I’m not aware of any captcha plugins for this, but it’s a good idea. I haven’t time to look into the code atm.
Is there any way to enable captcha or something similar on BP private messaging?
That’s where I’m seeing more and more abuse lately. Somehow sploggers register with my site, then PM all the users with kiddie porn links. It’s really bad.
I don’t quite have a handle on how they’re doing this. There must be some sort of evil script that goes through the member directory and messages member after member. Have other people seen this, and, if so, any suggestions on how to combat it?
Were you able to resolve the problem?
I have a similar plugin that is fully WPMU and BuddyPress compatible:
SI CAPTCHA Anti-Spam
https://wordpress.org/extend/plugins/si-captcha-for-wordpress/
If you use this on Buddypress be sure to update to the latest version of SI CAPTCHA Anti-Spam
https://wordpress.org/extend/plugins/si-captcha-for-wordpress/
== Changelog ==
= 2.0.4 =
– (03 Oct 2009) – Fixed session error on the members and groups pages on Buddypress versions.
I also just noticed that buddypress profiles don’t import from wordpress profiles or vice versa. It takes enough tooth pulling to get people to complete one profile. Adding those fields to sign up would be good because required fields would also have some anti-spam benefits.
I read your example. I need something with a wider net. First off, the robot registration never leave an e-mail address. Unlike WP comment spam, WPMU registration robots appear able to bypass required fields, including e-mail address.
I receive e-mails announcing new registrations that contain only IP addresses. Meaning I would need to include hundreds of IP addresses in your code.
The real solution is somehow create a bullet-proof required registration field or move the registration page behind a firewall. I’ve seen single-user WordPress installations that move the wp-admin or wp-signup pages to avoid robot attacks using the default name and location of these pages.
@ wordpressfan
Did you read this post ?
I give a solution. Not perfect but it works
https://buddypress.org/forums/topic/fighting-splogs#post-22687
Askimet does great catching spammers comments on regular WordPress installations, but WordPress MU is commonly the target of spam registrations, which is my problem. I tried reCaptcha and the same day had to delete spammers.
I’m hoping a future version of BuddyPress or WPMU will include finer security, allowing admins to block access to only humanly-registered users, rather than either shut off all registrations. Another possibility would be to follow the example of WordPress and allow admins to relocate or rename the registration component.
I use reCaptcha with askiment in a bundle, well….i will see the result after launch the site 
@r-a-y: I added the .htaccess commands to avoid robot registrations. We’ll see how that works.
Just an update, Matt Kern just made a post on the BP forums about his manually-approve signup plugin for WPMU:
http://mattkern.com/wpmu-manually-approve-new-members-on-local-install/
Hey wordpressfan, understand that BuddyPress runs on top of WordPress MU so any spam issues are still, at its core, a WPMU issue.
The WPMU readme.txt has some info on how to counter spammers:
https://trac.mu.wordpress.org/browser/trunk/README.txt (read line 165 and on)
For the Darcy Norman link, use WPMUTutorials’ variation for BuddyPress:
http://wpmututorials.com/how-to/spam-blogs-and-buddypress/
—
Also, for your suggestion on moderating signups, WPMUTutorials also has an article on that:
http://wpmututorials.com/hacks/how-to-moderate-signups/
Read the last comment in that post for info on modifying the article’s instructions for BuddyPress.
—
You might also want to check out SI Captcha:
https://buddypress.org/forums/topic/si-captcha-for-wpmu-and-buddypress
The beta version has support for BP as well.
Hope that helps in some way!
I’m about ready to ditch BuddyPress. I installed the latest trunk and have the BPDEV anti-spam component with a captcha. Still, people continue to register, bypassing required fields.
The least that could happen is either BuddyPress become compatible with Akismet or enable some registration approval step, where an admin could delete accounts with empty profiles before they go “live.”
Please help me beta test the next version of SI CAPTCHA
I have tested it in WP – WPMU – BuddyPress and it works for me.
Your testing can help me to be sure..
Here are the changes in this BETA release:
= 1.9 BETA =
– (24 Sep 2009) – Added full WPMU and BuddyPress compatibility. WPMU and BuddyPress users can now protect comment form, registration, and login from spam.
– Added login form CAPTCHA. The Login form captcha is not enabled by default because it might be annoying to users. Only enable it if you are having spam problems related to bots automatically logging in.
– New feature: An “advanced options” section to the options page. Some people wanted to change the text labels for the CAPTCHA and code input field.
These advanced options fields can be filled in to override the standard included text labels.
– Added new advanced options for editing inline CSS style of captcha image, audio image, and reload image.
– Minor code cleanup.
Download the beta here:
http://www.642weather.com/weather/scripts/si-captcha-for-wordpress1.9-beta.zip
SI CAPTCHA plugin site:
http://wordpress.org/extend/plugins/si-captcha-for-wordpress/
Thanks for your help, Mike Challis
If you use custom profile fields in your registration spammers wont effect you.I dont know why but i havent had a spam sign up since i tried this
I’ll add a ticket, but I thought the problem was corrected. It seems spammers are targeting BP installations. In the meantime, I’ve installed BPDev’s NoSpam plugin, which uses a captcha.
i don’t know if robots go directly into db, or use the wp code…
but one thing you can try is to hack a little the register_new_user function in wp-login.php
to ban some email domains like “XXXX@myspacee.info” witch massevely occurs in the past last weeks….
function begins at line 228 (v. 2.8.4a)
add this on line 233
$email_check = explode(“@”, $user_email);
insert also this at line 248
} elseif($email_check[1] == ‘myspacee.info’) {
$errors->add(‘invalid_email’, __(‘ERROR: The email address isn’t correct.’));
insert the same code and change the mail domain name if you need to ban more domains
In use with invisible-defender, wp-ban and wp-spamfree i think you would be quiet for a moment with unwanted registering of blogs or users.
I recenlty updated a existing bp RC1 installation to the lastest trunk1.1-pre, with wp-mu 2.8.4a at http://voiceover-casting.com
Process: I have deleted all old files of buddypress and upload again following the new instructions
Founded bugs.
– When I activated the plugin I get a error but the site is working fine
Fatal error: Cannot redeclare bp_activity_install() (previously declared in /home/produlzc/public_html/voiceover-casting.com/wp-content/plugins/buddypress/bp-activity.php:19) in /home/produlzc/public_html/voiceover-casting.com/wp-content/plugins/buddypress/bp-activity.php on line 52
– In the registration the password verification don`t work
– The “signup_extra_fields” desapear of the registration page. I use a spam verification like in this website (http://text-to-speech.com.br/register), and it don’t show anymore. If someone can help me solve this problem will be great!
– When I deleted one option of a radio button field, all field was deleted.
That’s it.
Thank you Andy and all team for the good job. Keep doing!
Fernando
You could also try some WP plugins that add additional hidden, input fields to the registration form:
-Invisible Defender – https://wordpress.org/extend/plugins/invisible-defender/
-NoSpamNX – https://wordpress.org/extend/plugins/nospamnx/
Chances are a spam bot will fill these input fields in, and thus these plugins will block these submissions.
—
I’ve been meaning to give this a shot, but I haven’t tried it yet because I don’t need the extra layer of protection (right now anyway)!
Michael, you can also try protecting spam signups by using a RewriteRule in your .htaccess:
http://wpmututorials.com/how-to/spam-blogs-and-buddypress/
This is quite an effective method that will stop most spambot signups (except the manual ones!)
You also have to secure your bbPress install from spam signups (if you have forums installed).
Things you’d want to do is disable registrations in bbPress and redirect attempted signups to WPMU’s signup page.
Hey JF,
Yes, your bp-custom.php file should start with <?php and end with ?>.
I assumed that you did that already! But if you didn’t, put that in your bp-custom.php file.
Give that a shot and let me know if that works!
—
If you’re having problems with spam signups, I recommend using this .htaccess snippet by WPMUTutorials.com (by way of Darcy Norman):
http://wpmututorials.com/how-to/spam-blogs-and-buddypress/
Hi r-a-y,
Thanks. I was hoping not to have to use this function, because alot of our users are getting to know each other and are sending messages.
The problem is that someone keeps creating accounts and spamming all of our members (well over 100) and I have to keep going in and deleting all of the messages. And I have to watch the user signups like a hawk.
So, anyway, this was my first time using it. I changed the functions, but still can’t get it working. I think it may be how I’m adding it to my bp-custom.php. Here’s what I’ve added:
function bp_send_message_to_friend_button() {
global $bp;
if ( bp_is_home() || !is_user_logged_in() || !friends_check_friendship($bp->loggedin_user->id,$bp->displayed_user->id) )
return false;
$ud = get_userdata( $bp->displayed_user->id );
?>
<div class="generic-button">
<a class="send-message" title="<?php _e( 'Send Message', 'buddypress' ) ?>" href="<?php echo $bp->loggedin_user->domain . $bp->messages->slug ?>/compose/?r=<?php echo $ud->user_login ?>"><?php _e( 'Send Message', 'buddypress' ) ?></a>
</div>
<?php
}
But I’m a bit confused. Shouldn’t it start with <?php and end with ?>
Thanks for your help,
jfcarter
Hey Jfcarter,
There is no add_action for this function as the changes require manually replacing the existing message button function in the BP member template.
Were you able to get this working before? Or is this the first time you’re trying this?
Anyway, follow these steps:
(1) Make sure you put the bp_send_message_to_friend_button() function in your /wp-content/plugins/bp-custom.php
(2) Replace the bp_send_message_button() function with the newly, created bp_send_message_to_friend_button() in your BP member template.
If you’re using the default BP member template, you have to replace the function in these places:
* /bp-themes/bpmember/activity/just-me.php
* /bp-themes/bpmember/wire/latest.php
* /bp-themes/bpmember/profile/index.php
If you’re using a modified version of the BP member template, you’ll need to manually find each instance of the bp_send_message_button() function and replace it.
—
Just FYI, I’m no longer using this function as we did indeed wanted users to message non-friends.
r-a-y,
I’ve used the code and changed the files, per your instructions. Is there some sort of ‘add action’ that should be at the end of the function? Right now i can’t get it to work.
Any help would be appreciated.
thanks,
jfcarter
