I spent some time yesterday to try to stop the constant flow of spam users and blogs being created on my site. Here is what I did…
1- deleted extra registration.php in bbpress folder
2- changed reg. slug
3- installed humanity
4- installed Si Captcha
5- added code from above to htaccess
I am still get about 20-30 per day.
Is there a way to tell if these are humans or bots creating these accounts and blogs?
I don’t know what else to do, any ideas? ( I really don’t want to disable blog creation during registration)
I’m using:
– Buddypress Humanity
– WPMU-Block-Spam-By-Math
– SI CAPTCHA Anti-Spam
and
.htaccess
# BEGIN ANTISPAMBLOG REGISTRATION
RewriteCond %{REQUEST_METHOD} POST
RewriteCond %{REQUEST_URI} .register*
RewriteCond %{HTTP_REFERER} !.*yourhomedomain.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^$
RewriteRule (.*) http://die-spammers.com/ [R=301,L]
# END ANTISPAMBLOG REGISTRATION
I think that the complexities of working on this site hosted on Automattics servers is not as easy as would be one of our own sites. There are a plans to do a fair bit of work as to the hold up on that I can’t say, I suggest that we badger @Boone in the Ninja group 
Have to admit I have said a few times that spamming a site like this especially when it showcases the very app we all work with is far far from satisfactory and something really does need to be done about it.
Add this to wp-config.php `define( “BP_REGISTER_SLUG”, “your-registration-slug” );` and change ‘your-registration-slug to your own registration slug.
Edit * the wp-config.php file is situated in the root of your wordpress installation
I am very new to this , I got this topic’s link from a post by @pcwriter in a topic in buddydev.com
and reading so much about spam/splog and fighting it I’m am overwhelmed and worried and exhausted even thinking about the …….
I have read this topic , understood some and implemented some and also didn’t understood some too …..
I ask a very stupid question !!!
How to change the registration slug ?
who ever replys the above question please oblige this foolish novice (that is me) with a complete walkthrough …
.
I am also using Secure Invite plugin , will this slug change effect this invitation plugin ? if so how to battle it ?
.
Thanks to all and special thanks to @pcwriter for all usefull information …
I’m using:
Si Capthca
BuddyPress Humanity Plugin
BP Signup Xtra (with required birthdate and checkbox)
Extra Profile Fields that require text input.
Bad Behavior with HTTP:BL enabled…
I’ve not noticed any spam logins yet…. knock on wood/cross fingers.
@pcwriter, it took a while for me to think of that way, but after turning off blog creation for about the 3rd time and contemplating keeping it at all, I thought of just doing it this way and it ended up being a better process for the user while killing those instaspam blogs. which btw, with all the other available strategies for blocking spam, it ends up being a very effective barrier to spam blog creation.
@nahummadrid
Now that is a brilliantly simple and effective tactic that I’m adding to my arsenal!
I wish new blogs worked like comments, meaning that the first post by a new member has to be approved before the blog is active. Once the first post has been approved the blog would then become active and viewable by the public.
I removed/commented out the create a blog option from the member registration form while still keeping blog creation on. I only left access to the bp create a blog form for users is_loggedin Only. By tucking it away within the member profile for the member to create a blog later during their profile detailing/editing process, I was able to get to the point where I only needed to delete crap members that get in, not crapmembers + crapblogs that get created at one time wasting all my low number blogIDs!
At the end of the day, if you’re running BPmu you don’t really need to have insta-blog. The option to create a blog is link within the member profile “dash” that they can get around to when they feel settled. I’ve found it’s easier for the user to get their profile up and running first and then breathe and think of a good blog name/url after they’ve logged in for the first time.
but if you really really want instablog, which really isn’t that instant due to the wp-admin of it all. Plus, it’s not really instant because there are too few frontend posting options in member themes for the user to start posting right away, so no need for instablog in registration process, so just indicate to your user that they can do that part later. if you still want blog creation at first registration, then you can keep up the good fight by zapping spammers and their blogs.
There is not anything new in BP 1.2.6 that will address any spam issues. Spam blogs, however, is a problem with multisite WordPress in general (not specific to BuddyPress). It still sucks, of course.
O MY GOD, I am so sick of deleting spam blogs! Does anyone know if the new version of BP coming out will have anything built in to prevent these spam blogs?
@pcwriter
That looks cool i’ll give it a shot.
Thanks,
Jordan
Huh? I am not a spammer! What does that mean?
@paulhastings0 – are you suggesting we should copy good code snippets from these forums across to a 3rd party site that will sell themes? That’s sounds like a lot of freely acquired content and SEO for what’s ostensibly a commercial business.
I’m generally happy to submit and publish code to help people on these forums (and for them to use how they see fit, commercial or otherwise). It will occasionally be abused, and there are spam sites that will trawl and re-publish as their own work, and we can’t prevent that.
However, if I thought it was being republished blatantly with little added value, as you suggest, as an offering from another business, I would be much more reluctant to publish it in the first place.
@janismo Spam post noted containing 200,000,000 links no wonder IE couldn’t cope, it will be flagged up.
hello, anybody can tell what these 2 spammers want to do on my blog? I’m curious, coz they have done nothing since registered.
Assuming the missing user(s)’ accounts aren’t marked as spam, they probably need to log in before they appear in the BuddyPress lists.
@ipstenu
Thanks for pointing that out… clears things up!
@TedMann – No, manually going to your signup page will not trip the spam alarm. Putting in the URL with all the submit stuff (like attempting to pass registration info via the URL instead of entering it like a human) will trip the alarm. What it’s checking for is the POST command, and was THAT passed through by your site. Otherwise no one would ever be able to sign up
Ah, Bluehost 
1. If you are running the multisite version of WordPress, on the super admin’s options there is a setting for default profile. Alternatively, there are lots of plugins that control this sort of setting on. I use a couple of role management plugins on a few sites but I’m not sure what’s best. Hopefully someone can recommend one.
2. If you disable BuddyPress, and register an account on the site (via WordPress), do you receive the email? If you don’t, it is either ending up in your email’s spam or your server is not configured to send emails correctly. However, since you’re on Bluehost, have a look at the bottom of this message first.
3. That site URL setting should match the URL of your site. I’m not sure what you mean by “pointed url”, but you should probably only change it if you have moved the site from one_domain.com to another_domain.com.
4. Depends on definition of “easy”; they are in the theme’s header.php.
Bluehost: We have seen issues with Bluehost previously. I do not know if all the issues still apply, but in general:
1) I suggest that you do not use simplescripts to install (or even WordPress).
2) RE: your email problem. I suggest you search this site for “Bluehost” as we have had lots of discussion around it previously but, from memory, https://wordpress.org/extend/plugins/mail-from/ might fix the problem (it has to be a valid email account, so you may need to create it first).
7121617Inactive
Mod Edit/ Spam Links removed -hnla
