Anonymous User 18187419Inactive
Hi, site is 3 years old, 13,000 members, approx. 1100 active daily, but not a single instance of multiple-user spam-messaging, forum spamming, blog comment spamming, etc.
The site is a (very mild) NSFW dating site, niche interest, so is a prime target for bots, but so far no big issues.
If you want to compare ideas/methods then please provide some form of contact, happy to provide info in private.
TBH this was just an idea I had while looking at the scope of possible ways to stop spammers/bots. I’ve implemented a few things already like reCaptcha, Ban Hammer, redirects, honeypot. You’re probably right that many of the bots are stopped at the Activation step IF they are using a disposable email. I assume smart ppl would have developed a way to activate spam accounts if needed. Then again maybe they just go for the low hanging fruit.
I am curious though how you’re so sure bots aren’t registering? I have about 1,200 registered users and the vast majority are Gmail address. Alot of them look suspicious, like Username: dien01234567 Email: dien0134567@gmail. I have a very eclectic audience, so I have to be careful which email services I block. But even so I can’t believe all these Gmail users are real…
Would removing the activation url/key combo from the activation email (forcing user to copy/paste the key) slow down spam registrations?
It seems like it is very easy for bots to activate the account because the key is automatically inserted into the form and activation proceeds. My thought is that forcing the user to copy and paste the activation key would thwart some bots. Obviously this user experience is less ideal but if it stops bots I’m willing to do it.
Any thoughts or experience with this?
hi @imath – I wanted to offer to moderate the support forums given there seems to be spam almost every day.
I moderate a separate community so it would be no burden to me to help keep BP Support Forums spam free.
I am running WordPress 6.0.3 and am on BuddyPress 10.6.0.
I turned off the Private Messaging component in BuddyPress Settings over 2 years ago. Now all of the sudden my users are getting email notifications of Private Messages. I know these are legit because they include text I wrote before I shut Messaging down due to rampant spamming.
I checked BuddyPress Settings and the Private Messaging Component is still unchecked. Is there something else I need to do to ensure Private Messaging is off?
A spammer send messages to all my members, i blocked him and deleted him,
now messages remains in users
https://prnt.sc/_J-VocO9eGxo
is there a way to clean up?
Hi there,
I’m having an issue with BuddyPress registration.
When I create a new account I never get the confirmation email. But the member gets registered on the website. As admin I can see that member in the members menu. When I manually make that member active, I still can’t log in.
I have tried every single setting.
-Creating New Pages for Registration & Activation
-In setting I ticked: Anyone can join
-Deactivating all the plugins accept BuddyPress.
-Putting in PHP code to activate the email
-Even tried WP Mail SMTP
WP Mail SMTP didn’t really help. Before using it I tried sending “reset password” to new member. It went through. When I used WP Mail SMTP the emails were going to spam. So the email address is all correct on my website.
I wasted 9 hours trying every single solution I was finding on internet and nothing work.
If you know a fix for this issue, please let me know.
This is Buddypres 7.2.1 btw
Any ideas where this is being called and any way to tweak it to force it to use another index?
For some reason, it’s using date_recorded as the index, thus causing these 1,2,3+ second queries.
They look like this:
SELECT DISTINCT a.id FROM wp_bp_activity a WHERE
(
(
a.user_id IN ( 457,4233,6113,4562,47,5954,5530,5149,5160,5500,6436 )
AND
a.hide_sitewide = 0
)
)
AND a.is_spam = 0 AND a.type NOT IN ('activity_comment', 'last_activity') ORDER BY a.date_recorded DESC, a.id DESC LIMIT 15, 16;
///////////////
SELECT DISTINCT a.id FROM wp_bp_activity a WHERE
(
(
a.user_id IN ( 5137,4581 )
AND
a.hide_sitewide = 0
)
)
AND a.is_spam = 0 AND a.type NOT IN ('activity_comment', 'last_activity') ORDER BY a.date_recorded DESC, a.id DESC LIMIT 0, 16;
///////////////
SELECT DISTINCT a.id FROM wp_bp_activity a WHERE
(
(
a.user_id IN ( 34806 )
AND
a.hide_sitewide = 0
)
)
AND a.is_spam = 0 AND a.type NOT IN ('activity_comment', 'last_activity') ORDER BY a.date_recorded DESC, a.id DESC LIMIT 60, 16;
Why is my topic marked as spam?
Hi @ok2net @muhittinsahilli & @johnjamesjacoby đ
Thanks a lot for your feedbacks đ. Very interesting ideas!! Iâll add the « spam protection » one I received on Twitter to the list.
Just like John who gave the right example as a Project Lead, Iâll share my ideas đ.
A first category of ideas is about getting more hands to help us build great things:
– A BuddyPress annual meeting like a BuddyCamp but online to welcome everyone on earth: a « World-BuddyCamp »
– As BuddyPress is more than just a plugin, we should probably have more « official » teams to compliment the BP Core one: Support, Theme, Docs, REST API, Marketing (?), âŠ
– The BuddyPress.org network to host developer/contributors docs & Core development updates.
– A great BP Standalone theme for the BuddyPress.org site as well as a replacement for the BP Default theme.
– Providing recommanded Addons to help new users choose the right BP plugins for their need.
Ă second category of ideas is about code:
– making BP Rewrites the default URL parser,
– going even more granular than we are, moving optional components as BuddyPress add-ons: this would probably help us to improve each feature and Core/Members with the basic features a user can expect from a community feature software.
– Blocks to standardize ways to share media/rich tools into activity streams, private conversations and why not Template pack & themes.
– Of course BP Attachments, user generated media to share with the BP community as well as giving WordPress Admins a new source for their editorial content.
– Private conversations revamped looking more like private chats / slack exploring WebRTC or Server-Sent Events.
And finally I invite @dcavins, @espellcaste, @boonebgorges, @djpaul, @r-a-y, @mercime and all the members of the team to follow @johnjamesjacoby example! Letâs all share what we think BuddyPress is missing đ
Anonymous User 18187419Inactive
Possible options to look at:
– verification email on signup is a must.
– Plugin “BP Restrict Signup By Email Domain” ….lets you restrict new signups to gmail, yahoo, hotmail etc. Will prevent 99% of spam-bot registrations (eg. s.p.a.m.m.e.r. at spambot dot xyz).
– Plugin “BP Registration Options” …holds all new signups in a moderation queue until manual approval by admin, during which time they can’t interact with Buddypress components (and I assume cannot create new groups).
Just some suggestions.
To be clear – this did NOT happen before the switch to external mail client. So there is no hidden CC etc.
Previously, it was simply set up using POP3 and gmail. (no issues)
Since connecting via the API – that’s when this began. (able to see all site emails sent).
I’ve found a snippet, that I’ll explore with. But I’m unsure this will even work now as no emails are sent/received via the WP site (all externally).. stupid spam forced us to move to a different setup.
<?php
// Function to change email address
add_filter( 'wp_mail_from', 'wpb_sender_email' );
function wpb_sender_email( $original_email_address ) {
return 'contact@lapakibuk.com';
}
// Function to change sender name
add_filter( 'wp_mail_from_name', 'wpb_sender_name' );
function wpb_sender_name( $original_email_from ) {
return 'Mr Sultrio';
}
Apologies for the repeat. I was told that the first topic was marked as spam, that’s the reason for this one, incase the first one is not seen.
I am running the current versions of WordPress and buddypress. I all of a sudden cannot see my admin tool bar or login to my WordPress backend. Activated the debug feature and found out its an issue with buddypress plugin. Please how Do I resolve this? I had to disable the entire plugins, to be able to login of give access to my backend. The web url is http://www.wokshop.com
https://mywokshop.com/wp-content/uploads/2022/09/Screenshot-2022-09-01-at-00.15.15.png
Thanks I’ve worked out how to disable that email. I don’t think this solves my initial problem – in theory this email should be active so it’s sent when an admin turns the request down. However, I kind of agree with the view in https://buddypress.org/support/topic/membership-requests-email/ – that usually when an admin turns a request down, it will be because it’s deemed to be spam. And thus the email shouldn’t be sent. So I’m OK with deactivating the email completely I think.
Anonymous User 18187419Inactive
Hi guys
Is it possible to remove/hide the “Popular” filter which displays above the Members list widget (Newest/Active/Popular) ?
It kinda encourages friend-request spamming on my site, users competing to be at the top of that “Popular” list.
So just remove the Popular filter, the Newest and Active should remain.
Thanks for any help.
WP 5.9.3
BP 9.1.1
Twenty Sixteen Theme
Site is NSFW, sorry no link unless requested
This has the potential to cause huge amount of spam on your site. I am not sure why would you want to disable this as this is an industry standard, also helps in confirming emails and communication.
p.s : In a commercial theme I use WPLMS, it has this feature of custom registration forms where this checkbox to disable account activation and log the user in automatically.
Hi!
Trying to find the source of sudden weird lag on my large Buddypress website. I noticed this query running very frequently:
# Time: 220408 21:41:46
# User@Host: [removed] @ localhost []
# Thread_id: 337208 Schema: [removed] QC_hit: No
# Query_time: 1.645619 Lock_time: 0.000068 Rows_sent: 0 Rows_examined: 0
# Rows_affected: 0 Bytes_sent: 77
SET timestamp=1649454106;
SELECT DISTINCT a.id FROM wp_bp_activity a WHERE
(
(
(
a.component = 'groups'
AND
a.item_id IN ( 0 )
)
AND
a.hide_sitewide = 0
)
)
AND a.is_spam = 0 AND a.type NOT IN ('activity_comment', 'last_activity') ORDER BY a.date_recorded DESC, a.id DESC LIMIT 0, 16;
Query_time: 1.645619
It always results in nothing. So, where is it coming from and how can I stop it?
Any idea what function is triggering this, I’d be able to even edit the core file just to have it check “if certain params are true, don’t even run this query”
I think it’s killing my site’s performance
Hi, I installed BuddyPress on my site earlier today and now I can’t log in to my administrative account from the frontend of my site. When I try to login, I get sent to a page requesting an activation key. Unfortunately, I don’t have an activation key, nor was I ever sent one (I checked my emails and SPAM), so I can no longer sign in.
I use the Paid Memberships Pro plugin to handle registration and membership levels on my site. Normally this works well. I also installed and activated bbPress and the PM Pro add-ons to integrate with BuddyPress and bbPress respectively.
Any advice on how to fix this?
Maybe you can use other services like this: https://temporaremail.com . Generally such sites are directly perceived as spam. It is very helpful to find the right one.
Exactly my problem with not approving member(spammer) requests.
No informational mail should be send to the requestor in case of disapproval!
Hello
I’m sending my email with post SMTP plugin.
T tryed to use different smtp configurations :
– i used my host smtp settings (Hostinger) = buddypress emails in spam folder of the users
– i used sendinblue transactionnal stmp settings (i have a paid account) = buddypress emails in spam folder of the users.
Does someone have a solution to solve this problem ?
Thanks.
Fabien
Hi all,
I have implemented member requests as per this guide after a large number of spammy registrations and spoof email addresses:
Alternative Registration Workflows
It seems to work well in that it doesn’t seem to generate the confirmation email address, but allows me to approve instead.
The problem is that when I choose to delete the request, BuddyPress tries to send an informational email to the spoof email address to inform them their request has been denied:
“Sorry, your request to join the site “My BuddyPress Site” has been declined”
How can I prevent these unnecessary emails being generated?
Thanks
Kevin
why do all my posts get marked as spam, all I want is help from the community
Merry Christmas. A Lot of spam is being posted on the BP forums, kindly check or assign a moderator to clean it up.
The only other possibility is “human” spam which can not be caught by any software ( unless it s AI Powered ). What you can do is strip all HTML and links, so the spammers would lose all interest in your site.
add_filter('bp_before_groups_edit_base_group_details_parse_args',function($args){
$args['description'] = wp_strip_all_tags($args['description']);
return $args;
});
p.s : In our theme we already added the restriction on “Who can create groups”.
