BuddyPress.org

@tranny,

dealing with spammers is a long run work, to not say a never ending work. There is no miraculous plugin or trick to stop them.
And even if you would be a genius coder creator of an extra super original spam shield, you could be sure to became target #1 of all spammers, because in this case, you would represent the absolute challenger of all code breakers !

Back to real life.

Most of updates spam comes directly into the DB. Bots are clever and don’t need to login to do that.
Some spammers are real people, and once they are logged, they do their stuff manually. These people can be isolated, but to do this, you have to find them in the user list. Which is absolutely not easy and time comsumting. And of course, this is not prevention but intervention, after you where spammed.

You could also track IP‘s, but again, this can be helpfull only AFTER you where spammed. But getting ip’s on admin user list is a great way to gain time. Once you have the IP, you can consult many anti spam sites who store any bot and user known to be attackers. And eventually ban them with this plugin.

For now, first thing to do is to clean your user list. Whatever suspect username, like a589xdf or special to BP, Bill UNERHOOD, can be eliminated. The first example use alpha-numeric digits, the second a very well formed first and last name. It’s extremely rare that normal users enter such credentials. In addition to this, you can check their email. Why would you, for example, have members with a polish email (@blogmedykamenty.pl) if you’re in New Zeeland and your site relates about pets ? In this case, you can raisonably doubt about an interest between medicaments and pets ! You can fire such user.

All this may be good and well, but you have also to hardening WP. This means using another table prefix as wp_ at very first. And second, to not use “admin” as user name. Never !
Read also @venutius tutorial

You have to clean out the existing spammers, unfortunately manually. And to avoid upcoming spam.

To calm down the bots – in case you receive dozen of spam daily, close all comments and deactivate notices and messages component in bp settings for 2 or 3 weeks.

Also, in case you’re on a dedicated server, you really need to enforce his security. But this is out of the scope of this forum.

Spam is a serious subject, not a taboo. WordPress codex talks about. Why shouldn’t BP do the same, specially because it can drain spam which need special attention ?

If you read Hardening WordPress, you will find a lot of references to third party plugin. I don’t believe there is an issue, if you mention wordpress plugins available on the plugin repo. Even premium plugins can be mentionned i think, as long as you specify they are premium.

Ok I’ve written something up, hope you like it

http://buddyuser.com/hardening-buddypress-against-spammers

I could try writing a simple guide tonight if you like, might take me some time though depending on what else comes up.

One thing I can say is that before I put in these measures I was getting at least 50 spam registrations a day, I now get 1 a week and this is a human who is trying to register with the site purely to spam, to find these out you have to ask then where they live, they always lie but the IP address does not, so that’s one way of vetting spammers before you allow them onto your site.

Of course with these measures there is always the chance that you are turning down genuine member requests…. It’s a balance.

This page has my own suggestions to try to avoid spammers, this combo dramatically cut down on the number of spam registrations and those that get through I hold them in a queue with BP Registration options a ban then based on discrepencies in their registration information.

http://buddyuser.com/setting-up-wordpress-ready-for-buddypress

Once registered you have no other choice as to remove them manually.
To retain spammers, there many plugins and methods. Afaik none is the perfect solution and in many situation, you’ll need to use a mixed protection.

There many topics on the forum about spam… Search them and make your opinion.
That said, you might follow some basics to harden WordPress, which is a good debut (table renaming, ban “admin” as username, etc). After that, a bunch of anti-spam plugins will calm down their activity on the site. (ban-hammer, buddypress honeypot, etc) Also keep in mind that you won’t probably never avoid spammers. But there is a big difference between 2 spam/day and 1000/per day. 😉

Better to prevent spam users to register at all. There are a lot of plugins, that help with it.
I use WP-SpamShield successfully on a BuddyPress site.

Hi @julia_b

I chose not to add an @ all command because it would be easy for a user to spam people.

@ friends is supported though. Hope that helps!

What is the error you are getting?

The user should get an email with and activation link

By the way, this activation email sometimes ends up in the Spam bin on the users email, one fix to this is to set the outgoing email address used for this email using a plugin such as https://wordpress.org/plugins/cb-change-mail-sender/

Hi,

See first here and check this very old snippet (3 years). Untested.

Isn’t possible at the moment.

My site is getting heavily brigaded by spammers
Sorry for you, but adding moderation to status wouldn’t avoid spammers signicantly.
Have you installed WP by following some basic security recommandation ?
Do you use some anti spam plugins ?
How many members do you have and to what do you estimate the amount of spammers in regard of them ?
Have you inactive users in the list ?
Are you on a MS or single install ?

Maybe you could also blacklist some words from updates publication.

Hi @dnicu26

I can’t immediately see why that should be stopping the emails. Can you remove the snippet and test again, see if the emails resume sending?

Are you talking about the plain text email that you get from WordPress that says something like a “new user registered on your site”? I assume this has always worked in the past — how many such emails have you received? 10s? 100s?

Can you also please check your spam folders in your email?

Finally, are you using Multisite or regular WordPress?

Thanks Mohamed but your function removes the exclusion of spam users.
I have 6822 users in my db – none of them are spammers (user_status != 0)
The MEMBERS tab still shows only 5724 members.
Does it mean that 1118 members have NOT yet connected and logged-in to the site ? (they are not in pending list in ADMIN)
Is there a way to get the MEMBERS tab to count the same number of members as the ACTIVITY page ?

This won’t help your spam issue, that’s another matter, but it will remove the user registration updates on your activity stream (among other activity types, depending on how you configure the plugin)

https://github.com/lenasterg/buddypress-block-activity-stream-types-ls

Hi,

buddypress.org use BuddyPress and bbPress plugin for the forum part (with some BP Ninja’s customization).

But note that BP activity comments are not forum topics – even if both may “look” like a discussion tread.

To get a similar behave, install bbPress as sitewide forum.

or to get a more indeep integration with your community members, use BP (member) groups and install a forum in some groups. By doing it this way, you can have thematic discussion groups, where not only the discussion is thematic, but where also the participant are sorted.

In other words, an “ordinary” forum can be categorized. With BuddyPress, a forum can be categorized, but members can be grouped, related to the group they belong to (is the group has a forum of course).

Note also that many BP user’s don’t use a group forum because group members can discuss via the group activity. This is very common, but only if you don’t care about forum fonctionnalities like sub-forums, moderation, spam/ham or rich edit for example.

It is not going to their spam either…. Just not emails going out. I notice the weird two Pending list when i go to the users page which I do believe is the reason.

Now I am just unsure why it would be showing two.. If I deactive the bbpress plugin things go back to one pending list and all work’s ok.

Once I reactive Buddypress. Things stop working as JT first described

You could hook into the bp_activity_add action like this:

function bp_plugin_hook_activity_add( $activity ) {
 
    // insert code to be executed when activity is created
    // read the link below for more code examples
 
}
 
add_action( 'bp_activity_add', 'bp_plugin_hook_activity_add', 10, 1 );

You can access the activity variables like this:

$activity[‘type’] or $activity[‘content’]

you should be able to use any of the keys below:

id
action
content
component
type
primary_link
user_id
item_id
secondary_item_id
recorded_time
hide_sitewide
is_spam

For more reading check out this link:

Posting Activity from Plugins

Can you check if it’s going to their spam mailbox?

We have same problem, bp_members_pagination_count() not exclude spam users, I created this code to fix (should add it to bp-custom.php) :

function exclude_spam_users( $retval ) {
	global $wpdb;
	$sql = "SELECT ID FROM {$wpdb->users} WHERE user_status != 0";
	$exclude_spam_users = $wpdb->get_col( $sql );
	if (!empty( $exclude_spam_users )) {
          $retval['exclude'] = implode( ',', wp_parse_id_list( $exclude_spam_users ) );		
	}
	return $retval;
}
add_filter( 'bp_before_has_members_parse_args', 'exclude_spam_users' );

would suggest you use wp spam shield its quite effective imo

Spam is an endless discussion on the web over years. Search this forum, you’ll find many topics.

Half of my users registrations are reported by buddypress like a spam.
The question is why ? Aside, note that it is WP who controls the registration, not BuddyPress.

Do you use Askimet or some other plugin who controls your registry ?

So I think it’s sufficient? no?

Simply ? NO !

Captchas are helping to determine a human activity, but generally don’t spam users.

Many spam bots go through captcha and many other goes directly to your db. And many many, if not all, can send emails !
Spammers are even cleverer as most door keepers, it’s a sad fact and a great part of that “sport” to prove it continuously.

Here some common tasks explained to avoid spam and other unwanted content on your site. Note that one of the first thing to do is to use another table prefix as the universal knowed wp_ !

Cleantalk and wangguard are good plugin options too for preventing spam.