I’m having the same problem. Is there a way to go into the database and change their status? How do I do that?
THanks.
Now… my spambusher script gives me some very rudimentary statistics… and in the 2 days and 9 hours since that post above, the number of spam registrations has gone up 50%… but the number that I actually delete myself has gone down by about the same number 
Which tells me two things:
1. People or bots are actually following the link above and tripping the spambush
2. Links to buddypress sites from buddypress.org are just ASKING to be spammed 
There’s a fairly simple and foolproof method to automate spammer deletion. It’s easier to let them in and then delete them automatically than to try to stop them from registering in the first place. Otherwise it becomes an ‘arms race’ type of thing, as well as a game of keep-up-with-BP/WPMU-changes if you try to integrate it.
See it in action at http://visarus.co.uk/bp-spambusher.php – every time you visit that page you will be cleaning up spam registrations for me 
I can put it on CRON if I want but I enjoy the satisfaction of seeing how many registrations I’ve deleted 40 in the last 24 hours.
Spammers target all social networks. They literally overran an elgg site I have and I’m rebuilding with WP/BP. A few still get through with the latest BP and anti-spam and custom profile fields, not a lot, two or three a day, but that’s nothing. I found about 600 in my first month in my users that never made it to the surface. As for the few that did, having a couple fill in custom profile fields is really helpful. The bots that do sneak through fill those two spots with gibberish, in my case age and location, so it’s easy to identify spam members.
Here is my banned list:
pprotect.net
memoryfoamking.com
seofriends.info
yournhollow.info
cheapparallelsad.info
auctiondiscount.info
shop.info
storemarket.info
orderstore.info
storeshop.info
auctionorder.info
dealssave.com
fairstore.info
dealssave.com
revitolantiwrinkle.com
realestatecrusade.com
johnnyjohnsonblog.info
thewebtrafficguide.com
freesleepaid.net
fcarpet.com
fyimotorcycle.com
getprofessionalbusinesscards.com
appreciateone.com
flycreditcard.com
savemytimeapps.com
hotvideogamerentals.com
gapinsurances.com
photographyi.com
discountperfumecatalog.com
camelhairmurals.com
internetcasinos123.com
foraudio.com
charmedanddangerousband.com
mysoftwareorganizer.com
criminaljusticezone.com
black-hat-seo.org
stampfreemail.com
supermailpro.com
bestmailonline.com
junklessmail.com
bloglory.com
homemailpro.com
sieuthiraovat.com
163.com
emaildesechable.info
msnadults.info
sqlscrib.com
mcsescribe.com
gbebook.com
yn8.de
foster-kittens.com
126.com
stuffsoft.com
sylter.net
exelliart.de
bestmailonline.com keep bringing me about 5 spammers /day
I think a lot of it is because its considered spam by most email hosts just as gmail, aol, etc. Can someone help create a fix for this? There has to be a way to change the way the emails are delivered from Buddypress.
Thanks,
eor
check if your activation e-mail lands in the SPAM-folder of the recipient.
I am not sure why, but most of the time the e-mail with the activation-key is landing in the SPAM-folder…..
I have compared both the test server and the live server configs, disabled mod_security, checked different other settings and found NOTHING until I stumbled upon a pretty hidden error log of this client and there are a couple of different DB errors like [06-Jun-2010 10:46:25] WordPress database error Unknown column 'spam' in 'where clause' for query SELECT COUNT(ID) FROM wp_users WHERE spam = 0 AND deleted = 0 AND user_status = 0 made by require, require_once, do_action, call_user_func_array, bp_core_do_catch_uri, load_template, require_once, bp_get_total_member_count, bp_core_get_total_member_count
so its definitely a wordpress issue and not a server issue. here is a bigger part of the error log, just in case anyone has some feedback on this: http://pastebin.com/tx5gaEWG
gettign weirder and weirder:
the test site has these fields inside the wp_users table:
Full Texts ID user_login user_pass user_nicename user_email user_url user_registered user_activation_key user_status display_name spam deleted
the live site these:
Full Texts ID user_login user_pass user_nicename user_email user_url user_registered user_activation_key user_status display_name
After adding the two missing fields: spam and deleted, all is good
Does anyone know when those fields were supposed to be added? I which WP version? or does BP add them? I’d like to figure out where this went wrong…
@zlamczyk: I think we are trying to work on the same thing.
https://buddypress.org/community/groups/how-to-and-troubleshooting/forum/topic/disable-activation-email/
I am getting spammed (bad) and they are simply using the activation email to approve themselves. My thought was just do a manual approval to either “activate”, “send activation email” or “delete from wp-signup”.
I have modified manual member approve for BuddyPress so I can see the signup table and manually approve members.
http://mattkern.com/wpmu-manually-approve-new-members-on-local-install/
I just need to stop the automatic sending of the activation email. Do you know how?
I’ve simply tried commenting out the following line in wp-core-signup.php to test, but it’s not working.
wp_mail( $to, $subject, $message, $message_headers );
This is the function; but for some reason the activation email still goes out.
@hnla and @boonebgorges: I found this plugin a while back and modified it to work with BuddyPress. Let me know if you need it still.
Anyone know how to stop sending the activation email? I don’t want to disable the activation function; I just want to stop sending the email automatically. I want to selectively send it. I figure I would just add this function to the manual approve plugin so I could either:
Manually Approve
Manually Send Activation Email
Delete the Signup
I’m getting killed with spam users (that are easily identifiable)
https://buddypress.org/community/groups/how-to-and-troubleshooting/forum/topic/spam-blogs/
Actually… Terry is correct. SPAMers are in fact hiring people from India to fill our registration forms and CAPTCHA’s by hand. They get paid next to nothing and just sit there for hours and hours a day filling out CAPTCHA’s. I’m sure the majority of SPAM comes from Bots… but it’s not all bots. And there is no way to stop a human short of banning entire countries.
Also; each “blast” of spam users/blogs appear to come from different IPs, but the username always has a 7 digit number pattern after a random name. They all appear to come from “.info” email registrations.
These registrations are bypassing the public registration form requirements somehow, but I believe they are legitimately activating their account (since I’ve had delays after disabling the registration form). There are entries in both _users and _signups tables that match.
Hope this helps if anyone else is having this issue. I’m open to any temporary solutions for this particular pattern, but more importantly is there a good way to solve this long term?
Is there a way to manually approve members? Maybe some step in between that would allow a manual send of the account activation email?
Update: After several days of manually adding users with a form (that matches the registration form); I attempted to re-enabled registrations. Immediately I got 2 new spam users and blogs.
New User: terrence1603615
Remote IP: 65.75.250.92
terrence1603615@LIEMAIL.INFO
New User: cooper7790557
Remote IP: 65.75.250.92
cooper7790557@THEINBOX.INFO
This is only happening on one of my installs (http://anglersites.com). Running WPMU 2.9.2/BP 1.2.2.1. My other install (http://fellowmoms.com) is running WPMU 2.9.2/BP 1.2.3 and is not having this issue.
Any reason to think BP update would resolve this? Looks like current version is 1.2.4.1.
Is anyone else experiencing this? Looks like disabling the registrations stops it; from my previous post these were delayed notices. As soon as I disabled registrations again, I recieved a flurry of “Password Lost/Changed” for a couple users (one of them was an active user that was not newly created). I marked this user as spam.
Surely someone else is getting hit?
I have a couple BuddyPress installs. The older of the 2 has received 150+ spam member registrations (and blogs) this weekend. All create members like bob45873675 and “Bob’s Blog”.
I have changed slugs, activated recaptcha and followed several blog posts on best practices. What’s interesting is they are somehow bypassing my registration page. I have required fields and have removed the “create a blog” from the registration page; but somehow they manage to create an account and a blog. I also receive “lost password reset” email notices for each account that is created, so maybe that’s a clue to where the issue is.
I was so fed up with it, I disabled registrations completely (only allowing blog creation by logged in users) — and I’m still getting new spam members and blogs (how is that possible??) This seems to be a pretty serious security issue that is different from previous “splogging”…
Vulnerability/hack in the registration or lost password, etc…?? I presume this could be WPMU not necessarily BP?
I am also having this problem – I guess everybody is. I also followed the tips you mentioned and initially, it reduced splogger registrations a lot.
However, I disagree with Terry: there are not real people setting up blogs and answering captchas, these are bots. As kiwipearls mentioned, if you go and try to sign up manually, you have to fill in the required fields.
There is a leak somewhere in BuddyPress/WPMU registration and all methods to stop the oil have failed until now. BP (haha) people say it’s WPMU and the other way around, I guess. The leak has been here for months and nobody seems to want to fix it. Maybe it’s some kind of corruption since the premium site Terry mentioned has a way to fix it.
@kiwipearls the only product I’ve fond effective (about 95%) is the antl-splogging @ http://wpmudev.org – it’s a premium membership site on he expensive side, but it’s working for me. (btw ~ i’ve used all the methods you listed above) – my thinking is that sploggers are hiring people to setup their blogs and answer captchas…
Got 6 Spam Blogs this morning. I am not very happy. 
Trying to get your e-mail adres or just a sloppy topic from someone who doesn’t know marketing.
Delete/Spam anyone?
you want to sell themes?
give us a sample delete this spam!!!
It would always get labelled spam on a forum of the type that helped people for essentially no return, on the technical forum that is my home we don’t allow posts like this.
Here’s a different take on the matter why not offer one or two themes for free download, BP is starved of finished themes for members, start a group for themes? people may be more inclined to accept the promotion of the paid for offerings then? or simply have a ‘Donate’ button like the plugin authors on the site who spend anywhere from 6 hours to possibly ten times that coding essential plugins for the community and for free accept for the optional donations people may make.
it was just a question why is it spam?
and this is where a report to mod for spam would come in handy.
It’s a lot easier to do the whole thing from MySQL. One query, one click to mark 95% of spammers as spammers (or delete them if you want) and you can modify the query to do anything with anything they left behind them. I clean up their ‘activity’. Marked almost 400 spammers last night and only had to manually check and mark 4 or 5 more.
Don’t hold your breath for a plugin – I did, and I went blue in the face
If you’re like me, and did not do a DB backup because you thought the upgrade would be smooth sailing (d’oh! thankfully this was only on a test install!), do the following:
1. Revert the $blog_ids variable in the bp_blogs_record_existing_blogs() function in bp-blogs.php back to this:
$blog_ids = $wpdb->get_col( $wpdb->prepare( "SELECT blog_id FROM {$wpdb->base_prefix}blogs WHERE mature = 0 AND spam = 0 AND deleted = 0" ) );
2. Then put this line in your theme’s functions.php:
bp_blogs_record_existing_blogs();
3. Go to your BP’s blogs directory and see your blogs repopulate.
4. Once you’ve verified that your blogs are back, remove the bp_blogs_record_existing_blogs() function line from your theme’s functions.php
