Nope, didn’t help. Still being bombarded by spam. About ready to ditch Buddypress altogether and go back to regular WordPress site. *sigh*
I’m actually about ready to pitch Buddypress completely at this point because of spam. I’ve tried all the options I see mentioned all over the web about how to combat spammers…and my Buddypress site is the only one that its consistently not working on. Even with more than one captcha hoop to jump through on registration, they are still getting in and filling up my activity stream! I’ve about had it.
That is a great looking site and looks pretty active. Did you pay for the theme? Also I want to ask how you are faring with the use of Groups and a Forum. Are users figuring out the differences between them? And are you getting any spam?
Along with tags for status updates, having the ability to select a group to post in from a dropdown box would be useful too.
Which leads to another thought. BP is too confusing. Groups, Activity Feed, Forum, etc. It doesn’t have to be so convoluted. This is why 9.9/10 BP sites are unsuccessful. It’s exciting to build it at first, only to realize that users don’t have a pleasant experience navigating the mess (and spam) and never return. Why not build the platform around the Activity Feed and Groups?
What I can’t understand is how all the big time Buddypress sites don’t have the same heavy spam that little, unkown sites are experiencing. This site for example. Where’s the spam? Or testbp.org, where oh where is the spammmmm?! They are obviously doing something to block it. But what’s the secret, and why is it a secret??
Another way for lairbear to reduce spam on the activity page not to mention elsewhere is to go into his wp discussion settings and make it a requirement that anybody posting a comment be registered.
I would urge that you consider adding additional options for any member to take their activity page as well as their profile page private so that this doesn’t happen!
Activation key is generate key by wordpress and sended to the email of registred member. The new member must activate his account by clicking in the activation link ( the link contain the activation key)
Activation is used to detect if the email exist and blocking multiple registration by the same email ( spammer), and many others advantage ….
Direct messaging is disabled on BuddyPress.org (people kept spamming people). Since you mentioned @sbrajesh, he should have received an email notification. However I suggest you visit his site for support http://buddydev.com/
Perhaps this column gets updated when I mark the sender as a spammer? Which I did do in this case. This perhaps would prevent private messages from being seen by the recipient.
This is exactly what I have been trying to find an answer to. No one has seemed to provide a straight answer but this goes a long way. Thanks guys. I think I will reference this and work on this problem myself, too, and provide some feedback.
I think (not sure!) that one of the ways you can stop spam is to put required fields on the profile that utilize human input. Requiring fields like favorite color, or something where people have to actually input something may be helpful to slow down spam. At least, that’s a theory. Anyone have anything like that or provide some feedback on this theory?
Thanks Paul. I read the article briefly last week and will read it again.
Meanwhile here are some findings:
1) It seems apparently the hackers are using some auto-login scripts – cos after setting achievements for tracking/awarding 1 point per login, some accounts clocked in over 20K points in a single day (twenty thousand times of login in to the site?!)
2) Another research method which was accidental – i setup Feedjit to see traffic and potential users coming in. Apparently the hacker use this search phrase – “powered by WordPress and Buddypress” so they must have and actively seeking sites powered by Buddypress knowing they can come in to create spam easily.
Anyway the above observations is for those who are working on their sites as reference.
– “neosolcafe.com/community” – That link goes nowhere.
– “activity stream redirects users off the site to view the links.” – you mean you have spammers posting off-site links in status updates?
@mrguythornton – Firstly, the mods are human too and do make mistakes, if they do mark it as resolved when your not confident that it is then just say so and @ one of them asking them to remove it. The mods are actually kind people (unless your a spammer). Also, not sure if your aware of this, but to mark a post as resolved the mods simply edit the title to say so – your welcome to remove it easily by clicking ‘edit topic’ and removing it. (if your the one who started the thread)
Anyways, now that that’s out of the way – “ is how you would get the URL to the loggedin user’s profile. (you’d have to code it deliberately though, i don’t think it’s easy to add it to WordPress’ custom menu.)
Something like this will (should?) work.
`<a href="”>Visit your Awesome Profile!`
Buddypress Humanity has worked really well for me.
Thanks for the replies Aces. I have upgraded from the most previous version of buddypress (1.5.4?). I was fortunate enough to to a backup right before upgrading so I am going to attempt restoring to the older version, so I can give you the exact information later.
When I send a test email from WP-Mail-SMTP I get the “bool (true)” message at the top of the test report, which I have read means that the test went through. However, the email never makes it to my inbox (or spam).
I’m not sure if this is solely a Buddypress issue as I am not receiving emails on new comments either, but this is the only change that has been made since I stopped receiving messages all together. My host provider assures me that it is not an issue with them.
Hi
There’s unfortunately no guaranteed solution to prevent spam user signup. There are a couple of easy things to start out with; try items 1 + 2 from http://themekraft.com/spam-in-buddypress/
“The most important plugin (imho) which is not available is new user moderation…”
In 1.6 the core devs have been doing some work on user capability stuff to make user moderation easier and mentioned that some of the changes will “give us more control over a users status and capabilities for later.” So, something like that ‘could’ end up in core *later* 
See: https://buddypress.trac.wordpress.org/ticket/4038
But, their are wordpress’ plugins that might help keep non-authorised users out – eg. https://wordpress.org/extend/plugins/wordpress-mu-secure-invites/ & https://wordpress.org/extend/plugins/wp-invites/
Thats great Chris!
I also experienced my first registered spammer today, while I already took some precautions.
I’ve installed https://wordpress.org/extend/plugins/stop-spammer-registrations-plugin/ to stop spammers from getting in. The most important plugin (imho) which is not available is new user moderation…
A lot of small communities also use buddypress, and for those communities I think it would be fantastic to have an option to hold new users for moderation.
This plugin: https://wordpress.org/extend/plugins/bp-registration-options/ was able to do that but hasn’t been updated in ages…
And that option will probably stop bad users from getting in, forever
i am about to try this: https://wordpress.org/extend/plugins/stop-spammer-registrations-plugin/
– it looks very good. anyone tried it with BP yet?
@lairbear spam is an issue that is almost impossible to control, even the big proprietary social networks have a huge issue with spam – and they have alot of money to spend on controlling it. (I’m very popular with all of the really, really hot ladies on Facebook… lol)
In BuddyPress 1.6 their will be some anti-spam tools for the activity feed built-in that will hook into Akismet (http://akismet.com) to help control it, and while it has cut it down by alot on my test sites using it, nothing can beat manual HUMAN moderation. (Related ticket: https://buddypress.trac.wordpress.org/ticket/3660)
Theirs also afew plugins that add captchas to the registration page, to kick them out before their even in… oh, and this article is pretty comprehensive – http://wp.tutsplus.com/tutorials/security/best-practices-for-preventing-buddypress-spam-user-registrations/
Thanks! That was simple enough! (changing registration slug)…didn’t realize there was that feature in Buddypress now, and that it would be that easy! Here’s hoping it helps!
You need to change the register slug. Pick something unique. Ex. http://www.mommychats.com/join-mommy-chats
This only blocks bots, people are getting paid pennies to sign up to sites so you can’t really block real people.
If you can, look at server logs to see a pattern for spam. Then block ip or emails. I would block yahoo emails, they are a spam haven. You could also limit to Facebook login only.
We could do with updated recommendations of antispam software, right enough.
Fortunately, deleting spammers is easy and take their posts down the tubes with them, but it is a chore.
@enderpal444 Their is functionality for this going into BP Labs when BuddyPress 1.6 is released.
See: http://byotos.com/2011/12/19/bp-labs-you-may-like-this/
While it isn’t exactly ‘core’ and is a completely separate, unofficial project, it is maintained by @djpaul who is a BP core dev and it is known for being a testing ground of afew of the new features being introduced in buddypress 1.6 (eg. akismet activity spam filter)
Might be an idea to keep an eye on it.
