@JJJ: First off, thanks.
Secondly, is the thought to hook into Akismet for the various actions within Buddypress? Wonder if this is served best by making the existing Akismet plugin Buddypress aware since the same effort needs to happen with standalone bbPress, etc.
Ths should be fixed. Thanks for your patience.
Just for anyone’s edification I realized I can block IPs from accessing the site at the server level. My server uses cpanel and there’s a function called IP Deny Manager. Since the plugin “User Activation Keys” lists the IPs of everyone attempting* to join I can easily see the most offending IP addresses – and so far I have blocked 6 – the amount of spambot signups is waaaay down. Yes. The risk is that there are REAL people who are on this server who would probably like to use my site but are now blocked from even seeing it.
* I am also using the plugin “Registration Options”
@Djsteve Did we jump off the happy truck today? My site is using WP+WPMultiSite+BuddyPress and a dozen or so plugins and, personally, everything seems to be running rather smoothly. Yes, there are a few disconnected pieces here and there – but I have PAID for scripts and plugins that ended up having as many problems if not more.
And yes, user management and no connection to Akismet or an ability to put CAPTCHA into the signup form seems like an obvious gaffe but …
I wish users would remember to check spam/junk folders but that’s a people issue outside of our control.
I am fairly certain that Akismet will be connected in v1.3.
@mateko No. At this time it is NOT possible to resend activation emails to BP members and nor can admins manually activate members from the console.
I have not tried it yet, but you may try deleting a member from admin and telling them to re-register and watch the junk folder.
Hopefully these issues will be addressed in v1.3
have they checked their junk mail / spam folders?
If your users aren’t happy about this, just wait until they start using it – lol it’s a crude work in miserable progress imho – the signup issueS are just the beginning. I would consider buddypress more of a hobby thing for those who want to spend long hours in multiple forums trying to hash out why everything does not work well together. You will find spam robots have no problem signing up and activated dozens of accounts daily. Once your users actually get activated they will have a great time trying to sort out real blog posts from spam, they may wish they never signed up in the first place – especially if they create their own group.
yes, of course, and i tried it several times. then, instead, i renamed the sub dir mentioned at the offending dir, and tried that, and then the theme had been recaste, so i switched it back to the buddy theme … so it saw the buddy theme without this other subdir, after i reset the buddy theme and did compat stuff, i then switched dir name back to original name, and turned back on groups so they could be started by members. now i have a members question, because i had too many spammer hackers. now i have checked OFF the ANYONE CAN REGISTER box, because i cannot have these spam hackers in. how can i have moderated memberships?
I have a similar issue. I know activation emails are being sent. However, some of these emails get sent ot junk and the member doesn’t know to check. When I go to the “Users” section in the admin I see nothing that indicates non-replies as spam and certain no way to “activate” a member.
Is there a way to resend activation?
7395361Inactive
Spam post and link removed -hnla
@DJPaul @boonebgorges account needs removing.
okay I saw how to delete them, or mark them as spam. I guess I am only left with inquiry number 2 and 3 please
“WOW, I did the above mentioned items and I am still getting hammered with spam blogs. I have no idea what to do now, I am already making a sacrifice by taking away blog creation during signup. “
Start looking at access logs. If you have no way to check how they are getting in, then you have very little luck in stopping them.
have you DELETED the exisiting spam users? Because if you;re just deleting the blogs they create and leaving the spam users…. they just create more.
@jwack
– Yep
– Yes, it’s not the most accessible-friendly way to prevent splogging but we do require people use the code in order to register at all, instead of a captcha. And we haven’t had a single spammer since. But for the few who don’t know it, we also provide the link where they can easily find out what it is, especially if they feel too lazy to look it up (I would be, heh).
Since our targets are mostly local people or former residents, they tend to know what the zip code is. If you have a genre-specific site, perhaps a similar technique could be applied? Or maybe a developer here could help you to modify the code so it applies only to the blog registration? I’m more of a front-end user/designer so altering other dev’s code is way out of my league >_<;
@jwack
hi, I had similar issues… even after removing the blog signup at registration, spammers would sign up, activate their accounts, and then create a new splog. to help cut down, I tried these steps:
– changed my registration slug in bp-custom.php:
define ( ‘BP_REGISTER_SLUG’, ‘join’ );
– also added a redirect of wp-signup.php inside bp-custom.php:
function register_redirect() {
if (strpos($_SERVER, ‘wp-signup.php’) !== false ) {
$url = ‘http://www.mysite.com/join’;
wp_redirect($url);
exit;
}
}
add_action(‘init’, ‘register’);
those two helped but didn’t completely remove the issue, this plugin really nailed it for us though:
– installed this plugin: https://wordpress.org/extend/plugins/invitation-code-checker/ (since we have a local comm site, we just used a zip code as the invite code)
Not sure how your site is set up but perhaps you can find a way to use it too, may even allow you to re-enable blog sign up at registration. It says Tested up to: WordPress MU 2.8.4 but I have WP 3.0.3 with network enabled and BP 1.2.6 and still seems to be working just fine.
Most of these suggestions were pulled from helpful posts on BP, hopefully they help you out a bit 
WOW, I did the above mentioned items and I am still getting hammered with spam blogs. I have no idea what to do now, I am already making a sacrifice by taking away blog creation during signup.
Any ideas of what I can do?
Dear Sirs:
As my last comment on this behalf, I will point out the following. When I began to develop our social site we choose BP due to the special Open Source background and options WP had develop through these years, creating a marvelous OPEN SOURCE ad dons / plugins and community network.
During the last years I received all kinds of support without asking, requiring or insist to me on donations or subscription to plans to grand support. Neither, requiring it to offer a future solution, upgrade or update.
As you can see in their website, lot of user tried to contact this developer, always the same answer, no time, need more resources, get a support plan or worst deleting comments on their website. If open source is going to be handle this way, forcing to pay or “DONATE”, I will not participate or incentive such actions, neither to support what could be hidden commercial initiatives. I will and expect others like me to support by donate real developers who invest their time and bring real and finished solutions.
Been responsible by making situations public that can benefits the Open Source community is not spamming and neither a reason to be banned. Instead and before to make such opinion you must know or identify your interests or on which side you are.
Regards,
Have you also changed the default signup slug and the link text to get to it? Make sure you nofollow that.
many of them come through via google, right to your signup page.
Disallowing bots to follow the signup page link (nofollow on the link), changing the default signup slug and adding new profile fields really really does help. And no plugins either.
I’ve experienced a bit of success with AVH First Defense Against Spam:
https://wordpress.org/extend/plugins/avh-first-defense-against-spam/
Checks the user’s IP against StopForumSpam and Project Honeypot (with an API key) before parsing the entire page.
This won’t stop human spammers but every little bit helps.
We installed the WP Super Captcha plugin on 3 different WP/BP high traffic sites and it cut the spam sign ups down by 80% immediately. Not a beautiful solution, by any means – but it does work somewhat. 80% is better than nothing.
Can be configured to show the captcha on the sign up page and login page – whichever you prefer, or both. Compliant for WordPress (with or without Multisite enabled) and BuddyPress configurations.
https://wordpress.org/extend/plugins/super-capcha/
Good luck!
Get more administrators, and install the BP Moderation plugin. Make a big announcement to all members letting them know there is a new report feature(from the BP Moderation plugin) and you would greatly appreciate it if they would use it to report prohibited content.
Naughty naughty please don’t put words in my mouth, Fair point that maybe my opinions have no value on here never said they didn’t . did, though, express my opinion that I saw no value in your post here on this subject, your opinions are as worthy as any I’m sure.
I left this thread open so that discussion could continue rather than lock it in woeful abuse of power
Now look those flipping spammers have caused more strife and anguish is there no end to their vile actions, if this wasn’t a public forum I would take pleasure in describing just what a bunch of *** **** those *** are and **** their **** lives – fill in the blanks ** shrug**
To be frank it wouldn’t piss me off any more than trying to navigate through the spam on here.
Fair point that maybe my opinions have no value on here and certainly offer nothing to help. You did however prevent discussion, and it much as I don’t doubt there are powerful minds already at work on the issue that doesn’t mean it isn’t possible somebody else might have a helpful suggestion to make given the opportunity to discuss.
I did try to search for relevant threads – all I got was results of spam though 
I missed no point I closed the thread in response to the last to post to it, they were remarking on the level of spam they get on their site.
The thread had no plausible benefit, as stated there are detailed threads on measures one can take and that should be read to simply re-state what we all are aware of can become a little tedious.
As for your post here, equally I see no real virtue or benefit in it do you not think all the regulars and core devs are not aware of the issue or that people like myself that spend a considerable amount of time on the site aren’t driven to distraction by it? Or that we have not mentioned it often and repeatedly and that there perhaps are reasons that direct and swift action can’t be taken.
So sorry but you are wrong to contradict my actions I was not preventing discussion just discussion revolving a subject that simply goes nowhere. We are aware of the issue! Also please bear in mind that this site is manned with volunteers all working away and busy, deleting threads and accounts becomes a very irksome task.
Technically given what I have said I ought to close this thread, but that would just piss you off wouldn’t it ?
