BuddyPress.org

Nope. They have a history of going to spam boxes, so you might check there.

The links are nonced, so I can’t recreate the link for you. It looks like http://example.com/members/username/admin/delete-user/?_wpnonce={random string} or http://example.com/members/username/admin/mark-spammer/?_wpnonce={random string}. You could create widget that shows up when an admin visits a user page.

When a user registers, an email is sent out with an activation link. The user must visit this link to activate their account before they can log in. I’m in a hurry, so I can’t do it right now, but there are a few plugins, and even some code snippets on this forum that will allow you to bypass activation. It’s not recommended on a live site to help block spam users.

Yes there is. As long as you are a super admin, just visit the spam user’s profile page, and you’ll see “Admin Options” show up in the buddybar (the toolbar at the top of the page). In the drop-down you’ll see the options to delete/spam.

what queries are you guys using to delete spammers?
what is the fastest procedure within BP?

Thanks dianat – going to your wp_users table and set user_status to 0 works perfectly. And for those who want the SQL for that, it is:
UPDATE `wp_users`
SET `user_status` = 0
WHERE `user_status` = 2

I’m looking at the annotated revision log https://trac.buddypress.org/browser/branches/1.2/bp-blogs.php?annotate=blame&rev=4066 I can see why Subscriber blogs aren’t showing up. What I *can’t* see is why they ever should have been. It looks to me like the code has always intended for Subscriber blogs to be excluded. A recent change in WP blog role management must have made the code finally fulfill its intended purpose.

How to fix: You could write a short plugin that runs every time add_user_to_blog fires, and adds the blog to the BP user’s list using bp_blogs_record_blog(). Ideally there would be a more configurable way to make this work; it’s worth an enhancement ticket on trac.

The short plugin would work something like this. Totally untested.
`function bbg_add_subscriber_to_blog( $user_id, $role, $blog_id = false ) {
global $current_blog;

if ( empty( $blog_id ) )
$blog_id = $current_blog->blog_id;

if ( $role == ‘subscriber’ )
bp_blogs_record_blog( $blog_id, $user_id, true );
}
add_action( ‘add_user_to_blog’, ‘bbg_add_subscriber_to_blog’, 15, 3 );`

The other part of the equation is to sync the whole shebang, which will have to be done once. Something like this (also untested) might work:
`function bbg_record_existing_blogs() {
global $bp, $wpdb;

if ( !is_super_admin() )
return false;

/* Truncate user blogs table and re-record. */
$wpdb->query( “TRUNCATE TABLE {$bp->blogs->table_name}” );

$blog_ids = $wpdb->get_col( $wpdb->prepare( “SELECT blog_id FROM {$wpdb->base_prefix}blogs WHERE mature = 0 AND spam = 0 AND deleted = 0” ) );

if ( $blog_ids ) {
foreach( (array)$blog_ids as $blog_id ) {
$users = get_users_of_blog( $blog_id );

if ( $users ) {
foreach ( (array)$users as $user ) {
$role = unserialize( $user->meta_value );

bp_blogs_record_blog( $blog_id, $user->user_id, true );
}
}
}
}
}
add_action( ‘admin_init’, ‘bbg_record_existing_blogs’ );`

Be forewarned that the latter function should only be run once; comment out the add_action() after it’s done its work. And it’ll only run if the Super Admin visits a Dashboard page. And it might be resource intensive, as it will recheck blog membership for every blog on the system. Use at your own risk.

Am attempting to implement some of the ideas from this forum, particularly those from the post https://buddypress.org/community/groups/how-to-and-troubleshooting/forum/topic/buddypress-spam/?topic_page=3&num=15#post-69499
Would really appreciate some guidance in order to do this correctly. Some of this may appear stupid –

My Set up is the following-BuddyPress installation on a subsite.

a) Multisite with subdirectories http://examplesite.com/ – http://examplesite.com/subsite1 – http://examplesite.com/subsite2 – http://examplesite.com/subsite3 etc etc.
b)BuddyPress installed on a subdirectory. say on http://examplesite.com/subsite3
c) So that there is a consistent signup interface I have redirected the signup of http://examplesite.com/ from http://examplesite.com/wp-signup.php to http://examplesite.com/subsite3/register via a plugin Quick Page/Post Redirect. Before doing this the signups at http://examplesite.com/ were going to http://examplesite.com/wp-signup.php and from anywhere else were going to http://examplesite.com/subsite3/register.

Question 1
With regard to
1)# BEGIN ANTISPAMBLOG REGISTRATION
2)RewriteEngine On
3)RewriteCond %{REQUEST_METHOD} POST
4)RewriteCond %{REQUEST_URI} .wp-signup.php*
5)RewriteCond %{HTTP_REFERER} !.examplesite.com. [OR]
6)RewriteCond %{HTTP_USER_AGENT} ^$
7)RewriteRule (.*) http://examplesite.com/goaway.html [R=301,L]

A) In line 4 what do I replace .wp-signup.php* with ? Is it .register.php* ? or is it .subsite3/register.php ?? or is it something else ???
In line 5 do i replace !.examplesite.com. with anything ? say !.examplesite.com/subsite3. ???

Question 2
With regard to “changing the register slug”
A) does this mean changing the name of the file register.php ??? or something else ??? and inserting define( “BP_REGISTER_SLUG”, “your-registration-slug” ); with the new name replacing “your-registration-slug” say retsiger.php or with some other name?
Would it then be necessary to go into the plugins like say Buddypress Humanity and change any references to register.php to whatever its name has been changed to or is that taken care of by the define( statement )) ??

Question 3
If the site was http://www.examplesite.com/ instead of http://examplesite.com/ would there be any changes to your advice ?

Question 4
In my .htaccess file there is already a line “RewriteEngine On” . Do I still include line 2 of the above?

Question 5
Is there any particular place in the .htaccess file where the above code should be inserted ?

Many Thanks

This feature would be great ,that way user can delete unwanted spam on his activity or @mentions .I’ve setup an filter on comments for now to prevent spam posts on activity.
example: if you’re not friend with an user you can’t comment on his activity.

looking forward to this feature

Unfortunately, from the BP end, the only way you can do this is to give users super admin privileges. This will improve in future versions of BP, but for now that’s how it works.

You might be able to finagle something on the Dashboard side. I believe that WP also requires you to be a Super Admin to spam users, but there are custom role plugins for WP (I think https://wordpress.org/extend/plugins/role-scoper/ will do it, but others can correct me) that will let you, say, allow Editors to mark users as spam, or to create a new role for that purpose. They’ll have to do it from the Dashboard, but it should work.

As I’ve mentioned emails not being received is not really a WP/BP issue it’s a server configuration / email records spam filtering one, certain hosts are known to cause issues -many employ plugin solutions to bypass problems although that doesn’t really resolve issues.

I would suggest you try a search of the forum posts as there have been many threads started on the subject.

You would know if you were using Multisite as setting up a WP install to run in Multisite mode is a manual procedure where you have to first add a line to wp-config then a new option appears in the dashboard to set up a network.

If you’ve added users from the backend then log in as that user on the main site.

Non receipt of activation emails could be any number of issues but generally it’s a server based one rather than WP and/or emails from the server are getting rejected by the receiving server if it thinks your server is not allowed to send emails from your domain name, also check spam boxes ion case they’ve been dropped in there

Same problem here: legitimate users registering and being marked automatically as spammers.
I am running on WP3.1 with a single main blog. Any help is appreciated!

I’d recommend TigerTech and CloudFlare for free CDN and enhanced security. Gee, I feel like I’m an ad. No, I don’t work for them but started using CloudFlare the other day (used TigerTech for a long time). CF cut out thousands of spammers on my site and stopped many threats (hundreds).

It’s not difficult, you should have two options on the buddypress bar there should be an Admin or User Admin link on that will be the option to mark as spammer or you can go to the dashboard -> admin or network admin -> users and check user, select mark as spam from bulk actions drop down.

https://buddypress.org/search/?f=spam

Thank you so much for this post. I used the WP Activate Users plug-in and problem solved!

Let me also add, you may want to change the file names for your login and registration pages too.. Like if you have to go to http://yoursite.com/registration.php rename it to http://yoursite.com/reg123.php remember to look trough the files that calls registration.php and rename it accordingly.

These automated bots are usually just that, automated that are programmed to look for specific strings in search engines that return a list of buddypress sites and then harvested. I was getting hammered with 20+ blogs getting created a day that was spam. I tried ever plugin and .htaccess tricks known to man and none of them worked. I was tired of all of the spam I was getting so I put on my tin foil and went to war. I was determined to win this war and to stop 99.9% of automated spam dead in its tracks.
First I went to cpanel and under the “Website Traffic” on the left side of the page and clicked “View all traffic” then clicked on my domain name.

When the statistics page for that domain loaded I looked on the left hand side of the page for “Search Keyphrases”, this will show me a list of the keyphrases that was used to find my site.

I found all the keyphrases that was used by the spammers to find my site in the search engines and here is the list of the keyphrases.

1. intext create an account username required email address required blog details inurl register
2. to start connecting please log in first. you can also create an account. .cr. blogs
3. allintext create an account account details profile details blog details yes i d like to create a new blog
4. yes i d like to create a new blog
5. “blog url required ” inurl /register
6. “yes i’d like to create a new blog”
7. intext create an account blog details inurl register
8. to start connecting please log in first. you can also create an account. .be.blogs
9. inurl register yes i d like to create a new blog
10. intext blogs create an account username email address blog details inurl register
11. to start connecting please log in first. you can also create an account. .de.

What I did was I went downloaded the buddypress to my desktop and open every file with NotePad++ and started searching for “create an account; blog details; yes i d like to create a new blog” Once I found those strings, I changed the name to something else and on the registration page I removed the “yes i/d like to create a new blog” along with its checkbox completely and i searched everything with the word “blog” and changed it to something completely different. I Also renamed the “bp-blog.php” and the /bp-blog/ folder.
Make sure to search through the other files in the buddypress folder for anything calling the “bp-blog.php” and the /bp-blogs/ and rename it accordingly.

It has been a week since I done this and I have yet to be spammed. I went from 20 a day to zero overnight by doing this.

You are correct there are dozens of threads out there and most of them are from when I put my buddypress site on hold (ver. 103 late 2009- 20010) because i could not control splogs. I tried all the suggestions from the posts but still had sploggers working around everything. I am researching the environment now to get the site up and running and it does not seem to have changed much. It has been the #1 thorn-in-the-side of Buddypress and still appears to be so. I have spent hours on this and would appreciate an answer, also.