BuddyPress.org

@DJPaul – editing my own posts work now, it wasn’t working about an hour ago. Andy’s been busy!

—

Other issues:
– Hyperlinks in the “About Me” profile description need to be nofollow’d to prevent SEO spam.
– Group avatars do not work

FYI, Today I updated SI CAPTCHA Anti-Spam for latest version of buddypress 1.2.3 compatibility

SI CAPTCHA Anti-Spam

https://wordpress.org/extend/plugins/si-captcha-for-wordpress/

This plugin adds CAPTCHA anti-spam methods to WordPress on the comment form, registration form, login, or all. In order to post comments or register, users will have to type in the code shown on the image. This prevents spam from automated bots. Adds security. Works great with Akismet. Also is fully WP, WPMU, and BuddyPress compatible.

The screenshots were from an old version. I have updated them. The CAPCHA looks nicer now.

SI CAPTCHA Anti-Spam

https://wordpress.org/extend/plugins/si-captcha-for-wordpress/changelog/

Today I updated it for latest version of buddypress 1.2.3 compatibility

Ahh okay, Erich! Thanks for the extra details.

It could be an issue with the email address that the activation email is sending from.

By default, the activation email tries to use the admin email option in WPMU.

If that isn’t set, it uses something like:

noreply@domain.com.

Which could be causing the activation email to go to the spam folder.

Try using the following plugin to set the email address:

https://wordpress.org/extend/plugins/mail-from/

captcha and math tools do not really help fighting spam.

spammer register manually and then feed your blog automatically remote via xmlrpc.

i am running a wordpress mu + buddypress site and had about 40 spammer-registrations a day with lots of spam. then i deactivated xmlrpc via renaming xmlrpc.php in wp-root, result was only user registrations (without content spam). about four days later spammer registrations were reduced from 40 to about three a day (easy to delete), seems that the spam-apps noticed that the rpc doesn´t work and deleted my site from their targetlists, entering their messages manually is to complicated for them….

I havent had a spammer registration since i used the “WMPU block spam by math” plug-in. i was getting 20 a day, and now absolutely zero.

https://wordpress.org/extend/plugins/wpmu-block-spam-by-math/

I changed the signup page name, stopped all new registrations across all blogs, added to the htaccess page and STILL get signups.

I asked over at wpmu and they say it is Buddypress causing this and to ask here but I see that BP blame WPMU.

Great!

On my site I see a similar problem with a small difference, I have people register which makes them a “Subscriber” but they never confirm by email. I am not sure that all of them get the new user email or if my host trash cans some of them.

Anyway, this leaves me with registered WP users that are not site members in Buddypress.

My wish list would be for a plugin that would allow me to delete any WP user that had not confirmed in some time period.

This is a self hosted site with WP 2.9.2 and the users cant write to the blogs so I don’t have that clean up to worry about.

Ed

http://www.carvingbuddy.com

.

This smells like.. spam/scam. Allowed?

I’ve actually used this to my advantage on mine, because if it doesn’t work, and it often doesn’t, the alternative – which is always an option anyways is having members set up accounts at gravatar in order to display avatars correctly. You can disable the gravatar upload on your site on the general components set up. Just click yes to the disable gravatar uploads.

The benefit is, that is an additional verification step to your website users to prevent against spammers. Then set your default to the ones provided in your dashboard. They don’t like that their avatar displays like that. so they go get a gravatar account so that their custom avatar displays. On some of my sites, I actually have added the option to add members gravatar accounts to their profile for cross promotional purposes. I do have a member that has gotten a gravatar and has her gravatar link listed.

Well… with regards to SPAM… I’m not certain… but I suspect that’s actually BuddyPress-related. I’ve never had that issue on any of my other WordPress sites. But my BuddyPress sites are rife with SPAM signups. No matter what I do it seems. The only solution I found (after trying literally everything I could find here and at wpmu) was to block all proxy methods.

You need to distinguish between whether it is a user interface issue, and if it isn’t, where the code/functionality is provided.

For example, BuddyBar is obviously a BuddyPress user interface feature. The code which is called when a user is marked as a spammer is in WordPress. The code that deletes a spammer’s activity from the Activity Stream is BuddyPress.

Just to clarify, I’m not in favour of disabling email activation, either. The spam you’d be getting would kill your site.

However, the site I was doing this for does not allow users to post status updates in the conventional form. The site is an anonymous image sharing site. Users need to be registered to submit an image, but they needn’t be registered as themselves. Every user has the option of using [username]@domain.ext as their email address if they choose to stay anonymous.

Status updates are replaced by img tags to the uploaded image. Yes, they could spam in activity comments, but I guess that’s a risk that had to be taken. Until someone figures out how to use akismet on those comments too…

You don’t want to delete users if they pose threats to your community because they can re-register using the same creds if you do so and they will continue to be a nuisance to you and your community forever if such is the case. I’m new to using bp, but have already figured out that to get rid of these suckers, this is what you do the easy way.

Go to your user area in your dashboard – checkmark the user, change role to “blocked user”. Then, from the front end of your site, from your front end admin panel, go to the user and up top in admin options it will give you the options of what to do, mark them as a spammer. It doesn’t delete them, as I said – you don’t want to. But it disables them from everything and prevents them from being a neverending nightmare to your site.

In all honestly, I wouldn’t recommend disabling email verification. In fact – you actually should not only use that, but use it with Gravatar to double verify members. My BP communities are brand new, in dev stages right now. I’ve already been subjected to spammers which is why I support use of Gravatars – because not only will your users be verified in your community, but globally and this is a big step in spam prevention.

If you want to customize the registration page, many of them can be through your theme framework. However, too much code will slice your page & overall framework right down the middle and break your site.

@all

I’m using these 3 plugins together and have no bot signups at all on WPMU2.9.2/BP1.2.3.

Cookies for Comments

RPX

WPMU Super Captcha

The occasional stubborn human does drop by once in a blue moon, and these few only manage to get through using RPX and an existing account, or they really take the time to fill out the registration form. Email domain banning and persistent account termination seem to be the only solutions in these cases.

Can someone give solution that users that wish to sign up dont use buddypress signup page, instead they use regular wordpress signup which is much much safer.

Hmm, interesting. The generic BuddyPress register form does seem like a bit of a sieve (though it could just be my frustration talking).

I think you would just delete/disable /registration/activate.php and /registration/register.php. You would lose the ability for users to fill out extended profile fields at signup. However, quick signups are probably preferable, with seasoned users filling out extended profile fields as needed. I’ve read at least one article via delicious.com that suggests to me that signup forms need to be as simple as possible to help users focus on getting “behind the wall” fast and easy.

excuse my ignorance of htaccess but is this even possible? and if so, how is it done?

I noticed a issue with spammers using CURL to download /registration so blocked that in .htaccess (It’s been mentioned on a thread somewhere how to)