BuddyPress.org

fyi if your site has been hacked even on a low level you must clean it out and change all the associated admin and database passwords or you will be letting them right back in.

its still a bad sign that base 64 stuff is usually a sign of a open door that has been used to hack your site.

i think you should really check your site using that wordfence plugin as we both indicated having a user without an associated email is very suspicious.

Have you tried searching the WordPress plugin repository for something like ‘buddypress spam messages’?

A good plugin that will certainly resolve the issue is
https://wordpress.org/plugins/buddypress-private-message-for-friends-only/

Thank’s @ubernaut

@jconti keep up the good work!

@mareksgregs use this plugin:

https://wordpress.org/plugins/wordfence/

That plugin will check all core files.

Do you use WordPress simple or WordPress Multisite?

Hi @mareksgregs and @ubernaut,

I’m the WangGuard developer.

Search the user in the database (wp_users). You need to find there.

You need to check wp-config.php, index.php, wp-content and if you use a cache, wp-content/cache

I think you have been hacked. Is impossible that a user don’t have and email and if you delete the users and 5 seconds later, the user I’d there again, there are a script that create the user.

And yes, every 2 days, we have a very big attack. Now, we are looking for bigger servers with a best protections agains this attacks 🙁

Kind regards

just blank space huh? never seen that before not sure how its even possible unless as i said before your site was hacked and even then I’m still not sure how it’s possible. as far as i know every wordpress user account must be associated with an email address.

well you are assuming they will continue to use the same ip which is i think not a safe assumption. what is the email listed?

hmm i think i have also seen that before i forget exactly what it was but the address was invalidly constructed as i recall (meaning it was not the proper format you’d expect to see for an email). i have noticed that wangguard’s server(s) are not always available (probably get attacked with some frequency). whenever wangguard is not online the plugin just lets people pass but it is rather odd that someone should even be able to complete registration without a valid email.

:/

i don’t see how that’s possible unless your site was hacked, maybe then, not sure.

when you say “has no registration ip” i’m assuming you are using wangguard or some other plugin to get that info. fact is there must be an ip it may be spoofed but regardless why not just ban whatever email they are using to register?

We are using WP-Better-Emails. Works great. Still have to suggest people check their spam folders.

Leofitz, WangGuard will check your user base for spammers and delete them.

See https://wordpress.org/plugins/wangguard/

The author says that “WangGuard not only protect your site from sploggers, spam users or unwanted users, WangGuard cleans your database from them. No plugin or service does this, only with WangGuard you will get this feature,” and I believe him. His English may not be too good, but the plugin is really outstanding.

There’s just one consideration for you: In order to have your database cleaned up, you will have to submit far more than 500 queries the first month. Perhaps you can arrange to pay for a month?

Here’s my suggestion to reduce database queries after that. (It worked for me.) Buddypress allows for the customization of User Profiles. Add a couple of questions that require a certain amount of intelligence to answer and make them required. That means the form will not be submitted either to WordPress or to WangGuard if the required fields are not filled out. It’s not fool-proof, but it decreased queries on my very busy site to just a few a day.

Incidentally, I added a question, “How do you plan to participate?” Among the choices offered the user are these:
“I want to increase my online presence.” and
“I want to sell my stuff.”

We don’t need anyone not bright enough to figure out that these replies do not make the user desirable. Now all I need is a script to automatically kick out users who choose these replies. 😉 (As it is, they can be manually deleted if other users report them.)

I don’t know what happens to a group when all the users are unsubscribed, so this may not be precisely what you are looking for. But WangGuard will make your site secure against almost all sploggers. (One registrant passed all tests on our site, and we had to delete manually, but that person must have registered manually too.)

Good luck!

Inge (http://ssnet.org)

maybe not as long as you think if you use the backend, can’t you mass delete them that way?