BuddyPress.org

+1 for that, was my primary thought regarding the anti-spam functionality i was referring to. actually had a sort of deep thought about that the other day.

i think in todays landscape on the internet spam is becoming an ever increasing issue and without doubt buddypress sites/admins are bearing in inordinate brunt of that battle. Now that we have lowered the bar of entry there is (if we have our way) liable to be a lot more fresh targets for these malicious interests. Nothing dissipates the enjoyment (by admins or users) of a social network faster or more easily then spamming. Not to in any way subtract from the great strides that have already been made in this regard, we owe it to not only our own community but the internet as a whole to be proactive and step up our game in regards to making these leaches lives more difficult.

Now stepping down from the soap box 😛

I like your enthusiasm but it seems you’re getting a bit ahead of yourself. The trac for 1.8 has been on 100 active and outstanding tickets for weeks on end now and there is no discussion of 1.9 anywhere.

But as long as we’re throwing out ideas for the upcoming, I’d like to vote for throttling as discussed here:

https://buddypress.org/support/topic/best-way-to-limit-friend-requests-to-avoid-spam

not sure i follow some of those tickets but i’d say my top 2 wish list items would be import/export functions and more anti-spamming stuff.

This is something that is happening to my activation emails also… This post seems to help but I have yet to follow the steps to confirm it.

https://buddypress.org/support/topic/activation-email-goes-to-users-spam-folder/

It’s on my list of things to do, I’ll let you know if it works

@patricksaad Thank you! Can it also be added for comments? friend requests, activity, etc. we know bbpress has it so everything else other than forum posts (via bbpress) would be helpful to have throttling

@synaptic Will do asap, hopefully we’ll at least have Activity flooding control for Buddypress 1.8

@chouf1 I believe patrick’s comment on that ticket is relevant:

“The function bp_core_check_for_flood in bbp-core-moderation.php is not hooked to anything. No flood control on activity page.”

@patricksaad could you pls submit a patch to trac?

@patricksaad,
apologize if i mentionned your blog, but it was the only place i found speaking about this problem.
FYI, “throttling” is used in BP 1.7.2, but a minima. Should be extanded much more. I guess it’s preferably you open an ehancement ticket on the Trac.
And thank you for sharing your code. 😉

buddypress 1.7.2\bp-core\bp-core-moderation.php (6 hits)
Line 24: * @uses current_user_can() To check if the current user can throttle
Line 25: * @uses bp_get_option() To get the throttle time
Line 32: if ( !$throttle_time = bp_get_option( ‘_bp_throttle_time’ ) )
Line 32: if ( !$throttle_time = bp_get_option( ‘_bp_throttle_time’ ) )
Line 40: if ( isset( $last_posted ) && ( time() < ( $last_posted + $throttle_time ) ) && !current_user_can( ‘throttle’ ) )
Line 40: if ( isset( $last_posted ) && ( time() < ( $last_posted + $throttle_time ) ) && !current_user_can( ‘throttle’ ) )
buddypress 1.7.2\bp-forums\bbpress\bb-admin\admin-ajax.php (6 hits)
Line 160: if ( $throttle_time = bb_get_option( ‘throttle_time’ ) )
Line 160: if ( $throttle_time = bb_get_option( ‘throttle_time’ ) )
Line 161: if ( isset($bb_current_user->data->last_posted) && time() < $bb_current_user->data->last_posted + $throttle_time && !bb_current_user_can(‘throttle’) )
Line 161: if ( isset($bb_current_user->data->last_posted) && time() < $bb_current_user->data->last_posted + $throttle_time && !bb_current_user_can(‘throttle’) )
Line 162: $error = new WP_Error( ‘throttle-limit’, sprintf( __(‘Slow down! You can only post every %d seconds.’), $throttle_time );
Line 162: $error = new WP_Error( ‘throttle-limit’, sprintf( __(‘Slow down! You can only post every %d seconds.’), $throttle_time );
buddypress 1.7.2\bp-forums\bbpress\bb-admin\includes\functions.bb-admin.php (4 hits)
Line 408: $user_meta[‘throttle’] = $_POST[‘throttle’];
Line 408: $user_meta[‘throttle’] = $_POST[‘throttle’];
Line 531: $user_meta[‘throttle’] = $edit_user->throttle;
Line 531: $user_meta[‘throttle’] = $edit_user->throttle;
buddypress 1.7.2\bp-forums\bbpress\bb-admin\options-writing.php (3 hits)
Line 43: ‘throttle_time’ => array(
Line 44: ‘title’ => __( ‘Throttle time’ ),
Line 47: ‘note’ => __( ‘Users must wait this many seconds between posts. By default, moderators, administrators and keymasters are not throttled.’ )

@Chouf1, that’s my blog you’re linking to. I am not sure if they added Throttling to the new Buddypress version. I opened a ticket months ago, the milestone has been set to: version 1.7 to Future Release https://buddypress.trac.wordpress.org/ticket/3732. This is a bit frustrating since Throttling makes for great spam control.

@tifire Go to /bp-friends/bp-friends-functions.php in your Buddypress installation and change the friends_add_friend function to the following:

function friends_add_friend( $initiator_userid, $friend_userid, $force_accept = false ) {
	global $bp;

	$friendship = new BP_Friends_Friendship;

	if ( (int) $friendship->is_confirmed )
		return true;

	$friendship->initiator_user_id = $initiator_userid;
	$friendship->friend_user_id    = $friend_userid;
	$friendship->is_confirmed      = 0;
	$friendship->is_limited        = 0;
	$friendship->date_created      = bp_core_current_time();
	
	/**
	 * BuddyPress Friend Request Throttling
	 *
	 * Set a throttle period for user friendship requests
	 *
	 * @author Patrick Saad
	*/
	
	global $wpdb;
	$qry = "SELECT date_created FROM wp_bp_friends where initiator_user_id = '".$initiator_userid."' order by date_created desc limit 1";
    $user_friend_requests = $wpdb->get_results( $qry );
	
	if ($user_friend_requests)
	{
		$latest_user_request = strtotime($user_friend_requests[0]->date_created, time());
		$time_since_latest_request = time() - $latest_user_request;
		
		// that's 2 minutes
		$throttle_period = 60 * 2;
		
		// if the last request was over 5 minutes ago, allow it
		
		if ($time_since_latest_request < $throttle_period)
			return false;
	}
	// End of BuddyPress Friend Request Throttling //

	if ( $force_accept )
		$friendship->is_confirmed = 1;

	if ( $friendship->save() ) {

		if ( !$force_accept ) {
			// Add the on screen notification
			bp_core_add_notification( $friendship->initiator_user_id, $friendship->friend_user_id, $bp->friends->id, 'friendship_request' );

			// Send the email notification
			friends_notification_new_request( $friendship->id, $friendship->initiator_user_id, $friendship->friend_user_id );

			do_action( 'friends_friendship_requested', $friendship->id, $friendship->initiator_user_id, $friendship->friend_user_id );
		} else {
			// Update friend totals
			friends_update_friend_totals( $friendship->initiator_user_id, $friendship->friend_user_id, 'add' );

			do_action( 'friends_friendship_accepted', $friendship->id, $friendship->initiator_user_id, $friendship->friend_user_id );
		}

		return true;
	}

	return false;
}

This will prevent a user from sending a friendship request to someone if their recent friendship request date was less than, say 2 minutes (change the $throttle_period variable to modify this time)

Just gave this a fresh test, works in Buddypress 1.7.2. This same concept can be applied to comments, groups, etc, you just have to find the functions and play around.

hi all,
you can perhaps investigate around here: http://a-patricksaad-z.blogspot.fr/2013/01/download-buddypress-163-with-activity.html

yes it is right in the codex: https://codex.bbpress.org/forum-settings/

but I don’t think BP has it

i think bbpress supports throttling i swear i read or heard that somewhere.

This is a great idea and frankly I’m surprised that it has not been included already. And not just for friend requests but for pretty much all activity on the site: comments, forum posts, etc.

As long as you limit the frequency to what is ‘human’ you are making spammers’ lives very difficult. The issue is to not make legitimate users upset by setting it too low. But that can be tweaked easily to perfection.

thats where bugs feature suggestions and the like are kept track of:

https://buddypress.trac.wordpress.org/

What is trac?

sounds like an interesting feature suggestion have you looked at trac to see if anyone else has already requested it?

I would love to know the answer to this one as well?

Status update:
This htaccess code reduced the number of Spam Registrations from 1,500 per day to 50. So now to figure out how the other 50 Spam Registrations are being performed. 😉

this is exactly what i need to do @djpaul any ideas? i tried installing the role scoper plugin but i’m not seeing any permission that would allow an editor or any role for that matter to mark user as spammer ….on a sidenote i found a plugin to add that option back to the admin bar (did mark spammer totally disappear in 1.7?) so that if i can get editor role working they can easily mark spammers from the admin bar

any advice would be greatly appreciated i can’t be the only one facing the issue of having to either give admin access to users who really should not have admin access or just deleting every spammer myself every day

what options are there?

This jack@$$ is the worst of them, but now I get credit for a new registered member and do not have to deal with anything else. I now love this spammer. Keep on spamming you make me look good. Ha ha ha.

Not Locked 3678 Affekagf vrvivyey i.nst.inctmocu@gmail.com subscriber May 17, 2013 12:51 pm NA 59.60.112.49 49.112.60.59.broad.pt.fj.dynamic.163data.com.cn /wp-login.php
Not Locked 3677 skdiejdbokg ypxridnj bar.r.elbxme@gmail.com subscriber May 17, 2013 12:51 pm NA 59.60.112.59 59.112.60.59.broad.pt.fj.dynamic.163data.com.cn /wp-login.php
Not Locked 3395 Alioizadk qxftzRepgb floo.dbnwk@gmail.com subscriber May 17, 2013 12:53 pm NA 59.60.112.92 92.112.60.59.broad.pt.fj.dynamic.163data.com.cn /wp-login.php

What is awesome is this. The spammer registation counts as a new registered member, but the “new member registered” notification in the Activity feed does not display the spammer. Thanks spammers. LOL

@aitpro
Yeah spam is no good and can get out of control real quick. JFYI on my test server when I pull up the source I can see where the plugin creates the hidden field but like I said I honestly don’t know how effective this method would really be at preventing spam registrations. I just through it together as a plugin merely out of boredom. 🙂

@matt55 – The php errors still continued so it was not due to using Server Protocol. I am not exactly sure what action the spammers are doing in combination with the .htaccess code that is generating the php errors, but for now I just suppressed them by adding an @ symbol infront of strstr below until I can analyze this some more. /buddypress/bp-core/bp-core-template.php code line 864.

if ( !empty( $page_template ) && @strstr( strtolower( $page_template ), strtolower( $component ) ) ) {

Yep, I downloaded it from github. I have a bunch of customized security things going on so most likely one of the other security measures I have in place is causing the issue/problem. I will figure this out tomorrow when I have some more spare time.

Lately the Spam Registrations were getting way out of control – 1 per minute – so I had to get something in place quick. Yuck.