BuddyPress.org

@tedmann – and changed the default text on the register page?

@tedmann have you added all the tricks mentioned? changed footer links? added referer rule to your .htaccess

I deleted the registration.php file (and have the alternate slug). Still getting slammed with spam signups and posts. Switching to the si-captcha plugin (though I suspect that won’t do anything since the spammers are bypassing the reg form). Any other ideas?

@rogercoathup Thanks for the info. I’ll try the some other forums for the other issue.

@mark211 – You can change the slug just by adding the one line to wp-config.php

define( ‘BP_REGISTER_SLUG’, ‘join-up’ );

This thread tells a little more about potential problems: https://buddypress.org/community/groups/how-to-and-troubleshooting/forum/topic/defining-new-register-slug-not-working/

ON the View problem – I think you have posted the wrong URL – it gives a 404 error

Ask this question as a separate thread in support though. Search the forum first of all though, because I think there are some existing threads on this type of problem (view permalink)

@rogercoathup no I didn’t change the slug or the default text. I’m not a developer and wasn’t 100% sure how to change the slug. I looked at the wp-config.php but it looks a lot different than Andy’s example on BP org I read. Would I change it under wp-config still? Andy’s posting is from 09. I will go ahead and change the default text. I’ll do anything to keep those bot ******* away. lol. So far Ive been good with the two plugins even though it looks like overkill to my visitors.
Side note. I’m having a problem with viewing status on my activity feed. When someone joins the site or posts a notification and I go to click on view next to the notification, the page it takes my to has issues with the theme. I assume it has to do with my themes template file?. here’s the snipit of code View Any thoughts on how to fix it? Thanks.

@mark211 – did you change the register slug in BuddyPress as well? Also, changing the default text that appears on the register page?

@intimez – I think there should only be one register.php, in your theme’s (or the defaults if inheriting) register folder

FYI, I deleted the register.php file in bbpress last night and I had another 7 spam accounts in the morning so that didn’t work for me. I then installed humanity this morning and I’m using it with the si captcha plugin and the two combined seem to be ok so far. I’ll keep you guys posted.

So other two register.php not be deleted? Want to make sure.

everyone wants a plugin to solve this. Remove that register.php in the bbPress folder… go on, trust me, it really helps!

Oh there are many more than that as soon as you start to try and block them a new address will be used

is there a plugin that i can use to simply ban certain keyphrases in email addresses from registering? most of my spam signups have the below phrases in their urls, as well as others, i’d like to simply block all of the below them from signing up at all.

buyfioricetnow
junklessmail
trophaeum
picture-movies
stampfreemail
supermailpro
designersmail
freeeeemail
hothdvids
travel1234
freemailme
hotbabesonly
informaniac
belzy
watchathf

Not sure of the process but even if you haven’t got bbpress running locate and remove the file. If spambots are managing to get around hidden fields that should remain empty it suggests they are not using whatever form that protection is on.

For CURL try adding this: (but check carefully things still work!)

# trap curl registration downloaders – block in allow,deny rules
SetEnvIfNoCase User-Agent “^curl” blog_spammer
Order Allow,Deny
Allow from All
Deny from env=blog_spammer

Be careful about blocking IP ranges it’s a difficult practice and one that technically you are supposed to notify about in case innocent yet important sites get blocked, you can add further rules to the deny lines above but unless there is a very persistent IP it’s probably not worth it and likely spoffed anyway.

@tedmann – have a search on your install for the bbPress folder and remove the register.php file. I guess it doesn’t have to be activated for the file still to be there and therefore usable by the spammers.

It worked like a treat for myself and @footybible

I’ve got the Humanity plugin running on our site, with a semi-difficult question. Likewise, I’ve done the htaccess trick, register slug, and so on. Haven’t blocked CURL requests (how do you do that?).

I never configured bbpress for our site. Even if I haven’t done that, is it possible that register.php file is still lurking somewhere on the site? Are there any more drastic measures I can take? We’re getting killed every morning — not just with spam signups, but spam blog posts. Would blocking the offending IPs (quite a few) be a viable solution?

@boonebgorges is @kebdarge meaning there isn’t one for this site?

That’s exactly what bp-moderation does.

You’re quite correct it does still exist which I find very odd as I seem to have a recollection of comments that said it would be / was removed.

I have the latest version of buddypress and I had to delete the register.php from bbpress, as is suggested above. This reduced my spam signups from around ten a day to none.

I had lot of problems to stop spamblogs from signing up than I have installed Buddypress Humanity plugin and its been a month and i have not got a single spamblog signup as this plugin lets you set your own question and answer.

Thought the stray registration file had been dealt with.

As well as rename the register slug, rename the footer links as they are searched out in their default form. I also added a rule to htaccess that checked the referer page and if it wasn’t the site chucked the request to somewhere else (do need to make that somewhere interesting) also blocked any CURL requests for the register page, finally made the decision that blogs could not be created during sign up, once registered members could create blogs and this made a difference.

@tedmann – there was a register file kicking around in the bbPress forum files, and I think that was the back door into the BuddyPress system. I don’t know if that issue has been addressed in the latest BuddyPress / bbPress releases.

We stopped spam registrations almost completely on Hello Eco Living by removing the register file in the bbPress installation, and changing the url of the BuddyPress registration page.

Here’s what I don’t understand: All our recent Spam registrations are completely bypassing the BP registration form. I’ve got a tricky Humanity plugin question on there, as well as several required fields. But when I look at the accounts the spammers are creating, they have none of those fields filled out.

Is there some kind of backdoor registration option in BP or WPMU? How are they getting in?!