BuddyPress.org

Let me also add, you may want to change the file names for your login and registration pages too.. Like if you have to go to http://yoursite.com/registration.php rename it to http://yoursite.com/reg123.php remember to look trough the files that calls registration.php and rename it accordingly.

These automated bots are usually just that, automated that are programmed to look for specific strings in search engines that return a list of buddypress sites and then harvested. I was getting hammered with 20+ blogs getting created a day that was spam. I tried ever plugin and .htaccess tricks known to man and none of them worked. I was tired of all of the spam I was getting so I put on my tin foil and went to war. I was determined to win this war and to stop 99.9% of automated spam dead in its tracks.
First I went to cpanel and under the “Website Traffic” on the left side of the page and clicked “View all traffic” then clicked on my domain name.

When the statistics page for that domain loaded I looked on the left hand side of the page for “Search Keyphrases”, this will show me a list of the keyphrases that was used to find my site.

I found all the keyphrases that was used by the spammers to find my site in the search engines and here is the list of the keyphrases.

1. intext create an account username required email address required blog details inurl register
2. to start connecting please log in first. you can also create an account. .cr. blogs
3. allintext create an account account details profile details blog details yes i d like to create a new blog
4. yes i d like to create a new blog
5. “blog url required ” inurl /register
6. “yes i’d like to create a new blog”
7. intext create an account blog details inurl register
8. to start connecting please log in first. you can also create an account. .be.blogs
9. inurl register yes i d like to create a new blog
10. intext blogs create an account username email address blog details inurl register
11. to start connecting please log in first. you can also create an account. .de.

What I did was I went downloaded the buddypress to my desktop and open every file with NotePad++ and started searching for “create an account; blog details; yes i d like to create a new blog” Once I found those strings, I changed the name to something else and on the registration page I removed the “yes i/d like to create a new blog” along with its checkbox completely and i searched everything with the word “blog” and changed it to something completely different. I Also renamed the “bp-blog.php” and the /bp-blog/ folder.
Make sure to search through the other files in the buddypress folder for anything calling the “bp-blog.php” and the /bp-blogs/ and rename it accordingly.

It has been a week since I done this and I have yet to be spammed. I went from 20 a day to zero overnight by doing this.

You are correct there are dozens of threads out there and most of them are from when I put my buddypress site on hold (ver. 103 late 2009- 20010) because i could not control splogs. I tried all the suggestions from the posts but still had sploggers working around everything. I am researching the environment now to get the site up and running and it does not seem to have changed much. It has been the #1 thorn-in-the-side of Buddypress and still appears to be so. I have spent hours on this and would appreciate an answer, also.

Based on the testimonials, cloudflare might help with spam problems, too. Let us know.

“Providing that flexibility is nice. However, with the exception of groups, there is no reason that the current BP core components need to offer the ability to assign roles. Why would a user want to grant someone the right to control their personal content? Facebook and Twitter don’t offer users that option.” — Jeff Sayre

Hi Jeff, sorry to reopen this topic, but I think it needs a revisiting.

The ability to easily hook into wp user capabilities and extend them to buddypress user capabilities is useful in several social network contexts. And, I hope buddypress is trying to be a more flexible platform than facebook or twitter since it is an open source platform that developers would like to be robust and scalable. I understand the idea of an egalitarian social network like facebook, etc. However, there are many social contexts in which a hierarchical social network structure might be needed. Furthermore, adding the flexibility to developers as an additional component of buddypress would not complicate it’s egalitarian default settings.

One example of a hierarchical context is an educational institution with Administrators, Professors, Instructors, Teaching Assistants, Students, Prospective Students, Alumni, etc.:

As it is now, there are only bbPress roles within groups (which are needed). However, without the ability to assign capabilities within buddypress outside the scope of groups, it is nearly impossible to create capabilities restrictions such as:

user_may_create_groups
user_may_start_forum
user_may_delete_comment (e.g. spam or inappropriate comments)
user_may_assign_capabilities
and so on.

In particular, the ability to restrict certain users from creating groups has been a topic in many other forums about buddypress. Yet, it hasn’t been well addressed.

@xxxxx Stop notification spamming. Consider this your third (and final?) warning.

Hi,

You can try WangGuard https://buddypress.org/community/groups/wangguard/

[EDIT]
“blocked” and “inactive” roles appear to come from bbPress as this is not native to WordPress. My suggestion would be to *not* use these roles at all for the moment.

If you’re using multisite, just use WordPress’ native Network Admin user administration panel and set users as spammers:
https://codex.wordpress.org/Network_Admin_Users_Screen

Do not use the regular WP admin users screen for this!
https://codex.wordpress.org/Users_Users_SubPanel

NO, this is NOT a buddypress problem.

If you mark a user as Spammer, does it block him from logging in?

Use a plugin called “wp-ban” to ban users

Do you have buddypress installed? This is not really a bp issue. Although if you do have buddypress installed, just mark him as spammer

You must search for anti-spam plugins that filter out spam activity that the users make.

If the “spammers” are going past the captcha, that means they are not robots, actually people, just spamming your site.

So keep the captcha for robots, and you will need to search for anti-spam software to filter out the spam content posted on your site.

Hello,
I am leaving this here in case anybody else is at wits end with this problem. I installed the following plugin:

https://wordpress.org/extend/plugins/si-captcha-for-wordpress/

It is a capcha for subscriber sign up. Our buddypress has not been released yet, and we were getting upwards of a dozen spam sign ups a day. I installed this plugin a week ago. So far, no spam signups. I hope this helps.

Do you put the capatcha only on the registration area or on other parts of your site as well?

I have been fighting this issue for awhile. Last week, I found this plug in:

https://wordpress.org/extend/plugins/si-captcha-for-wordpress/

I’ve gone from dozens of spam subscribers a day to nothing over the last week. I hope this helps.

Hi,

Test this plugin: https://buddypress.org/community/groups/wangguard/

Hi,

Test this new plugin: https://buddypress.org/community/groups/wangguard/

Hi,

There is a new anti-splog plugin, you can try it, is free for personal use:

https://buddypress.org/community/groups/wangguard/

https://wordpress.org/extend/plugins/bp-group-management/

Greg,

You have to do this front-end…. go to the group.. choose the admin link –> then delete group… There are some plugins for the back-end management of groups too…

@josh101 I totally hear ya!

i found another (insert curse word here) bug. When you mark someone as a spammer from their profile in Buddypress – they don’t actually get marked as a spammer on backend. Probably because of this (insert curse word here) way of separating the stupid (insert curse word here) network admin from regular admin. This is totally reedonkulas. So now… deleting spam got even harder. And I know for certain some of my spam plug-ins got broken too. So they are descending upon me like …. it’s not even worth discussing anymore. I’m just going to get angrier.

edit:

and… (am i angrier… yes) when you delete the (cuss word) spam after you’ve clicked on “registered” to make it show last joined and first joined, it reverts to alphabetical again just to piss you off and make you have to click the stupid “registered” button again to show first joined or last joined. Welcome to HOURS of spam deleting made possible to you by WordPress… the official WP motto “we aren’t into efficiency, we’re just into kicking all of you in the stomach”

@travel-junkie – I get over 2 million hits per month to my site. I get at least 400 spam sign ups a week. This is not an efficient change!

@zkwc
Well, I get around 1 spam signup a week, if that. On any of my BP sites. For me, alphabetic ordering makes sense. And it would be for most WP sites (most of which aren’t BP enabled sites, btw). Obviously, WP development is separate from BP development, so changes made to WP might not make much sense for some BP users, but a lot of sense for the majority of WP users. Just some food for thought…

I just upgraded 7 of my sites to WP 3.1 plus a few client ones and didn’t have any plugin problems at all. With the widespread adoption of WP it’s natural that some sites will experience problems, but don’t make this out to be an issue for everybody, when in fact it isn’t.

As for the network admin page, this way is more organized. Stay on the current blog admin page to handle everything to do with this particular blog, go to the network page for anything related to running the network, like sitewide enabled plugins. To me this makes sense…