5887735Inactive
I’m getting these on my own site. These are spam bots and they found a way into BP. This should be a number one priority for BP. I’ve seen this stuff with phpbb and other CMS. It very easy for these people to bring down your site.
1.1.x (whatever it was) was great. I had an activity stream widget on the front page, so I could immediately see (well, once I’d deleted all the spam registrations) who’d been doing what and where, and I click to go and view the context and respond in the same place.
Now I get the feeling that BuddyPress is a platform for creating communities of BuddyPress users 
Now there is no profile wire (I renamed it to ‘wall’ because nobody understood what a ‘wire’ is) – it was an absolutely fantastic way for me to greet new users and have a bit of open chat with them.
Now there is this @username nonsense which I don’t understand myself (I am not and never will be a twitter user) – where does that post go? It shows up as if it’s my (Facebook-style) status update. Someone can reply to it but I can’t reply to their reply. All continuity has been lost. I can see the advantage of AJAX replies in the activity stream, but not when it seems a random factor whether the post will appear only in the stream or whether it will appear at source..
The default theme is awful (1.1.x or whatever I had was beautiful, right out of the box) – It took me forever just to get the home page working with two widget columns (surely that wouldn’t have been hard to include in the release..?) but the profile page… ooooh no, it’s a disaster In 1.1.x I had no problems tweaking the profile page to make it do what I want… with 1.2 it defaults to the awful activity stream and I have to click through to profile on every user to see if he comes from xgGT54GRerju and works at Ox8iHghuf34 before I delete him as a spammer.
I started using BP because I needed to replace an ancient platform that I’d written myself ages ago, and I wanted something reliable and extensible because I just don’t have the free time to work on my site anymore. BP 1.1.x was exactly what I wanted (I tried Elgg and some other yucky, heaving nonsense before stumbling on the beautiful BP).
But now it’s just gone off on an utterly bizarre tangent and lost all its intuitive user- (and admin-)friendliness
I know it’s free and I know I’m moaning and not being productive but I really can’t write plugins or themes for BP (much as I would love to – I can’t even work out how to put the wire back) but I feel it’s very sad to see something so good (and so free) go so wrong
Yeah I just got two spam private messages in the last two days. Here is the latest one:
Please reply back with my email (anabel . awaza 01 @ yahoo . co . uk)
Dearest,
How are you over there?
I know that you would be excited for the fact that you do not know who is writing.
Actually my name is Mis. Anabel Awaza,Please my dear i will like us to hold a good long time relationship with real love.and I have something very important that I need to share with you. I am very serious; I shall tell you more about myself and send you my picture in my next mail.please reply back with my email address (anabel . awaza 01 @ yahoo . co . uk))
Hoping to hear from you soonest.
Yours Anabel.
View Spammer’s BuddyPress profile:
https://buddypress.org/community/members/anabel4you/
5887735Inactive
Message spam is getting out of hand.
5887735Inactive
This same spammer showed up on my site today. It seems to me a bot figured out how to hack BP.
I have a site also receiving tons of activity stream spam and agree that an admin link with “Mark as Spammer” on the stream page is a great idea.
thanks for your advice and replies
my fear re being blacklisted was a bit exaggerated, I have checked lost lists and our domain/ip is OK (only one place has one blacklisted)
in April overall for every 5 users, 1 did not activate the account
I am sure at least half of them are not spammers, I had a look at their email addresses,
so, I can only guess, users are not computer savvy.. and did not look at their junk email box for activation email etc..
I have change the form, so it tells them now to check junk folders. maybe this will help!
something else occurred to me
where do I change the default email address the activations email are sent from?
maybe this will help and emails won’t land in spam folders..
kind regards
Kris
We are aware, and the fact you’ve just copied the spam into a forum post means a) you’re spamming and b) Google might rank those domains better.
My vote is for a report spam button. When any action (activity, forum post, message etc) by a user is marked as spam, an admin should be notified. If more than x actions within x time of the user are marked a spam, the user account is locked until the admin is able to review the offending account.
Currently only two people on this site can ban spammers; JJJ and Andy Peatling, and both are at Wordcamp SF this weekend.
Ray, Jeff and I will try to remain on top of things and we’ve already reported this to the guys, so we’re just waiting for them to check their email when they get a chance 
Yea shes a cheater man. Don’t trust her. She give her love to every thing that moves. Reminds me of a dog. I wounder? Can a male dog turn into a female spammer? Well at least she is helping us come up with different ways to ban people.
@anabel4you I can sort you with some good cheap Indian viagra if needed?
testing another delightful bug @buddypress.com
^^^ spurious atmention
I’m following anabel. I’m her first follower!
But apparently not the first to notice her in the past 2 hours, 30 minutes: https://buddypress.org/community/members/anabel4you/
Yo MODs… ban hammer??
Damn, think the biatch has been cheating on us…
Dang. I thought I was Anabel’s only true love.
You don’t want to just activate random accounts. You might be activating a bunch of spam accounts for emails that don’t exist.
Seems like these are the functions you’d need:
-Resend activation email (possibly customize the email to admin’s desires)
-Manual activation for individual users (for those that contact you directly about activation)
-Clear users that haven’t activated (filtered by date)
But while waiting for Boone to code a plugin (there is one for activating signups that I’ve used on test beds, which I’ll look up when I get home) You must try and establish what has occurred kriskl, if you fear your server might have been blacklisted then it might be worth checking your domain against the blacklists? then you’ll know if you have any remedial work to do to get removed from the lists,. Find a user that you can send test signups to or an account you can check and see where the email is landing up – is it being marked as spam.
Both questions you need to investigate, if either of those are true you need to establish why otherwise you will struggle to ever grow your community, I would test ferociously the sending and receiving of emails and how your server might be configured, you may need an SPF record available so certain email servers don’t flag as spam i.e the likes of your hotmail accounts etc
I’m not going to make any friends in here anyway, so I’ll say what others won’t: Andy Peatling is a PHP programmer, not an (interface) designer. This redesign is cluttered, hard to use. I see groups, forums, topics, community, support. I have no clue what’s what. Automattic should focus on core functionality (member management, security, privacy, spam, etc.), take out redundancies (less is more), separate script from layout as much as possible and leave design to theme developers.
Couldn’t find anything on this so I wrote something.
It seems to work for me.
I simply add this to the bp-custom.php
function update_friends_count( $user_id ) {
global $wpdb, $bp;
if ($friend_ids = BP_Friends_Friendship::search_friends( ”, $user_id )) {
foreach ($friend_ids AS $fid) {
$total_sql = “SELECT COUNT(id) FROM {$bp->friends->table_name} WHERE initiator_user_id = $fid OR friend_user_id = $fid”;
$total_friend_ids = $wpdb->get_var($total_sql);
update_usermeta($fid, ‘total_friend_count’, (int)($total_friend_ids) – 1);
}
}
do_action( ‘update_friends_count’, $user_id );
}
add_action( ‘wpmu_delete_user’, ‘update_friends_count’, 1 );
add_action( ‘delete_user’, ‘update_friends_count’, 1 );
add_action( ‘make_spam_user’, ‘update_friends_count’, 1 );
FYI, I’m running the following plugins and they seem to be stopping/slowing spammers:
Bad Behavior
WPMU-Block-Spam-By-Math
Also I use this in my .htaccess http://wpmututorials.com/how-to/spam-blogs-and-buddypress/
the hack adds “the new users’ e-mail address to the e-mail with the activation link. This way you’ll know which activation link belongs to which user.” This is really needed!
Is there another line to add to functions.php that will add the email address?
Actually what we need is a plugin that creates a pending membership panel in the admin so you can go in and active or mark as spam… just like comments!
AH! Got it http://buddypress.pastebin.com/LrQuRa9T
This will show you the number of pending (NOT SPAM) comments next to the menu for ‘Manage Comments (#)’. Whew. I’m going to fiddle and see if I can make something like the notifications alert show up. But this is mostly what I wanted
The /*disable blog signup for non logged in member*/ code from @sbrajesh didn’t work… it didn’t remove the create a blog from the signup page.. I got a spam blog within minutes.
ah well that’s it for this rainy Sunday afternoon…. When I get some time next I’ll start but updating to php5 and then I’ll check back with the forum. Thanks everyone!
~ Ruth
