BuddyPress.org

@sbrajesh
Your welcome sir!
I look forward to this new plugin you will release I think you are really closing a gap that needed to be closed. By the way BP User Profile Visibility plugin rocks. Thanks once again for the awesome plugins and all the hard work you put forth, I respect you immensely!

Exactly the same problem.

Emails have been sent most end up in spam boxes of new registrants. Clicking on link goes to site and produces “invalid activation key” .

If new registrants had then gone to home page to log in they can access their accounts but all stop at “invalid activation key” ,very frustrating!

Any answers?

@sbrajesh Yup, I can see that use case. I meant the plugin is useless for this particular purpose.

As far as Friendship request throttling is concerned, I am about to release a plugin today which does allows site admins to limit the no. of requests sent per minute(or you can set say 30 requests per 60 mins, that flexibility lies with the site admins).

Fantastic!

@sooskriszta I agree that the plugin is a terrible idea. Throttling is one thing (telling the user “hey slow down a bit”) but setting an absolute limit for the number of friendships goes against the concept of a community.

Going back to the ORIGINAL point of this topic, I said I will add throttling to the activity page and the friendship requests, but I ran into small trouble and thought maybe some of you people can help out. I opened another topic https://buddypress.org/support/topic/add-custom-setting-to-buddypress-settings/, I appreciate it if you can check it out and help out. @synaptic @sooskriszta

@bphelp thanks Ben for the heads up.

@sooskriszta
You are right about the use case. It is not suitable for spammers protection and neither suitable for normal sites.

I built it specifically for membership based sites where they wanted to limit the no. of friends and charge for increasing the limit(I had got that specific requirement from a client and they implemented it with s2 members plugin in their case).

As far as Friendship request throttling is concerned, I am about to release a plugin today which does allows site admins to limit the no. of requests sent per minute(or you can set say 30 requests per 60 mins, that flexibility lies with the site admins).

@mamun669 Great. Marking this topic as resolved.

@mamun669 check out http://wpmu.org/buddypress-spam/

Thanks @bphelp

The plugin seems like a terrible idea. I mean some particular installation somewhere in the BuddyPress world might need it, but I don’t like the idea of limiting BP’s functionality (potentially thwarting the value of the online community) for everyone to try and stop a few bad apples. What number will you limit the friends to so that spammers are blocked and the community is valuable? 5, 10, 50, 100, 500?

Your original idea of throttling friend requests was far neater and remains superior to this plugin’s concept.

neato!

There is a new premium plugin out by BuddyDev called BuddyPress Limit Frienship check it out here:

BuddyPress Limit Friendship

This should help you folks out @tim_marston @ubernaut @sooskriszta . Another great job @sbrajesh !

@tux-kapono
Why would it be confusing unless you have several admins? Subscribers should not have access to how many registered users there are in the dashboard anyway. Unless those users are active participants wouldn’t it kinda mislead new legitimate registered users that there is more active members than what is truly there? Most likely the registered users that never logged in was either spam-bots or human spammers and most people fight that tooth and nail. If you have several admins then I would just communicate that to them.

@wpbp
I produced a small plugin that is geared toward automated spam attacks but I haven’t gotten any feedback as far as its effectiveness:
https://github.com/bphelp/bp-spam-killer
As far as spam attacks from real users I think there are helpful solutions out there but spammer hacker types will always find way to circumvent any prevention method so the best prevention as an admin is being active on your site.

One plugin that looks good for preventing registration spam is WangGuard. (Search for it in the WordPress repository.) I’ve just installed it, so can’t tell you if it’s as good as it sounds. (I run a very busy blog and allow commenting by unregistered users. Akismet catches spam and Conditional Captcha deletes it without my seeing it. The latter reduced spam from hundreds of comments a day [marked by Akismet] to near-zero. Only the occasional human spammer gets in.)

Allowing unmoderated registrations is spammer nirvana. 😉 I allowed posting by unregistered users so I could turn off user registration. Now that I’m wanting to use Buddypress, I had to enable registration but installed WanGuard. Within a few hours, I had one registration attempt — even though Buddypress can’t be seen anywhere on the site yet — but no successful registration, thanks to WangGuard. Tomorrow will tell me more.

@wpbp 1. Disable registration in Settings > General.

2. Disable group creation in Settings > BuddyPress > Settings > Groups.

3. Disable album creation/uploading of images in the plugin’s settings or are you referring to native WP image galleries?

You can enable group creation and registration after you’ve done some general housekeeping and adding some spam/spammer prevention.

@wpbp, The problem is that many spam nowadays are not bots but real human spam. I have same problem on one of my installation. all you can do is to ban the domain which has been a source of spam to your site. e.g: spam1@me-now.com. spam22@me-now.com

when you put “me-now.com” in the following code, it will ban any email from me-now.com, Put it in your functions.php

http://pastebin.com/a2mTNVZX

Note: I have 3 sets of this code, I have the one which can ban specific email from gmail, yahooo, hotmail etc without banning other users using gmail, yahooo, hotmail. if you want that aswell i can post it or all the 3 if someone can release it as a free plugin , no problem.

Naijaping

Doesn’t require any change in Akismet.

Akismet plugin will need a little change – it will need to tie reporting to role.

BuddyPress will need to incorporate the functionality of members/users flagging activity, the way users can report messages in software like phpBB.

seems like major overhaul to the way aksimet works now but as i said before anything we can do to make spammers lives more difficult i’m basically for it.

Nope, flagging by members shouldnt be reported to Akismet directly. As mentioned above, it’s a two step process. Site/Group admin can’t be everywhere, so users should be able to flag items for their review. Site/Group admins should be the ones whose flags ultimately get reported to Akismet.

giving members the ability to flag things as spam through akismet seems like a very sticky wicket to me probably something which would be better addressed as plugin. i for one would not want to give that ability to any user. i can barely get my staff to do that correctly under wordpress.

Well activity is already protected by akismet integration.

Except that there is no good way for members to flag activity.

I have the same problem as @nickharambee , the code from @chouf1 above doesn’t work for me, where in the templates can I decrease the largest number (should be 42?) somewhere in the templates?
second question where in MySQL database can I remove old spammed forum title tags, they unfortunately remained after removing spammy groups.

Well activity is already protected by akismet integration. Regarding the friend requests, one thing you can do now (and i have been forced to) to fight spam is only allow private messages to friends in that case the spammer gains the ability to send spam messages to these friends.

Sending friend requests to folks you don’t know is an issue that all social networks, be they Facebook, Orkut, MySpace, Hi5, or even LinkedIn, have to contend with.

That said, I wouldn’t call it the bane of social networking. What really does a purported “spammer” gain by sending friend requests? Annoyance for certain people that they have received a friend request? Unlikely – the text is preset…the spammer cant even include his/her fake links. Also, most folks are now pretty adept at ignoring such messages. And even if somebody accepts the friend request, what does the spammer gain? What does a “friendship” accomplish?

Comments (WP), forums (bbP) and activity feeds do really really need spam protection. I’m not so sure about the necessity for friend requests.

That being said, how do the big boys manage friend requests?
1. LinkedIn: You can only friend people who are 2 degrees away from you OR whose email address you know. Plus, recipients can mark it as spam.
2. Facebook: Members can control whether they want to receive friend requests at all. Plus recipients can mark requests as spam. Finally, temporary & permanent bans – based on proportion of requests marked as spam.

Throttling is neat, cool and easily done – perhaps like bbP, site admin can define the throttling parameters for BP friend requests throttling.

Much more importantly, an Akismet-like solution for activity spam would be nice. I would look for a 2 stage process on the manual “mark as spam” side of things:
1. Member marks another member’s activity as spam (this is really a flag that puts the activity in a basket for admin to see)
2. Admin looks through the basket and marks either as spam (in which case Akismet is notified) or not spam.

@ubernaut and others, re spam, I would appreciate hearing from the more experienced dev and web masters about the pros and cons of a private membership site.

By not allowing just anyone to become a member you automatically arrest spam. Of course, you also impede your growth because legitimate users can’t join.

One way to get around this is to use the great invite anyone plugin and have the original number of ‘seed’ members invite their friends and their friends invite their friends and so on.

Limited but organic growth in members and a total elimination of spam!

What do you guys think?