BuddyPress.org

Anyone know how to turn off registrations in Buddypress forums, as recommended here? Can’t find a way…

@foxly I love this. It’s what I’ve been looking for and I am really looking forward to Part II. Wait, did that sound like a spam comment. Damn, they’ve getting to me!

Hey Peter, didn’t see your post until just now.

You’re right that documentation is sparse, but that’s up to users like you and me to add it to the BuddyPress codex.

BuddyPress uses a different method to validate that’s why you can’t just hook in the WPMU validation function that WP-reCAPTCHA uses.

Like I stated above, look for clues in /buddypress/bp-core-signup.php. Check out the global $bp variable, especially $bp->signup->errors. This is what you have to use in place of what the check_recaptcha_wpmu() function uses.

FYI, I’m not using WP-reCAPTCHA.

Might I suggest using a math challenge plugin? It’s more user-friendly than a captcha plugin.
https://wordpress.org/extend/plugins/wpmu-block-spam-by-math/

[EDIT]
Here’s another captcha plugin that supports BP:
https://wordpress.org/extend/plugins/super-capcha/

We are all aware of this issue. Please see this thread: https://buddypress.org/community/groups/requests-feedback/forum/topic/here-come-the-spammers/

I’m having the same thing happen… just tried twice. Used gmail addresses… emails never arrived to either account (yes, I checked SPAM).

Frustrating, don’t think I can launch until this is fixed now.

As Jeff mentioned we ought not to derail foxlies thread any further. Perhaps we ought to start that thread suggested re-hashing all the approaches tried, implemented, proven or not and maybe a mod could extract a set of definitive steps that ought to be implemented by anyone setting up a new install.

I change my slug, have at least one new required profile filed as a drop down and added WP Super captcha plugin and have never had a spam sign up ever.

Example: http://www.google.ca/search?hl=en&q=%2B”is+proudly+powered+by+WordPress+and+BuddyPress”; (front page of every BP site on the net)
Example: http://www.google.ca/search?hl=en&q=inurl:%22/community/members/%22+%2Bbuddypress (members page of every BP site on the net)

Very much behind this, but I will mention that changing those two things are the first thing I’ve done with my BP installs (along with other stuff I mentioned in the article I did for the I-guess-it’s-not-coming-back bp-tricks.org). Agree that an install routine that forces the user to customize their slugs (explaining possibly consequences if they don’t) would be a great idea.

My BP site is fairly new. I had one PM spammer and I changed my register slug and added birth day to the required fields and so far no return spammers (about 1000 new members per month, 4,000 current). I’m sure this won’t end attacks, but hopefully it with stave off many of the BOTS.

Allowing users to report spam would be a very useful feature. There’s only so much you can do in terms of technical spam prevention, and technical spam prevention always gets cracked eventually.

If the amount of spam reports for a certain account exceeds x, then freeze the account until an admin can review the account. The admin should then have the option to do an IP based ban of the account if it appears to be a spammer. Some very basic IP based messaging/commenting/posting rate limitation would help too.

Maybe BP should require that you choose your own register slug after activating the plugin. Perhaps also require you name your required fields fields, instead of the default “name” or “base.” The less default settings BP has the harder it is for BOTS.

@foxly-

This is a very nice summary of the problem. Thank you for providing the introduction to the various attack vectors spammers currently use.

I would argue, as you know, that WP / BP also needs to combat registration spam–even though it is the hardest issue to address. There area a number of BP.org members that are looking for a solution, however imperfect, that will noticeably reduce spam signups. If a person is infected with a small viral load, the resulting illness often will not be as severe as if they had received a large dose of invading organisms. The same can be said with website spam signups. Any reduction is better than none.

But, as this is your thread and I do not want to take your thread off topic (or have others do what I just did ), I will ask that we table that discussion for another thread at another time and focus in this thread on solutions to combating spam once a spam account has successfully registered.

Once again, this is a great start to the conversation.

While you’re preparing part 2 I’ll make the comment (probably unpopular) that too an extent this is an issue that BP, WP, Automatic must accept some responsibility for in that WP has always followed the course of making it as easy as possible for inexperienced people to set up a blog/blogs the principle of ‘Out Of The Box’ and ‘5 Minute Install’ all designed to promote the app/s to those users who otherwise might be put off, it’s a marketing ploy to ensure that the app gains widespread and popular use (that is being deliberately cynical to make a point) It is due to that that I say there is a duty of care that falls on the App not on the user or community. I know how to get down and dirty with htaccess files, to read logs, enable various methods to deal with an issue – as do many others here – but lets not forget most don’t! I would suggest that it’s time to pull together all the various approaches to dealing with spam in one clear stickied post, make the steps as clear as possible but emphasize that these steps are of paramount importance to follow (thinking about it that may already exist?) Until such time as Foxly or the dev team comes up with the core improvements.

For the record I have enabled most of the steps found in various threads here and elsewhere and also disabled sub blog registration and receive no more than around 6 -8 spam sign ups a day, which we can deal with quite quickly and effectively, I’m still slightly puzzled as to why some appear to have such ongoing issues though, very sympathetic but puzzled nonetheless.

You rock!

And this would specifically deal with spam from actual users who have managed to sign up and and now using the internal messaging system to spam, correct?

And not spam signups, spam blog. Just to clarify.

Hi r-a-y — would you be interested in posting your validation function code? (pastebin it perhaps?)

Just want to avoid reinventing the wheel. I also found a plugin in bpdev that appears to be doing this, as well, even down to adapting the existing WPMU recaptcha plugin, but it doesn’t seem to work / was never finished. I haven’t worked out just why yet, however.
http://bp-dev.org/download/

You active bpdev-core and then bpdev-nospam.

Okay, per IRC dev chat, let’s use this thread for discussions on ideas to combat registration spam and other types of spam.

Even more spam now, coming from this user: https://buddypress.org/community/members/joymab/

Initial reaction from Jeff & I is that you detail what you have in mind before you dash off in one direction etc

@foxly – Come into the #buddypress-dev irc room on Freenode and let the team know what you have in mind!

You can also use a java web version of IRC if you don’t have a client:
http://java.freenode.net/?channel=buddypress-dev

did you try
if( $bp->loggedin_user->id == '59' ){
just to see if it works without the get_option(‘bp_spammer_cp_bp’) bit?