BuddyPress.org

This is my last 3 days (100 logins) log: There’s only 1 successful spammer login , without IP ban I would have 100 new accounts.

16615 193.169.86.29 Mozilla/4.0 (compatible; Synapse) August 7, 2012 6:46 pm login_denied_banned_IP
16614 193.169.86.29 Mozilla/4.0 (compatible; Synapse) August 7, 2012 6:46 pm login_denied_banned_IP
16613 193.169.86.29 Mozilla/4.0 (compatible; Synapse) August 7, 2012 6:46 pm login_denied_banned_IP
16612 193.169.86.29 Mozilla/4.0 (compatible; Synapse) August 7, 2012 6:46 pm login_denied_banned_IP
16611 193.169.86.29 Mozilla/4.0 (compatible; Synapse) August 7, 2012 6:46 pm login_denied_banned_IP
16610 rigruitle 175.44.11.168 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) August 7, 2012 4:56 pm failed_login
16609 31.172.243.50 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322; FDM) August 7, 2012 4:53 pm login_denied_banned_IP
16608 31.172.243.50 Opera/9.00 (Windows NT 5.1; U; en) August 7, 2012 4:20 pm login_denied_banned_IP
16607 31.172.243.50 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; FunWebProducts) August 7, 2012 4:20 pm login_denied_banned_IP
16606 31.172.243.50 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; FunWebProducts) August 7, 2012 4:20 pm login_denied_banned_IP
16605 31.172.243.50 Opera/9.00 (Windows NT 5.1; U; en) August 7, 2012 4:20 pm login_denied_banned_IP
16604 31.172.243.50 Opera/9.00 (Windows NT 5.1; U; en) August 7, 2012 4:20 pm login_denied_banned_IP
16603 phenreview 199.15.234.214 Mozilla/5.0 (Windows NT 6.1; AMD64; en:11.0) Gecko/20120421 Firefox/11.0 August 7, 2012 4:14 pm failed_login
16602 phenreview 199.15.234.214 Mozilla/5.0 (Windows NT 6.1; Trident/4.0; en:11.0) Gecko/20120421 Firefox/11.0 August 7, 2012 4:06 pm failed_login
16601 31.172.243.50 Mozilla/4.0 (compatible; MSIE 4.01; Digital AlphaServer 1000A 4/233; Windows NT; Powered By 64-Bit Alpha Processor) August 7, 2012 3:35 pm login_denied_banned_IP
16600 myphen 199.15.234.214 Mozilla/5.0 (Windows NT 6.1; AMD64; en:11.0) Gecko/20120421 Firefox/11.0 August 7, 2012 2:53 pm failed_login
16599 Roofeownede 175.44.53.131 Mozilla/4.0 (compatible; MSIE 5.0; Windows 2000) Opera 6.0 [en] August 7, 2012 2:52 pm failed_login
16598 Temdescreance 175.44.23.208 Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 4.0) August 7, 2012 12:53 pm failed_login
16597 saunas 46.23.76.52 Mozilla/4.0 (compatible; MSIE 5.0; Windows 2000) Opera 6.0 [en] August 7, 2012 12:34 pm failed_login
16596 speajelophype 112.253.13.183 Mozilla/4.0 (compatible; Powermarks/3.5; Windows 95/98/2000/NT) August 7, 2012 12:15 pm failed_login
16595 nebrinslover 178.37.20.125 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; MyIE2; Deepnet Explorer) August 7, 2012 11:09 am failed_login
16594 comstertyborm 175.42.81.6 Mozilla/4.0 (compatible; MSIE 6.0; AOL 9.0; Windows NT 5.1) August 7, 2012 10:50 am failed_login
16593 174.139.171.26 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0) August 7, 2012 9:55 am login_denied_banned_IP
16592 myphen 199.15.234.214 Mozilla/5.0 (Windows NT 6.1; AMD64; en:11.0) Gecko/ Firefox/11.0 August 7, 2012 9:33 am failed_login
16591 blaich 111.128.156.236 Mozilla/5.0 (Windows NT 5.1) AppleWebKit/536.9 (KHTML, like Gecko) Chrome/20.0.1115.1 Safari/536.9 August 7, 2012 9:27 am login
16590 jordanffd 112.111.172.95 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) Netscape/8.0.4 August 7, 2012 9:16 am failed_login
16589 nebrinslover 178.37.20.125 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; WOW64; SV1; .NET CLR 2.0.50727) August 7, 2012 9:15 am failed_login
16588 myphen 199.15.234.214 Mozilla/5.0 (Windows NT 6.1; Trident/4.0; en:11.0) Gecko/20120421 Firefox/11.0 August 7, 2012 8:39 am failed_login
16587 myphen 199.15.234.214 Mozilla/5.0 (Windows NT 6.1; AMD64; en:12.0) Gecko/20120403211507 Firefox/12.0 August 7, 2012 6:51 am failed_login
16586 saunas 46.23.76.52 Mozilla/4.0 (compatible; Powermarks/3.5; Windows 95/98/2000/NT) August 7, 2012 3:50 am failed_login
16585 jordanasfd 112.111.172.95 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; MRA 4.3 (build 01218); .NET CLR 1.1.4322) August 7, 2012 3:33 am failed_login
16584 xaddou47 58.212.247.74 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; GTB7.2; .NET CLR 2.0.50727; InfoPath.2) August 7, 2012 3:22 am failed_login
16583 xaddou47 58.212.247.60 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; GTB7.2; .NET CLR 2.0.50727; InfoPath.2) August 7, 2012 12:48 am failed_login
16582 jordanasfd 112.111.172.95 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; YPC 3.0.2; .NET CLR 1.1.4322; yplus 4.4.02b) August 7, 2012 12:46 am failed_login
16581 phenreview 199.15.234.214 Mozilla/5.0 (Windows NT 6.1; AMD64; en:11.0) Gecko/ Firefox/11.0 August 6, 2012 10:33 pm failed_login
16580 Admin 95.132.228.230 Mozilla/5.0 (Windows NT 6.1; WOW64; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 August 6, 2012 9:42 pm failed_login
16579 Spaxskams 91.207.5.122 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) Netscape/8.0.4 August 6, 2012 9:09 pm failed_login
16578 nebrinslover 178.37.20.125 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.0.3705; .NET CLR 1.1.4322; .NET CLR 2.0.40607) August 6, 2012 8:55 pm failed_login
16577 Spaxskams 91.207.5.122 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322) NS8/0.9.6 August 6, 2012 8:54 pm failed_login
16576 downloader 46.23.76.52 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; KTXN) August 6, 2012 8:09 pm failed_login
16575 jordanffd 110.85.100.91 Mozilla/4.0 (compatible; MSIE 5.0; Windows 2000) Opera 6.0 [en] August 6, 2012 7:26 pm failed_login
16574 myphen 199.15.234.214 Mozilla/5.0 (Windows NT 6.1; AMD64; en:11.0) Gecko/20120421 Firefox/11.0 August 6, 2012 7:06 pm failed_login
16573 jordanasfd 110.85.100.91 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; APC; .NET CLR 1.0.3705; .NET CLR 1.1.4322; .NET CLR 2.0.50215; InfoPath.1) August 6, 2012 6:10 pm failed_login
16572 downloader 46.23.76.52 Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 4.0; .NET CLR 1.0.2914) August 6, 2012 4:45 pm failed_login
16571 asiudhia 110.85.100.91 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; InfoPath.1 August 6, 2012 4:13 pm failed_login
16570 nebrinslover 178.37.20.125 Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0) August 6, 2012 3:54 pm failed_login
16569 sirvicolmyou 31.172.246.234 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322) August 6, 2012 3:13 pm failed_login
16568 sirvicolmyou 31.172.246.234 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.0.3705) August 6, 2012 2:48 pm failed_login
16567 sirvicolmyou 31.172.246.234 Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0; .NET CLR 1.1.4322) August 6, 2012 2:39 pm failed_login
16566 ahsdihas 110.85.100.91 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.0.3705; .NET CLR 1.1.4322) August 6, 2012 1:51 pm failed_login
16565 ahsdihas 110.85.100.91 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; KTXN) August 6, 2012 1:51 pm failed_login
16564 admin 109.114.54.215 Mozilla/5.0 (Windows NT 6.0; rv:14.0) Gecko/20100101 Firefox/14.0.1 AlexaToolbar/alxf-2.15 August 6, 2012 1:36 pm login
16563 businessintelmi 31.172.246.234 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; Q312461) August 6, 2012 12:48 pm failed_login
16562 mikiyougkkby 31.172.246.234 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; MRA 4.3 (build 01218); .NET CLR 1.1.4322) August 6, 2012 10:38 am failed_login
16561 mikiyougkkby 31.172.246.234 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; YPC 3.0.2; .NET CLR 1.1.4322; yplus 4.4.02b) August 6, 2012 10:33 am failed_login
16560 mikiyougkkby 31.172.246.234 Mozilla/4.0 (compatible; MSIE 6.0; MSIE 5.5; Windows NT 5.0) Opera 7.02 Bork-edition [en] August 6, 2012 10:25 am failed_login
16559 financebe 31.172.246.234 Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0) August 6, 2012 10:00 am failed_login
16558 financebe 31.172.246.234 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; Media Center PC August 6, 2012 9:41 am failed_login
16557 motspoomb 117.26.117.182 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) August 6, 2012 9:07 am failed_login
16556 xaddou47 58.212.247.60 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; GTB7.2; .NET CLR 2.0.50727; InfoPath.2) August 6, 2012 9:05 am failed_login
16555 paoinjqiha 141.105.65.179 Mozilla/4.0 (compatible; MSIE 4.01; Digital AlphaServer 1000A 4/233; Windows NT; Powered By 64-Bit Alpha Processor) August 6, 2012 8:32 am failed_login
16554 clowes 111.143.85.157 Mozilla/5.0 (Windows NT 5.1) AppleWebKit/535.11 (KHTML, like Gecko) Chrome/17.0.963.56 Safari/535.11 CoolNovo/2.0.2.26 August 6, 2012 8:21 am login
16553 JackTheRip 141.105.65.179 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; FREE; .NET CLR 1.1.4322) August 6, 2012 8:11 am failed_login
16552 speajelophype 109.86.203.184 Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0) August 6, 2012 8:02 am failed_login
16551 xaddou47 58.212.247.60 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; GTB7.2; .NET CLR 2.0.50727; InfoPath.2) August 6, 2012 7:25 am failed_login
16550 jordanffd 175.44.55.99 Mozilla/4.0 (compatible; MSIE 6.0; MSIE 5.5; Windows NT 5.0) Opera 7.02 Bork-edition [en] August 6, 2012 5:31 am failed_login
16549 thomas2371 188.218.247.239 Mozilla/5.0 (Macintosh; U; PPC Mac OS X 10_4_11; en) AppleWebKit/533.19.4 (KHTML, like Gecko) Version/4.1.3 Safari/533.19.4 August 6, 2012 3:51 am failed_login
16548 tiesKeree 218.9.55.118 Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0) August 6, 2012 3:01 am failed_login
16547 tiesKeree 218.9.55.118 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; KTXN) August 6, 2012 1:38 am failed_login
16546 jordanasfd 175.44.55.99 Mozilla/5.0 (Windows NT 5.1; U; en) Opera 8.00 August 6, 2012 1:15 am failed_login
16545 tiesKeree 218.9.55.118 Mozilla/4.0 (compatible; MSIE 6.0; Windows XP) August 6, 2012 1:04 am failed_login
16544 t;post[body];post[messag 83.21.196.187 Mozilla/1.22 (compatible; MSIE 2.0d; Windows NT) August 5, 2012 10:37 pm failed_login
16543 admin 82.91.221.97 Mozilla/5.0 (Windows NT 6.1; WOW64; rv:14.0) Gecko/20100101 Firefox/14.0.1 AlexaToolbar/alxf-2.15 August 5, 2012 10:11 pm login
16542 aurorasnow 93.182.139.33 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; Maxthon; .NET CLR 1.1.4322) August 5, 2012 8:24 pm failed_login
16541 aurorasnow 93.182.139.33 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322; FDM) August 5, 2012 8:03 pm failed_login
16540 frodordrodo 91.207.5.122 Mozilla/0.91 Beta (Windows) August 5, 2012 7:42 pm failed_login
16539 aurorasnow 93.182.139.33 Mozilla/4.0 (compatible; MSIE 5.5; Windows 95; BCD2000) August 5, 2012 7:41 pm failed_login
16538 frodordrodo 91.207.5.122 Opera/7.60 (Windows NT 5.2; U) [en] (IBM EVV/3.0/EAK01AG9/LE) August 5, 2012 7:25 pm failed_login
16537 aurorasnow 93.182.139.33 Mozilla/4.0 (compatible; MSIE 6.0; Windows ME) Opera 7.11 [en] August 5, 2012 7:17 pm failed_login
16536 buddyolympik 199.15.234.174 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) Netscape/8.0.4 August 5, 2012 11:13 am failed_login
16535 buddyolympik 199.15.234.174 Mozilla/5.0 (Windows NT 5.1; U; en) Opera 8.00 August 5, 2012 11:03 am failed_login
16534 buddyolympik 199.15.234.174 Mozilla/4.0 (compatible; MSIE 5.0; Windows 2000) Opera 6.0 [en] August 5, 2012 10:47 am failed_login
16533 Coibincense 175.44.15.201 Mozilla/4.0 (compatible; MSIE 5.0; Windows NT; DigExt) August 5, 2012 9:00 am failed_login
16532 Enridwign 120.43.8.172 Mozilla/4.0 (compatible; MSIE 5.5; Windows 95) August 5, 2012 7:25 am failed_login
16531 motspoomb 117.26.117.182 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; ru) Opera 8.50 August 5, 2012 6:07 am failed_login
16530 dpresioncaus 199.15.234.174 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322) August 4, 2012 9:17 pm failed_login
16529 dpresioncaus 199.15.234.174 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; FunWebProducts; MRA 4.6 (build 01425); .NET CLR 1.1.4322; .NET CLR 2.0.50727) August 4, 2012 9:16 pm failed_login
16528 nevada0er 199.15.234.174 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727) August 4, 2012 9:13 pm failed_login
16527 prieptenorick 117.26.226.53 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; XMPP Tiscali Communicator v.10.0.2; .NET CLR 2.0.50727) August 4, 2012 9:03 pm failed_login
16526 prieptenorick 117.26.226.53 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; XMPP Tiscali Communicator v.10.0.2; .NET CLR 2.0.50727) August 4, 2012 9:03 pm failed_login
16525 buddyolympik 199.15.234.174 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.0.3705; .NET CLR 1.1.4322) August 4, 2012 7:50 pm failed_login
16524 87.98.182.241 Opera/9.00 (Windows NT 5.1; U; en) August 4, 2012 7:12 pm login_denied_banned_IP
16523 dpresioncaus 199.15.234.174 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; Maxthon; .NET CLR 1.1.4322) August 4, 2012 7:08 pm failed_login
16522 dpresioncaus 199.15.234.174 Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0; T312461) August 4, 2012 7:07 pm failed_login
16521 bladderdoc 199.15.234.174 Opera/8.00 (Windows NT 5.1; U; en) August 4, 2012 7:03 pm failed_login
16520 nevada0er 199.15.234.174 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; Q312461) August 4, 2012 7:01 pm failed_login
16519 sferashow 80.181.64.84 Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10 August 4, 2012 6:35 pm login
16518 87.98.182.241 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.0.3705; .NET CLR 1.1.4322; .NET CLR 2.0.40607) August 4, 2012 5:33 pm login_denied_banned_IP

I use Login Ninja , time to time I ban them with “yearly ban” bad IP’s , I have about 30 banned IP’s till now , it is not too much work to ban them , because spammers use only one IP to create in 1 run 100’s accounts (maybe using XRUMER ecc. read it on http://www.blackhatworld.com , in Ninja login log you will see that spammer during the night tried to create another 100’s accounts with banned IP) . So my advice is to ban every new bad IP and you will avoid 90% of spam , your only work is to ban every first new account with new IP which is in my case 1 ban in 2 weeks. Spammers will notice (probably using scrapebox – hrefer) that their run didn’t work and scrapebox or another tool will automaticaly remove your address from their lists. If this works some of them share your address on SEO blackhat websites all over the world , then your chances to get a spam rapidly increases.
P.S – I am not a spammer , I like white-grey hat SEO but I read a lot about blackhat SEO techniques to avoid the spam on my websites

Disable User/Pass registrations and use a Facebook only registration system.

It may be actual humans signing up. People get paid pennies to sign up and spam forums. So, unless you verify every account before letting them in you can never remove all spammers.

Thanks everyone, I am going to test drive these suggestions over this week.

== hanging the name of the Register page in wp-config.php ==

@falcott that’s no longer needed with this version.

1. Delete the code to change register name in wp-config.php
2. Create a new page with the name/slug of the register page e.g. Join
3. Go to dashboard menu BuddyPress > Pages and look for the “Register” line and choose the Join page in select dropdown and save.
4. Go to yoursite.com/join to check.

== hanging the name of the Register page in wp-config.php ==

@falcott that’s no longer needed with this version.

1. Delete the code to change register name in wp-config.php
2. Create a new page with the name/slug of the register page e.g. Join
3. Go to dashboard menu BuddyPress > Pages and look for the “Register” line and choose the Join page in select dropdown and save.
4. Go to yoursite.com/join to check.

@ryanhellyer https://buddypress.org/community/groups/spam-destroyer/

@ryanhellyer thanks for sharing your new plugin here. Changed title of your post so others won’t think it’s another request for help to combat spam but rather a solution to destroy spam

The following steps helped me stop most spam.
install s2member and follow the security steps (verify that all keys are created)
Delete the Register folders in BP (make sure to save the files)
use WordPress register form, ( you can intergrate s2members to BP )
Have the passwords e-mailed to the user that is signing up.
in custom.php change the slug of the register and members.

These steps helped me lock down my BP site. It stopped activity spam and fake members.
Good luck.

Try:

Change the register slug to something else. Make sure BuddyPress or WordPress is not shown on any page of your site. Check footer and header via the browsers view source. Use a captcha. Only allow sign ups via Facebook connect. Don’t use multi site.

In my profile privacy plugin there is a button on user pages that lets admins mark user as spammer. This is for quickly blocking a user. It doesn’t delete account just puts account into a state that will not allow user to sign in.

I’m working my way through my plugins and adding updates. One update I may add to the profile privacy plugin is too block an account if they post without doing a certain thing first. Maybe they need to add a friend or join a group.

Search around, but no one should open a BP site without locking it down.

I have not yet launched my BP site, but I too am concerned about this happening. If I use things like CAPTCHA on the registration page or https://wordpress.org/extend/plugins/wangguard/, will it be sufficient enough to prevent spammers?

Hi Mode, apart from manually remove the offenders, I am not sure what I can do.

have you taken any steps to prevent spam?

I am a new Buddypress user but in a very short time, our site has had numerous spammers join. This is a significant problem limiting the potential of the system. I have just 21 users and have had to remove 4 of them as spammers. What happens with 2100 users? Removing spammers will be a fulltime role and that would seem to defeat the purpose of a self-maintained website and social media community.

Why have a separate install? Is it because you want it to look different? You can style BP pages differently. Multi site opens a spam can if not completely locked down.

Check out this tutorial:

http://wp.tutsplus.com/tutorials/security/best-practices-for-preventing-buddypress-spam-user-registrations/

I can obviously delete the user but I’m guessing that it won’t delete their blogs.

Give it a go, you’d be surprised

I have the same problem. The help in the FAQ seemed to work if the problem is the e-mail is ending up in Spam – but my problem is that the e-mail didn’t come at all. And eventually those users will want to re-register with the same e-mail but they can’t because the site says “that account already exists”. I need a fix for BOTH these issues.

In the past 6 months I was getting 50+ spam bot registrations a day. I used WangGuard, but it was not catching them.

The bots were looking for the default registration page at http://yoursite.com/register

I changed the permalink of my default registration page to something else and have not had any issue since then.

Knock on wood, I have not had to delete any bogus registrations for the past month.

I hope this helps.