BuddyPress.org

Jenny remove the blog signup section from the BP register page.

also adjust the WP footer links to something non standard as that is also a keyword search.

Other than that there have been some very long threads on this subject of spam signups and all possible tactics have been covered in those so do do a search for that info.

You should robots.txt exclude these files

nevermind, I found it, they are in the register.php file.

I fixed most of mine by adding a few fields in the Profile Field Setup. I added City, State ( as a dropdown menu and a zipcode. I got rid of 70% just from this. also, I have seen in my log files they are searching for
“yes i d like to create a new blog”
“registering for this site is easy just fill in the fields below and we ll get a new account set up for you in no time yes i d like to create a new blog”
“intext yes i d like to create a new blog blog with wordpress inurl register”
“i d like to create a new blog”

maybe someone can tell us where this text lives so we can remove these tags from the search engines. just by this they are able to see all wordpress sites. I tried it with google and it does work.

https://buddypress.org/community/groups/bp-registration-options/

https://buddypress.org/community/groups/bp-moderation/

You can also increase the minimum time required for completing the reg process.

@gregfielding check this out as well http://buddydev.com/plugins/one-click-mark-spammer-for-buddypress/

Try the BuddyPress Moderation plugin. I think you’ll like it.

[edited by r-a-y to add link]
https://wordpress.org/extend/plugins/bp-moderation/

I don’t know if anyone is still following this thread but I discovered the users with this problem had not activated the account. So I installed this plugin so I didn’t have to keep deleting and recreating these accounts. https://wordpress.org/extend/plugins/wp-activate-users/installation/
FYI the users either were not receiving the email, or so they say, or the message went to spam or didn’t activate when they clicked the link.
hope this helps.
chow

Humans always fill out required profile fields.

Thanks. How do you know if there human or bots?

The code from this post is the correct one:
https://buddypress.org/community/groups/how-to-and-troubleshooting/forum/topic/buddypress-spam/?topic_page=3&num=15#post-69499

Replace example.com with your sitename.
And yes, it works just fine on my site; no bots are getting through
But lately I’ve been getting slammed by human sploggers. That’s a tougher nut to crack.

That was the original post I seen, but then I seen
https://buddypress.org/community/groups/how-to-and-troubleshooting/forum/topic/buddypress-spam/?topic_page=5&num=15#post-74351
and there was another version floating around some where that was slightly different. As you can see this version just has .register* and then domainName.*

I wasn’t sure which was correct or how to check if its working. Have you ever successfully tested yours?

See this previous post in this same thread:
https://buddypress.org/community/groups/how-to-and-troubleshooting/forum/topic/buddypress-spam/?topic_page=3&num=15#post-69499

Anyone know how to check the above to confirm its doing what its supposed to?
Also, is the 3 supposed to be myslug, or register.php?
Is line 4, just domainName, or domainName.Com?

Hi, I’m still seeing this issue. Not so much on the spam side, but I’ve got a field that is set to be required that isn’t actually required in order to sign up.

It’s in a 2nd group of profile fields, if that matters. Here’s the relevant code, which should be working … but isn’t.
http://pastebin.com/Gq5Ay5fH

Well things were all good for a month, now I am getting slammed every night from 2-6am.

Can someone confirm this is correct (if my site were ebay.com and my registration page was myslug)…
‘
# BEGIN ANTISPAMBLOG REGISTRATION
RewriteCond %{REQUEST_METHOD} POST
RewriteCond %{REQUEST_URI} .myslug*
RewriteCond %{HTTP_REFERER} !.*ebay.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^$
RewriteRule (.*) http://die-spammers.com/ [R=301,L]
# END ANTISPAMBLOG REGISTRATION
‘

Reading back a page or two this is supposed to redirect attackers, I tried entering myURL?something=something but it doesn’t do anything. How can I test this to make sure it working?

Thansk.

I’m +1 on the need for a solution too. I seem to always get the email without it going to spam. I also notice some repeat spam / sploggers in the email addresses. I have used WP-Activate-Users but I’d like an option to resend the activation or delete them.

I joined it, and downloaded it – but have yet to use it.. apparently the plugin requires a “phone home” to one of the wpmu dev computers every time someone or some spammer tries to sign up – and you need to have a current subscription to their premium service in order for that part to work… I asked in their forums (as a paid current member) if the other parts of the plugin will still work if I discontinue my monthly paid subscription to wpmu dev premium – and I got no response about that.. so I have yet to install it – as I can not see paying every month for the rest of my life…

there has also been discussion about using the plugin to go through all of your past members and looking for splogers – and apparently it will not work for that – only for new signups…

Right now my hope is that bp-registration options ( https://wordpress.org/extend/plugins/bp-registration-options/ ) will incorporate some of the tricks from TTC ban hammer ( https://wordpress.org/extend/plugins/ban-hammer/changelog/ )and that the buddypress code will actually make it easier for us stop spmmers – right now buddypress ignores wordpress’ ban email domain features – and that just sucks – the bp registration options stops about 80% of the spammers from being able to post – but there is something in the BP code that lets some of them scoot right through, even with hashcash plugin, SI captcha plugin, and the BP registration Options running – buddpress wastes about 3 hours a week of my time simply deleting sploggers… but hey there are new features coming soon right? LOL

So, has anyone given this plugin a shake down? It’s been a few months now…

Hey, so I’ve been looking at this problem myself in the past couple days.

I’m finding that WP blog comments that are held for moderator approval are not getting inserted into the activity stream, but blog comments that are auto-spammed (from the comment-blacklist), are showing up in the activity stream.

I just entered a trac ticket about this if you’re interested in more details, or have something to add: https://trac.buddypress.org/ticket/2699

Out of the box, BuddyPress only lets you send group invitations to people you’re friends with. It’s a spam prevention measure. If you want to bypass it, install Invite Anyone https://wordpress.org/extend/plugins/invite-anyone/.