BuddyPress.org

The issue of spam will be one of the topics discussed at this week’s dev chat on Wednesday. There should be more to report after that chat.

It’s my belief that the footer link plays a bigger part in the problem than is given credit for at least it was the last thing I implemented (removing) and appeared to have a significant impact. One thing I think people should stop putting forward is this notion that adding custom fields to sign up makes a difference, it doesn’t! and is obviously and emphatically demonstrated by the fact that spam bot signups manage to fill all fields with garbage including user created ones but as you would expect.

interesting:

2) How do spammers find BP communities?
Using Google.
Example: http://www.google.ca/search?hl=en&q=%2B”is+proudly+powered+by+WordPress+and+BuddyPress”; (front page of every BP site on the net)
Example: http://www.google.ca/search?hl=en&q=inurl:%22/community/members/%22+%2Bbuddypress (members page of every BP site on the net)

I have two open test BP installs (one wp_user linked to my blog domain) and changed the standard footer. Not a single spam sign-up (just hashcash installed)

Has there been any more movement on this front?

The issue of spam registration and posting is well discussed. If you want to learn more about some proposed measures, please read this thread: https://buddypress.org/community/groups/requests-feedback/forum/topic/here-come-the-spammers/

@stwc and everyone else.

I’ve been experiencing problems with spammers constantly, I would get about 11 a day, (at the minimum). I’ve tried several things, reCaptcha, email activation, email domain blocking, etc etc and nothing seemed to help with the bot spammers.

All they were doing was creating users with a few profile fields filled out, so there was no big issue, it was just annoying seeing so many fake users on the site.

So all I did out of the suggestions here was enter the code provided for the .htaccess file :

# BEGIN ANTISPAMBLOG REGISTRATION
RewriteCond %{REQUEST_METHOD} POST
RewriteCond %{REQUEST_URI} .yourbpsignupslug*
RewriteCond %{HTTP_REFERER} !.*yourhomedomain.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^$
RewriteRule (.*) http://die-spammers.com/ [R=301,L]
# END ANTISPAMBLOG REGISTRATION

And it seemed to have worked. For the signup slug, I used wp-signup.php. And so far, for about a day and a half now I’ve only found 1 bot spammer. Drastically reduced, but not quite fixed.

But we’ll see. I’ll post back if there is any change, or after a few days of no spammers.

It blows my mind that this is not a core feature of WPMU, WP, or BuddyPress. It is the most obvious first defense against sploggers and spammer-members.

There is a plugin called Pie Registration that claims to do user moderation of unverified users before they are allowed to post. It seems to be a resurrection of an older (discontinued?) plugin called Register Plus. Find it here: https://wordpress.org/extend/plugins/pie-register/

Will check it out now.

EDIT: It says that the feature “Moderate all user registrations to require admin approval” will only work when Email Verification is DISABLED. I can’t get it to work, though.

Also found this:
“Register Plus plugin seemed to be working fine in 2.9.2, with custom logo and all, but now I’ve just discovered that it only sends the registration email if the registration is done in IE. In Firefox or Chrome the mail is not sent. How can this be?”
https://wordpress.org/support/topic/376015

Had the same problem on all of my installs last night. Temp solution was to shut down all registrations while bp works this out. Between my network of sites, I would estimate 150+ spam registrations. Once in, they were also abusing the pm system. It’s ok though, I’d rather shut it all down for now then to have to manually keep deleting pm’s from the db all day long.

I know you guys are working hard on this issue. It is much appreciated!

As @r-a-y suggests, these look like spam accounts to me.

I guess these could be spam bots inputting data to pass the registration
I know a lot of work is going on now in the background to help stop this
Stay tuned

Could be spam accounts. Are these users doing anything weird on your site?

Ok, I had the same problem, and I got that “Mail From” plugin and it works as far as the From line coming from the community name instead of from “WordPress.” However, emails are still going to the spam folder. Is there no way around this at all?

I see you simply copied and pasted my previous code without adding the rest of the function!

Here’s the full function:
http://pastebin.com/5Pb5VpSz (updated to check if spamlist is filled in)

I think I’ve written the majority of your plugin! lol

This thread should be developer-focused and less “why aren’t you guys doing anything about it?”.

I don’t want to start moderating this thread, but please keep comments focused on combatting spam instead of bickering about it.
We are all aware of the problem.

I must say the SPAM problems are real pain, and for a long time people have been complaining about the SPAM and its been brushed off. I have laid off the complaining and tried to be proactive to fight the spammers off but its really hard to keep up with them.

I think the admins and developers need to start a working group or something and start giving this a lot of attention because if they remain nonchalant about it, it will eventually work enough people’s nerves to chase them away to use some other solution.

The other day I was talking to someone who played with BP a while ago and then dropped it in favour of another solution after the sploggers started coming in.

I have created a group called SPAM Eater where members who are pissed off about SPAM can gather and vent our frustration a bit

https://buddypress.org/community/groups/spam-eater/

I am with many sites on MediaTemple Grid and it is pretty good. However some applications really have an impact on your usage. For instance the chatbar scripts really have an high impact. When I started using them I had to pay $150 in overusage each month.

Now I moved to MediaTemple Virtual Server dedicated virtual base and I have endless problems. The main problem is with the “othersockbuf” which has a soft limit of 1.433.738 and a hard limit of 2.662.538. Each time it hits that border the server dies. Which is NOW multiple times a day that I have to reboot the virtual server.

I’ve looked around the web but I could not find a solution. I really have no clue. So maybe i have to to somewhere without this limit.

UPDATE: I have simply clicked “update server from BASE to RAGE” and it seems all my problems are over…. (I also changed the mysql.cnf, killed spamassasin, killed watchdog, killed dns server, smb, secure SMTP…)

A simple solution but it works grin (although it now costs me $100 a month to run a buddypress site).

I also ran: http://kb.mediatemple.net/questions/816/%28dv%29+3.5+Auto-Tuning+your+server (MT has some great amount of docs on performance tuning)

There are some good exhaustive posts about spammers on this site… but what will change from the server level? I have gotten a few spam messages too and there’s nothing I can do except for delete them. Could the site setup a recaptcha required box before sending messages? Would that be effective?

If Buddypress can create a proactive plugin or core feature to mitigate spam that many of us are receiving, it will improve our confidence in the service (privacy and security is a common mantra in the forums). If buddypress.org finds a plugin works well, please share which one it is in a sticky post so we all see it and it won’t get lost between many posts. When there are multiple suggestions to a specific problem then it shows that there really isn’t a solution at this time. Thank you.

Btw, I really didn’t mean to dig on *anyone* –> I think WP and BP is BRILL, to say the least, but I do get frustrated @ how spammy it all can be. THAT SAID, I should just keep my mouth shut from here on out (ha), since I’m not really contributing to the solution.

SO.

@foxly I still need to read through all your suggestions, but the few I did read seemed spot on.

I do think it’s important to note: this thread becomes documentation for would-be spammers. Sad to say, as @andrea_r has noted many a time, when it’s documented, the evil-doers will read it and then find a way around. So how does your solution work in spite of the documentation herein? Or do we need to take some of this offline, into a more hushed conversation, i.e., email (gasp!) or some other less porous document? Google docs?