BuddyPress.org

Hashcash 4.5.1. doesn’t work for me anymore… I had almost none spam-signups with the old version, but now there are alot! Maybe I will try the proxy-method mentioned above… (it seems, that it never is over… I thought I found a solution, but now I am flooded again )

hnla,

Whether legal or not, the feature would be a better user experience. Plus, I don’t know for sure, but I’m guessing that an “opt-out” link that removes your name from future emails would help to avoid getting your server blacklisted or filtered by the various spam filters as well. I’ll add it to my list to try and research some of the details for Boone so he can implement it the best way possible.

Not exactly sending emails in large quantities though, and as for Can Spam Act I would expect these to be emails being sent by members from their own contacts not a some random list they may have found, I might be inclined to point this out in writing to members though.

The functionality of this really needs to be kept simple and straightforward, with not too many bells and whistles – that can tend to confuse and overwhelm users.

“It’s possible to add a “I dont want to receive more invites” on each email? (like a unsubscribe link). This will solve a lot of headaches if someone start receive multiple invites from a lot of people.”

Actually something like this might be required by the Can Spam act. Not for sure of the details. I think we need to look at one of the Facebook emails and see what they have since certainly they’ve gone through a lot more work and effort to figure out how to send emails like this in large quantities.

Wondering if setting a quota? monthly? to the number that may be sent – not sure if there is any point to that but also mainly concerned with spammerish type issues arising and of trying to second guess non technical minded users managing to something very silly – not unkown

Hello to everyone following this thread. I just released version 0.4 of my Invite Anyone plugin, which, as promised, adds the invite-by-email feature.

https://wordpress.org/extend/plugins/invite-anyone/

Here’s what’s new:

– “Send Invites” tab added to the Profile section

– “Send Invites” has two subsections: Invite New Members and Sent Invites

– On Invite New Members, users can enter email addresses, a custom invitation message, and check off some groups that the invited member will receive invitations to when they join the site

– On Sent Invites, users can see all the invitations they have sent, as well as whether or not the member has accepted yet

– When a user accepts an invitation, they receive invitations to all groups to which inviter(s) have invited them, as well as a friendship request from each individual who sent an invitation

– A link is added to group Send Invites pages that goes to the profile Send Invites page and pre-checks the group’s box

– There’s a Dashboard panel for sitewide admins that allows them to control some of the default behavior of the Send Invites page, as well as the visibility of the Send Invites tab. You can create a blacklist of users who are not allowed to send email invitations (good if you have spammers in your community!), limit by blog role, or by length of time since joining the site.

It’s been fairly thoroughly tested, but it’s possible (likely even!) that there are still annoying bugs. Please let me know if you find issues or have suggestions.

Hmm… check this out: http://www.642weather.com/weather/scripts-wordpress-captcha.php

I said I’d try and establish some test conditions to try and determine whether banned email domains were an issue in WP or BP, tests were not hugely conclusive sadly.

site running out of the box no modifications (WPMU / BP) – no anti spam measures in place. had been receiving ~ 10 -20 spam registrations daily (quantity of spam is governed to some extent by search engine ranking /prominence)

1/ Running WPMU 2.9.2 ALL BP plugins deactivated site open to user account registrations only.

24 hour period = no spam registrations at all – a surprising result!

2/ Conditions as above (1) but allowing blog to be registered

Start to receive spam signups – not many but only observed over a 6 hour period.

These do not match to any banned emails domains entered by me, so on the surface looks as though banned domains working BUT this is far from conclusive as they may simply not have attempted to.

3/ Activate BP 1.2.3 allow accounts and blogs to be registered.

Spam increases – not hugely though! of the 6- 8 received in a 12 hour period one is noted as having an email domain that matches to one entered in the banned domains list.

None of the above is that conclusive or useful sadly, it’s a difficult subject to run tests on. It does appear that BP probably does have some problem with the banned domain list, but then I get the impression that with each version 1.2.2.1 / 1.2.3 spam issues feel as though they are lessening but others may not be experiencing that.

One problem I noticed

On the invite email that gets sent out this is the link, http://yourbpsite.com/register/accept-invitation/test%40test.com

I’m now using a different register page to prevent spam. If I change $accept_link in invite-anyone/invite-anyone/by-email.php to reflect my register page, will it break the plugin?

Great stuff!

Installed ‘bleeding’ on live test site running BP 1.2.3 / WPMU 2.9.2

Installed smoothly – previous version didn’t exist fresh install (production site has older version )

Things noted:

The group send invite that was part of the original plugin function allows to select from all members including members marked as spammers! (am logged in and working as admin)

Having sent email invite from my account I’m returned to a ‘Sent invites’ (‘You have sent invitations to the following people.’) but there is no data available.

No email has been received, but tested setting up new account and that hasn’t been emailed either so think this is a BP 1.2.3 issue as all was working earlier today *sigh*

Looking pretty good though.

15 hours since Hashcash 4.5.1 was installed and still no new splogs registered. This compares with about 40 splogs over the preceding 3 days.

The plugin wordpress Hashcash (updated today to 4.5.1) should now work for BuddyPress registration but it stops EVERYBODY from registering.

This is not true for me. I just registered a test user with Hashcash 4.5.1 installed. Though still waiting to see if it stops BP splog spammers.

whats the status on this? would also like to find a way for an ignore user or report this/mark as spam in my activity stream

I added captcha – and I still get multiple signups from the same dozen or so email-domains, even though they are already in my blacklist..

I am checking on another hunch today… I think there is a possibility that maybe having the same entry twice in the blocked domains could be causing an issue with it not working – that seemed to make it fail once before… I just pasted the domains I had banned into a spreadsheet and then sorted it alpha – and I had the same domain listed several times in several instances… now to clean it up and try it again.. I now have 437 banned domains in my list.. maybe there is an issue there?

Maybe these qualifiers should be added to the trac for fixing? on buddypress and maybe mu?

I will read the spam spam spam thread and see if there is anything else I can do as well.

The best trick I learned for fighting spam bots is to ask a question that only a human can answer and making them type it into a text box. If you change the question daily or randomize it, it makes it even tougher. Don’t do anything like math or captcha or something that a bot can calculate or decipher. Ask a question like “What color is snow?” or “How many sides does a triangle have?”

+1 for that idea, I had this on 2 SMF forums and it does work. While it doesn’t stop the odd human Spammer from registering, it stops bots dead in their tracks.

Maybe a coder would consider making such a BP plugin.

Are there any downsides to blocking proxy servers?

There are multiple entry points for SPAM bots… so any one measure probably won’t accomplish much. I posted a list of everything I did in the “Spam, Spam and more Spam” thread. Worse case… you could try captcha.

@Magganpice: I’ve had two SPAM registrations since banning proxy connections.

This has been a wordpress mu issue for a while off and on.. I discussed an idea about at mu forums:

https://mu.wordpress.org/forums/topic/13982

[blockquote]

I too have noticed that even putting domains in the block list seems to not stop future registrations. Here is a thought of mine.

MAYBE a spammer actually signs up 100 new accounts, and then only activates one a day. So even though we have added his domain to the ban list for signups, he still has 99 more that have been signed up, but not yet activated?

If this is the case I would like to see MU add core code that checks to see upon activation if the domain they originally used to signup has since been banned, and then prevent them from activating if it has.

Just a thought, not sure if this is the case – but it may be worth looking into.

[/blockquote]

It was suggested that I add this suggestion to the trac, ( https://core.trac.wordpress.org/ )

but I really don’t know how to use that thing…

not sure that it is a buddypress specific issues, but I DO believe that the spammers are looking for buddypress phrases when compiling their lists of sites to hit…

But there are many steps one can initiate to stem that tide of spammers, although the domain blacklist is an issue in not apparently working I have still had reasonable success in reducing spam signups to around a dozen a day and still have one or two steps that I haven’t taken yet

@kunal17

I’m seeing the same thing you are….

Is there any way to get buddypress registration to reference the banned domain list?