BuddyPress.org

So much spam potential 😀

Check the activation emails aren’t going into user’s spam folders.

That information never arrived at the email.

Just a thought, check your spam folder as sometimes activation emails end up there.

I attempted another registration with different credentials and email and this time nothing happened.

This might be a problem with your theme. Try activating TwentyFifteen and complete the registration form again. Also deactivate any plugins you’ve installed, just to be sure none of those are causing the problem.

Sometimes registration emails aren’t sent

Are you sure they’re not being sent? Could it be that they’re not being received (gone into a spam or junk folder)?

If the user skips this they can login normally

They can log in but unless they’ve activated their account via the email that was sent, or you have manually activated them, they won’t be able to do much on your site. Their privileges will be restricted.

Hi

@Vignesh: I installed WangGuard and it seems to work well. Frequency has come down to 3-4 hr/spam from 20min/spam on average.
You get the Free API also after creating user account with them.
Recommended ? : YES.

@ Jose: Thanks, it works well.
I was able to create a Security Q, and all seems easy now.

BR

Arvind

@projectslimited – yeah, welcome to the club! I had one bp site with registration turned off for 18 months.. turned it on to test some thing – hours later – dozens of new “groups” and spam accounts.

My main site I depend on buddypress humanity as main line of defense.. but also add the plugin “good question” (changing the defaults on these two!)

I also use “geo ip block” on all wp sites now. (changing some defaults)

that seems to help 95% – then I got so tired of the manual spammers that I added the apache gep redirect thing from maxmind lite.. and block all visits from Russia, China, Ukraine, and a few others completely.

Saves a ton of bandwidth and server resources – and makes it easier to find the cdir blocks of US and UK ISPs to block via htaccess (none of my web site visitors are using COLO Crossing Transport to visit my site- so all their cidrs eg:
23.94.144.0/20
23.94.144.0 – 23.94.159.255

blocked…

I have been messaging with a wordpress plugin author about modding his plugin that pulls info from failed logins and puts them into iptables – suggesting a few mods that can make that info useful to those of us who do not have access to or want to get into iptables modsec stuff – hopefully those suggestions will come into a new version of that plugin later this year.

with my multi-site setup I use a ‘new blog defaults’ plugin to set any new blogs created to automaticcaly have the noindex setting in wordpress, and noinded nofollow settings from yaost.. so even if one manual spammer gets in and makes blog – it does no good, and does not show up on the radar of the other spammers.

I recently had to block Japan entirely as I started getting daily spam hits from there.. of course each person’s setup will vary – I can’t block all countries on all my sites, so some sites I set the ip geo block to whitelist just one or two.. on other sites I setup a blacklist to block 20 or so..

So, is that how the spam or favorite/un favorite buttons work?

Maybe. It will depend if you have JavaScript enabled in your browser. If you do, then Ajax will be working. If you don’t, it’s likely the traditional POST or GET methods will be in operation.

Take a look at this code, I think it may be helpful for you…

I created a function vp_add_group_activity_comments() that hooks to the ‘post_comment’ action, so when a user posts a comment an activity stream item is created and added to their group’s feed.. (on my site users can only be in one group at a time)

It’s all about what you set for the $args array….

function vp_add_group_activity_comments($comment_id){

$comment = get_comment( $comment_id );
GLOBAL $wpdb;
$user_id = get_current_user_id();
$user_info = get_userdata( $user_id );

$current_user_group_id = $wpdb->get_var("SELECT group_id FROM ".$wpdb->prefix."bp_groups_members WHERE user_id = '".(int)$user_id."'");

$comment_action = "<a href='".site_url()."/members/".$user_info->user_login."'>".$user_info->first_name." ".$user_info->last_name."</a> posted a comment on <a href='".get_permalink($comment->comment_post_ID )."'>".get_the_title($comment->comment_post_ID)."</a>";

// arguments to pass to the bp_activity_add() function
$args = array(
'action'            => $comment_action,                     // The activity action - e.g. "Jon Doe posted an update"
'content'           => $comment->comment_content,                     // Optional: The content of the activity item e.g. "BuddyPress is awesome guys!"
'component'         => 'groups',                  // The name/ID of the component e.g. groups, profile, mycomponent
'type'              => 'activity_update',                  // The activity type e.g. activity_update, profile_updated
'primary_link'      => get_permalink($comment->comment_post_ID ),                     // Optional: The primary URL for this item in RSS feeds (defaults to activity permalink)
'user_id'           => $user_id,  // Optional: The user to record the activity for, can be false if this activity is not for a user.
'item_id'           => $current_user_group_id,                  // Optional: The ID of the specific item being recorded, e.g. a blog_id
'secondary_item_id' => $comment->comment_ID,                  // Optional: A second ID used to further filter e.g. a comment_id
'recorded_time'     => bp_core_current_time(), // The GMT time that this activity was recorded
'hide_sitewide'     => 0,                  // Should this be hidden on the sitewide activity stream?
'is_spam'           => 0,                  // Is this activity item to be marked as spam?
);

$add_activity = bp_activity_add($args);

// Update the group's last activity
groups_update_last_activity( $current_user_group_id );

return true;
}  
add_action('comment_post', 'vp_add_group_activity_comments' );

Take a look at the code below to see how I use the post_comment action to hook my function vp_add_group_activity_comments(), which creates an activity stream item when a user posts a comment and adds it to their group’s activity stream… This is just what we are doing for our site, but if you look at the code you should be able to figure out how to do it for your site….

function vp_add_group_activity_comments($comment_id){

$comment = get_comment( $comment_id );
GLOBAL $wpdb;
$user_id = get_current_user_id();
$user_info = get_userdata( $user_id );

$current_user_group_id = $wpdb->get_var("SELECT group_id FROM ".$wpdb->prefix."bp_groups_members WHERE user_id = '".(int)$user_id."'");

$comment_action = "<a href='".site_url()."/members/".$user_info->user_login."'>".$user_info->first_name." ".$user_info->last_name."</a> posted a comment on <a href='".get_permalink($comment->comment_post_ID )."'>".get_the_title($comment->comment_post_ID)."</a>";

// arguments to pass to the bp_activity_add() function
$args = array(
'action'            => $comment_action,                     // The activity action - e.g. "Jon Doe posted an update"
'content'           => $comment->comment_content,                     // Optional: The content of the activity item e.g. "BuddyPress is awesome guys!"
'component'         => 'groups',                  // The name/ID of the component e.g. groups, profile, mycomponent
'type'              => 'activity_update',                  // The activity type e.g. activity_update, profile_updated
'primary_link'      => get_permalink($comment->comment_post_ID ),                     // Optional: The primary URL for this item in RSS feeds (defaults to activity permalink)
'user_id'           => $user_id,  // Optional: The user to record the activity for, can be false if this activity is not for a user.
'item_id'           => $current_user_group_id,                  // Optional: The ID of the specific item being recorded, e.g. a blog_id
'secondary_item_id' => $comment->comment_ID,                  // Optional: A second ID used to further filter e.g. a comment_id
'recorded_time'     => bp_core_current_time(), // The GMT time that this activity was recorded
'hide_sitewide'     => 0,                  // Should this be hidden on the sitewide activity stream?
'is_spam'           => 0,                  // Is this activity item to be marked as spam?
);

$add_activity = bp_activity_add($args);

// Update the group's last activity
groups_update_last_activity( $current_user_group_id );

return true;
}  
add_action('comment_post', 'vp_add_group_activity_comments' );

@atfpodcast – quick chat is working 24/7 on my busiest bp site with 11,000 members.. only thing that screws up that page is when rtmedia has an update the screws with permalinks (messes up all of my static “pages” – have to change and resave.. but that is an issue with rtmedia and permalinks – nothing to do with quickchat.. it works fine and I deploy it on different sites in different ways. I did some write up about it on one of the comment threads I originally linked to in the first response to the original post I think..

anyhow, I think quickchat is the perfect text-chat plugin for a small web site that does not hammer the chat system with hundreds of simultaneous users.

It does chat, avatars, bad words filter, admin can delete stuff – it’s quite the package – I wish the original dev would of answered my emails offering some paid enhancements.. but it’s fine as it is. I did a long write up on one site talking about the drawbacks of ANY chat system that hooks into sql – but I doubt most people will run into those issues until they get more than 20 or so same-time chatters – that’s when you start to look at things to limit sql requests to keep your server from choking – which is usually more of an issue with robots and scrapers and brute force login stuff – comment spam – all that.. guess that’s more of a slightly different discussion – lol.

Have you installed both site on a same or separate WordPress, and same question about BuddyPress ?

Another question about 3500 pending request.

Are you sure these aren’t spammers ? Why are they pending ? Have you setup this behave or is it a sudden amount of registerer ?

Can you activate one account at time ? Or is only bulk activation defect ?

@bobbingwide Existing user accounts should have edit capability, it was only newer accounts where we needed to manage the spam activity, so if you could try editing a page and let us know if you are having issues.

>If moderator could mark a member as spam only via dashboard, i am ok with it.

Due to the current_user_can check, afaik it is not possible via dashboard unless you hack core files.

>I think spam and extended features have been added by buddypress therefore i am asking here.
Sorry, my mistake.

Before adding the ‘spam’ link BP checks to see if
current_user_can( 'edit_user', $user_id )

Members can also be marked as spammers via the front-end.
Take a look at :
\bp-templates\bp-legacy\buddypress\members\single\settings.php
You might be able to adjust it to check for a cap of your choice.