wp 2.9 and asked (gently) my host to give me more memory.
I have now 25 mb for php and the install is working. But i haven’t installed plugins other than BP for the moment….
If this memory lack is “normal” or “expected”, i would preddict that as soon as WP 3.0 is avaible, 90% of all WP user actually on a shared host, and who udate, will go down. As actually no shared host offers at least 32 mb for php…
The cgi php solution with 64 mo, the new host trend apparently, is more powerfull but is always shared too, which means that i could write at my site entry: open between 3 and 4 am. The rest of the day, maybe my neighbour is trolling on emule and consume the server memory with * db queries on his overspammed fischerman forum… Wouaaaaaaaa ! Nice future…
This means also that from now on, a WP usage with BP is only intended to be on dedicated server.
If this hypotesis is right, this must be annouced to the world and should be mentionned, at least, in the readme file and on the download page.
So i discover that WP, who once was one of the fastest and litest CMS, is now entering in the heavy weight super-pro area, with ultra wide storage capacities, intense RAM consumption and specialized hi-band connection… Whouaaaaaa !
Twenty Ten, a new template but also a very surprisingly year ! 
Thanks for the plugin, however the activity stream is showing spam comments even if they are stopped by akismet
@jeffreeeeey: any luck with this? I’m getting the bp-registration-options.php on line 639
error as well.
The plugin has helped a great deal. I went and modified wpmu-functions.php to add the members profile URL so I could quickly look at the person’s info and either spam or delete them if I thought they were fake. It’s still pretty manual, but faster.
I currently have the option set that people can sign up for groups on the registration screen:
http://tkdunion.org/register
So, I thought perhaps it occurred because I didn’t join any groups. Lots of people get emailed when a new user signs up, so I hesitate to keep testing this. Any suggestions? How did you resolve this issue?
Oh. @Andrea_r –> any way you could point me to that particular Mike Pratt thread?
I was having major problems w/ sploggers. The link Chouf1 mentioned totally stopped ’em dead in their tracks. I think I’ve only had one splogger since, and it was a real person just typing it in somewhere in Thailand, trying to up their SEO ranking or something weird like that. :p
zageek – in another thread @mikepratt mentioned he has a small number of required fields. If you just have the default stuff on signup, yeah, you’ll get flooded.
I have been running BP in Production since well before the 1st alpha release on the same url with the exact same registration slug AND requirements. Nothing is protecting on my site any more than a standard install – no captcha, etc. I can count on my hand the number of spam attempts to register. They are so few, I just delete them and use BanHammer once they try.
How? We have a specific (albeit small) set of required registration fields to fillout. That’s all. I love siple and fast registration as much as the next guy but, unless you want to enforce email address verification and a bunch more, those are your real options.
Changing the slug will work until it doesn’t …which won’t be very long. Consider how that spammer found you in the first place…with a bot – not by randomly coming across your site.. and just like in the matrix, the bots will find you again. 
If you change the signup slug, ie. from to signup to regme, probably that this can be found easely by spammers. But if you change signup to bolimp or domybest or f_12gt_99xpm, probably not. And building a random letter word constructor to spam a wp install is probably too much also… As far as i know, the majority of wp users never look into the code. And robots like majority…
Anyway, the signup table would still exist… and accessing a db is not impossible at all i presume. So the only thing to change is the table name, 6 x by day if necessary. And this is not simple at all.
Happy coding !
Have you read these recommandations ?
http://www.bp-tricks.com/tips_and_tricks/stopping-the-sploggers/
They help in many cases. Really.
Spam is becoming a serious threat to Buddypress. We need to create a dedicated Spam section to help people fight it.
Ever since I posted my site here in the showcase thread I suddenly had a flood of spam
Heres an idea I had. Why not create a plugin that generates random slugs for the sign up page, I would write it myself because I have an idea of how I want to implement it, but I don’t have the time.
Any takers.
I tried the approach of changing my signup slug to a new one and it worked for a while but suddenly the spammers are back again. I think they have figured out this trick and they possibly manually have someone go to the site and find the new slug, or they have found a way to bruteforce find it.
If we can have a sign up slug that randomly changes to random strings its going to seriously irritate the spammers and make their job harder.
I’m sure some users won’t want to use this because they will want a fixed slug for loggin in perhaps for search engines to find, but many users could get away with this and have a nice link for logging in.
presume my last post got caught in the spam que because of two links, so will avoid this time.
The parent theme is Justin Tadlocks Theme Hybrid & the child theme is down to Patrick of developdaly.com.
I just added the BuddyPress reguired functions to my child theme, loving the functionality of BuddyPress 1.2, still some CSS needing to be worked out, but am happy to share the theme/code if wanted
okay, well that was 2 hours not well spent.
reinstalled the plugin recommended on the wpmu forum, namely collin mcdonald’s WP-Mail-SMTP Plug-in
it doesn’t work, no matter what variation I tried.
I cannot believe that with all the 1,000’s of buddypress users on here that I am the only one with issues about making sure our members get their messages and that they don’t go to spam.
a default server email address like the one I mention here is sure to go to spam in many email programs. …
the relentless search continues
Just noticed the spamming in activity stream of BP home page
http://buddypress.org/developers/vnftsai/
@bowe
Why would YOU put advertising on your site when spammers do it for you for free ?
Top be rich one day, one hour or a few minutes, never forget that time is money
Well look no further! Install buddy press and the spammers will come up with the most amazing baby names you have ever seen.
No more fake name baby books get the real deal. All buddy press spammers names are original, unique and creative.
Buddy press spam. Your new baby naming software lol
This was an infomercial joke for those who don’t get it!
Thanks DJPaul, I find these plugins and don’t advert them,but let people know of them.
I don’t en-dose them or warrant anything only FYI !
Whilst that’s true, I think for those of us who are not great developers, coders or web stylists, having something that shows recognition even if its not linked is a better alternative than just deleting it from the footer…
but of course with the logo I presume copyrighted, it would need to be an offical ‘powered by’ one to be used only for specified purposes.
I’m guessing that those developers who are able to combat the spammers with a greater degree of control then perhaps it is a non-issue.
It was just a thought.
> So don’t link it.
That would work.
My point was that whatever method you use needs to still provide the same level of protection from spammers or else you might as well leave the “powered by…” intact.
There has been a lot of discussion about spammers targeting the ‘powered by buddypress’ text in the footer. Would an option be to create a powered by buddypress logo, that way those who choose to abandon the text can at least acknowledge the work you guys are putting it. I know that its not as accessible, but it is an alternative…
I’d say the noteworthy features for Anti-Splog are their API and limiting number of signups per IP per 24 hours.
I don’t really like the “changing signup page location every 24 hours” feature, although I understand the rationale, I’d prefer a permanent location for indexing reasons.
The rest of it is doable.
To make it seem like their plugin is uber-spectacular, they’ve created a flowchart :p
http://wpmu.org/wp-content/uploads/2010/01/Anti-Splog.gif
I just noticed that the comment author and avatar is not nofollow’ed in the bp_dtheme_blog_comments function. This is attractive to spammers and can get you listed in dofollow blog directories.
How can I edit that function to include rel=”nofollow” in my own functions.php file and leave the parent theme alone?
Thanks!