BuddyPress.org

https://buddypress.org/community/groups/bp-registration-options/

https://buddypress.org/community/groups/bp-moderation/

You can also increase the minimum time required for completing the reg process.

@gregfielding check this out as well http://buddydev.com/plugins/one-click-mark-spammer-for-buddypress/

Try the BuddyPress Moderation plugin. I think you’ll like it.

[edited by r-a-y to add link]
https://wordpress.org/extend/plugins/bp-moderation/

I don’t know if anyone is still following this thread but I discovered the users with this problem had not activated the account. So I installed this plugin so I didn’t have to keep deleting and recreating these accounts. https://wordpress.org/extend/plugins/wp-activate-users/installation/
FYI the users either were not receiving the email, or so they say, or the message went to spam or didn’t activate when they clicked the link.
hope this helps.
chow

Humans always fill out required profile fields.

Thanks. How do you know if there human or bots?

The code from this post is the correct one:
https://buddypress.org/community/groups/how-to-and-troubleshooting/forum/topic/buddypress-spam/?topic_page=3&num=15#post-69499

Replace example.com with your sitename.
And yes, it works just fine on my site; no bots are getting through
But lately I’ve been getting slammed by human sploggers. That’s a tougher nut to crack.

That was the original post I seen, but then I seen
https://buddypress.org/community/groups/how-to-and-troubleshooting/forum/topic/buddypress-spam/?topic_page=5&num=15#post-74351
and there was another version floating around some where that was slightly different. As you can see this version just has .register* and then domainName.*

I wasn’t sure which was correct or how to check if its working. Have you ever successfully tested yours?

See this previous post in this same thread:
https://buddypress.org/community/groups/how-to-and-troubleshooting/forum/topic/buddypress-spam/?topic_page=3&num=15#post-69499

Anyone know how to check the above to confirm its doing what its supposed to?
Also, is the 3 supposed to be myslug, or register.php?
Is line 4, just domainName, or domainName.Com?

Hi, I’m still seeing this issue. Not so much on the spam side, but I’ve got a field that is set to be required that isn’t actually required in order to sign up.

It’s in a 2nd group of profile fields, if that matters. Here’s the relevant code, which should be working … but isn’t.
http://pastebin.com/Gq5Ay5fH

Well things were all good for a month, now I am getting slammed every night from 2-6am.

Can someone confirm this is correct (if my site were ebay.com and my registration page was myslug)…
‘
# BEGIN ANTISPAMBLOG REGISTRATION
RewriteCond %{REQUEST_METHOD} POST
RewriteCond %{REQUEST_URI} .myslug*
RewriteCond %{HTTP_REFERER} !.*ebay.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^$
RewriteRule (.*) http://die-spammers.com/ [R=301,L]
# END ANTISPAMBLOG REGISTRATION
‘

Reading back a page or two this is supposed to redirect attackers, I tried entering myURL?something=something but it doesn’t do anything. How can I test this to make sure it working?

Thansk.

I’m +1 on the need for a solution too. I seem to always get the email without it going to spam. I also notice some repeat spam / sploggers in the email addresses. I have used WP-Activate-Users but I’d like an option to resend the activation or delete them.

I joined it, and downloaded it – but have yet to use it.. apparently the plugin requires a “phone home” to one of the wpmu dev computers every time someone or some spammer tries to sign up – and you need to have a current subscription to their premium service in order for that part to work… I asked in their forums (as a paid current member) if the other parts of the plugin will still work if I discontinue my monthly paid subscription to wpmu dev premium – and I got no response about that.. so I have yet to install it – as I can not see paying every month for the rest of my life…

there has also been discussion about using the plugin to go through all of your past members and looking for splogers – and apparently it will not work for that – only for new signups…

Right now my hope is that bp-registration options ( https://wordpress.org/extend/plugins/bp-registration-options/ ) will incorporate some of the tricks from TTC ban hammer ( https://wordpress.org/extend/plugins/ban-hammer/changelog/ )and that the buddypress code will actually make it easier for us stop spmmers – right now buddypress ignores wordpress’ ban email domain features – and that just sucks – the bp registration options stops about 80% of the spammers from being able to post – but there is something in the BP code that lets some of them scoot right through, even with hashcash plugin, SI captcha plugin, and the BP registration Options running – buddpress wastes about 3 hours a week of my time simply deleting sploggers… but hey there are new features coming soon right? LOL

So, has anyone given this plugin a shake down? It’s been a few months now…

Hey, so I’ve been looking at this problem myself in the past couple days.

I’m finding that WP blog comments that are held for moderator approval are not getting inserted into the activity stream, but blog comments that are auto-spammed (from the comment-blacklist), are showing up in the activity stream.

I just entered a trac ticket about this if you’re interested in more details, or have something to add: https://trac.buddypress.org/ticket/2699

Out of the box, BuddyPress only lets you send group invitations to people you’re friends with. It’s a spam prevention measure. If you want to bypass it, install Invite Anyone https://wordpress.org/extend/plugins/invite-anyone/.

There has been a ton of talk about controlling Spam on BuddyPress.org… try tooling through this post for some ideas:

https://buddypress.org/community/groups/how-to-and-troubleshooting/forum/topic/buddypress-spam

try stopping the spammers from registering – topic covered in the past about different options

Wow, world renowned support? 7 months and still no answers! I have the same issue guys, I get a ton of spam on my activity streams. I have 4 different anti-spam plugins, and guess what? Non of them help with the activity stream. This is something Buddypress needs to be looking at!

have them check their spam folder (and proper host config for sending email – maybe the host has trouble with users sending out spam)

buddypress rules for usernames

`
if ( !validate_username( $user_name ) || in_array( $user_name, (array)$illegal_names ) || $user_name != $maybe[0] )
$errors->add( ‘user_name’, __( ‘Only lowercase letters and numbers allowed’, ‘buddypress’ ) );

if( strlen( $user_name ) < 4 )
$errors->add( ‘user_name’, __( ‘Username must be at least 4 characters’, ‘buddypress’ ) );

if ( strpos( ‘ ‘ . $user_name, ‘_’ ) != false )
$errors->add( ‘user_name’, __( ‘Sorry, usernames may not contain the character “_”!’, ‘buddypress’ ) );

/* Is the user_name all numeric? */
$match = array();
preg_match( ‘/[0-9]*/’, $user_name, $match );

if ( $match[0] == $user_name )
$errors->add( ‘user_name’, __( ‘Sorry, usernames must have letters too!’, ‘buddypress’ ) );
`