BuddyPress.org

First you said:
>I disabled registrations using “Registration is disabled” from the network admin settings/network settings and the spam registrations continue.

Now you say:
>– disable registrations (network admin) and the automatic reg stops

Not sure why things have changed, but it’s a clue.

btw – did you change the salts in your wp-config ?
https://codex.wordpress.org/Editing_wp-config.php#Security_Keys

@ride2719

https://buddypress.org/support/topic/critical-exploit-backdoor-spam-registrations-via-bbpress/#post-173527 ?

>Forums are enabled (it’s a primary purpose for the site)

Understood, but try deactivating bbPress.
If the spam regs stop, you know it’s a bbPress issue and you can post a bug report on their site.

If they don’t stop, at least you know it’s not bbPress.

I need an interface that organizes all the forum related tasks. I’m finding the setup with BuddyPress & bbpress to be a little intimidating.

It sounds like you just need a forum, which would be bbPress. The reason bbPress and BuddyPress are separate plugins is that this allows people to pick and choose according to their needs. What you need to figure out first is, what do you want and need?

To learn more about how to use bbPress, check out the official guides here: https://codex.bbpress.org/

There are also plugins specifically to add functionality to bbPress, such as spam control and other neat things:

Plugins

Hope that helps.

Hi @ubernaut

Yes, if WangGuard detect a user as splogger and you mark it as not splogger, he is flagged as “Checked Forced”. That will force to WangGuard to accept that user as good user at your WordPress.

But if you mark a user as Splogger, and then, you mark it again as Not Splogger, he is flagged as Checked user and he is removed from WangGuard database.

your first admin profile page

http://modemlooper.me/buddypress-spam-link.zip

click download gist button and then upload it to WordPress

I would like to offer two ideas for consideration:

1) Integrating basic anti-spam capabilities into core
2) Improving performance via fragment caching

1) I realize that there are already good plugins that deal with spam, both comment and multisite blogspam. But being spam, it is a cat and mouse game and I feel that buddypress should have some basic anti-spam protection out of the box. For example, a hidden text field via css as a honeypot. Users who are not at all comfortable coding or editing files can turn this on or have it on by default (rather than try to follow guides like this: http://www.pixeljar.net/2012/09/19/eliminate-buddypress-spam-registrations/)

2) This was touched on in the recent buddypress panel discussion:

(caching: 19min – 22min)

After spam, the biggest issue that I’ve heard is with performance. I think we should start to address this. For more info and details see this thread.

One of the challenges of using caching plugins like WT3 is that they don’t work for signed in members of buddypress sites. But a fragment caching system can still cache parts of the page which are ‘static’ and would not change as a result of the user activity.

try this plugin https://gist.github.com/sillybean/3815688

Log in with new admin and visit profile page of old admon then in admin bar there will be link to unmark

create a new user in admin and change that account to admin. then logout. login with new admin account and mark your other account not a spammer in wanguard

idk whnever i have accidentally marked someone as a spammer i just un-mark using wangguard they will then show up as forced green status maybe that doesn’t unmark them in buddypress’s eyes. perhaps @jconti knows more.

did you try un-marking with wangguard using another admin?

@dennish

Its been a few weeks and was wondering if deleting the bbpress issues in the buddypress folder is still the fix for the spambot issue you were having. Thanks!

There are probably a couple things happening:

1. There is a hardcoded check to is_super_admin() in bp_core_process_spammer_status(). That check would fail during a cron job. BuddyPress should probably separate out the business logic of this function from the permissions checks. This would be appropriate for an enhancement ticket.

2. Certain parts of BuddyPress are only loaded at some times. If you’re going to modify BP’s behavior, or use functions from BP, you need to make sure you’re waiting for BP to be loaded before doing so. It’s possible that load order works differently during cron than during regular page loads, so it’s extra important to pay attention to these rules. In short, anything that needs to hook to a BuddyPress action, or use BuddyPress functions, should be in files that are loaded at 'bp_include' or later. (See https://codex.buddypress.org/plugindev/checking-buddypress-is-active/). I’m glancing at wangguard-admin.php, and it looks like there are quite a few places where you’re attempting to do BP stuff in the main plugin file – try breaking it out into a separate, BP-specific file, which is loaded in the manner described in that link.

If you can, you might also try turning up your error reporting level on your test installation, making sure that it’s going to your Apache error log or wp-content/debug.log. It could be that something’s happening that’s causing a non-fatal error, and your php.ini settings are too low for it to be showing up. wp-cron can be sensitive to that sort of thing.

check out wangguard

@jconti Thank YOU for an awesome plugin and for being proactive in spam prevention for BuddyPress. Two thumbs up 🙂