BuddyPress.org

On my site I see a similar problem with a small difference, I have people register which makes them a “Subscriber” but they never confirm by email. I am not sure that all of them get the new user email or if my host trash cans some of them.

Anyway, this leaves me with registered WP users that are not site members in Buddypress.

My wish list would be for a plugin that would allow me to delete any WP user that had not confirmed in some time period.

This is a self hosted site with WP 2.9.2 and the users cant write to the blogs so I don’t have that clean up to worry about.

Ed

http://www.carvingbuddy.com

.

This smells like.. spam/scam. Allowed?

I’ve actually used this to my advantage on mine, because if it doesn’t work, and it often doesn’t, the alternative – which is always an option anyways is having members set up accounts at gravatar in order to display avatars correctly. You can disable the gravatar upload on your site on the general components set up. Just click yes to the disable gravatar uploads.

The benefit is, that is an additional verification step to your website users to prevent against spammers. Then set your default to the ones provided in your dashboard. They don’t like that their avatar displays like that. so they go get a gravatar account so that their custom avatar displays. On some of my sites, I actually have added the option to add members gravatar accounts to their profile for cross promotional purposes. I do have a member that has gotten a gravatar and has her gravatar link listed.

Well… with regards to SPAM… I’m not certain… but I suspect that’s actually BuddyPress-related. I’ve never had that issue on any of my other WordPress sites. But my BuddyPress sites are rife with SPAM signups. No matter what I do it seems. The only solution I found (after trying literally everything I could find here and at wpmu) was to block all proxy methods.

You need to distinguish between whether it is a user interface issue, and if it isn’t, where the code/functionality is provided.

For example, BuddyBar is obviously a BuddyPress user interface feature. The code which is called when a user is marked as a spammer is in WordPress. The code that deletes a spammer’s activity from the Activity Stream is BuddyPress.

Just to clarify, I’m not in favour of disabling email activation, either. The spam you’d be getting would kill your site.

However, the site I was doing this for does not allow users to post status updates in the conventional form. The site is an anonymous image sharing site. Users need to be registered to submit an image, but they needn’t be registered as themselves. Every user has the option of using [username]@domain.ext as their email address if they choose to stay anonymous.

Status updates are replaced by img tags to the uploaded image. Yes, they could spam in activity comments, but I guess that’s a risk that had to be taken. Until someone figures out how to use akismet on those comments too…

You don’t want to delete users if they pose threats to your community because they can re-register using the same creds if you do so and they will continue to be a nuisance to you and your community forever if such is the case. I’m new to using bp, but have already figured out that to get rid of these suckers, this is what you do the easy way.

Go to your user area in your dashboard – checkmark the user, change role to “blocked user”. Then, from the front end of your site, from your front end admin panel, go to the user and up top in admin options it will give you the options of what to do, mark them as a spammer. It doesn’t delete them, as I said – you don’t want to. But it disables them from everything and prevents them from being a neverending nightmare to your site.

In all honestly, I wouldn’t recommend disabling email verification. In fact – you actually should not only use that, but use it with Gravatar to double verify members. My BP communities are brand new, in dev stages right now. I’ve already been subjected to spammers which is why I support use of Gravatars – because not only will your users be verified in your community, but globally and this is a big step in spam prevention.

If you want to customize the registration page, many of them can be through your theme framework. However, too much code will slice your page & overall framework right down the middle and break your site.

@all

I’m using these 3 plugins together and have no bot signups at all on WPMU2.9.2/BP1.2.3.

Cookies for Comments

RPX

WPMU Super Captcha

The occasional stubborn human does drop by once in a blue moon, and these few only manage to get through using RPX and an existing account, or they really take the time to fill out the registration form. Email domain banning and persistent account termination seem to be the only solutions in these cases.

Can someone give solution that users that wish to sign up dont use buddypress signup page, instead they use regular wordpress signup which is much much safer.

Hmm, interesting. The generic BuddyPress register form does seem like a bit of a sieve (though it could just be my frustration talking).

I think you would just delete/disable /registration/activate.php and /registration/register.php. You would lose the ability for users to fill out extended profile fields at signup. However, quick signups are probably preferable, with seasoned users filling out extended profile fields as needed. I’ve read at least one article via delicious.com that suggests to me that signup forms need to be as simple as possible to help users focus on getting “behind the wall” fast and easy.

excuse my ignorance of htaccess but is this even possible? and if so, how is it done?

I noticed a issue with spammers using CURL to download /registration so blocked that in .htaccess (It’s been mentioned on a thread somewhere how to)

sometimes it depends on your host too. emails from my default bp install on dreamhost tend to make the junk/spam folder (yahoo, gmail, etc)

I have the same issue. Tried installing plugins, changing email to a “legit” one rather than the standard noreply@xxxx.xxx, tried sending through SMTP rather than mail()

Nothing works.

Most likely Hotmails spam filter reacts to the activation link, that would be my guess at least.

If you click on any of your user’s avatar or username, you’ll see a new menu item in your admin bar called Admin options where you may edit the user’s profile, avatar, mark as spammer and delete the user.

I had the same problem a few seconds ago. A newly registered member didn’t recieved the activation email but was listed in WordPress>Backend>Users

I asked the user to check spam inbox twice but there was stil no activation mail

It would be great if admins could manually acivate such users or resent the activation email.

I’m getting several spammers signing up, I have the Anti Splog plugin (here) and the reCAPTCHA is turned on.

Email Activation is turned on.

AND I’ve blocked all of the emails on this list (here)

HOW ARE THEY GETTING THROUGH!

Thanks for keeping on top of this everyone.

Have seen this before. Not sure how it’s done, revision history appears to be misleading. I’ve sent a message to Andy Peatling as a heads-up.

http://www.google.co.uk/search?sourceid=chrome&ie=UTF-8&q=%22twitter+apps%22+site:codex.buddypress.org

I also found a spam link in the codex and deleted it.

Spammers ruin everything.

Fixed but it would be good for an admin to go and see who made the change in the first place. Well, assuming whatever wiki the site is using actually maintains that information.

Along these lines…I haven’t seen much discussion about spammers lately.

Am I still the only one getting 100+ per day?

Please please please someone figure out how to make buddypress’s registration page reference the banned domain list!

Re #3 – if that record is deleted, they can sign up again using the exact same info. That record tho, is never displayed anywhere else.

Really, the mass deletion of spammers shoudl be handled on the WordPress end, as ultimately that’s the menu your’re using.

Without going and checking, I *think* you can sort the blogs/users so the spammers are all on one page, select all and delete all in one go.

For more than a screenful, I do it with a SQL command right in the database.