BuddyPress.org

This has been a wordpress mu issue for a while off and on.. I discussed an idea about at mu forums:

https://mu.wordpress.org/forums/topic/13982

[blockquote]

I too have noticed that even putting domains in the block list seems to not stop future registrations. Here is a thought of mine.

MAYBE a spammer actually signs up 100 new accounts, and then only activates one a day. So even though we have added his domain to the ban list for signups, he still has 99 more that have been signed up, but not yet activated?

If this is the case I would like to see MU add core code that checks to see upon activation if the domain they originally used to signup has since been banned, and then prevent them from activating if it has.

Just a thought, not sure if this is the case – but it may be worth looking into.

[/blockquote]

It was suggested that I add this suggestion to the trac, ( https://core.trac.wordpress.org/ )

but I really don’t know how to use that thing…

not sure that it is a buddypress specific issues, but I DO believe that the spammers are looking for buddypress phrases when compiling their lists of sites to hit…

But there are many steps one can initiate to stem that tide of spammers, although the domain blacklist is an issue in not apparently working I have still had reasonable success in reducing spam signups to around a dozen a day and still have one or two steps that I haven’t taken yet

@kunal17

I’m seeing the same thing you are….

Is there any way to get buddypress registration to reference the banned domain list?

I’m having 300 spam registrations a day and having to mark them all as spam manually 15 in one go in the user list. The plugin wordpress Hashcash (updated today to 4.5.1) should now work for BuddyPress registration but it stops EVERYBODY from registering.

David Lewis, one week later, is your solution still working for you?

I can’t experiment either and am getting 10+ spam signups an hour. yikes.

I totally agree with this. It’s quite confusing. I think more than a rewording of the text is needed.

Perhaps you can give people a series of simple steps they should go through to complete setting up their membership?

Step 1: Activate your membership

You give them instructions to visit their email account then click on the activation link in the email.

When they click on the activation link they’re taken to the next step page…

Step 2: Customize your avatar

They do this then press the button to complete, then they’re taken to the final step…

Step 3: They’re then directed to the activity page, at the top of this page could be a message to tell them their account is now active and they can start posting.

This 3 step process gives people a clear path to follow taking them to the page where they can then see what’s going on and begin taking part.

Each step page is nice and simple.

What do you think?

I have similar issues, and I have been pondering possible reasons this occurs.

I take the time to copy domain names that spammers com from, and add them to the mu-options as domains that are not allowed to create an account. I find that even after doing this, sometimes I get several more members with those email addys.. sometimes not.. the past week has seen a lot.

There was a time a few months ago when it was a known bug for this, but I am guessing it’s been fixed in mu by now – (I’m using 2.92 I think).

This is what I am thinking MAY be happening, and I’d love a way to update MU to close this loophole, if indeed it exists.

I am thinking that the spammers actually created a dozen or more accounts, and only activated one at a time. I am thinking that perhaps by the time I add the bad domain to the list of no-signups-allowed, they have already created several others – and simply activate them later.

If this is true, I would love for MU / Buddypress to do a check, when a member actually does this activation, and tell them sorry – the email domain is now on the bad list, and they can not activate.

Not sure if this is true, just a thought.

I’ve run into a similar problem but it’s not related to the emails not going through.

In testing, I have found that almost without exception, that no one pays attention to the text above the crop avatar to check their email for the validation.

The system takes the user to the crop avatar portion, which they do, but after submitting their new avatar, they are left on the same screen, with just a small text warning above the avatar to activate their account.

Actually, it even caught me off guard a few times, not realizing I needed to activate a new account.

Maybe in the future make this much more obvious?

I think this problem is connected with the mailing settings of my server. I’ll investigate this more.

Hi Andy

Thanks for your reply.

I think the problem is the email isn’t being sent out to the new members with the link for them to activate their account.

I’ve checked everywhere including spam folder to see if the message has been received at all but I just can’t find it.

New members are being given the roll of “members”.

Could you possibly tell me where within WordPress I would set up outbound email configuration?

I’m going to turn off all the plugins (except BuddyPress) to see if there’s a plugin conflict that’s causing this problem.

Do you have any suggestions?

Many thanks!

This means that the user hasn’t activated their account yet. I need to change the message.

Hello

Do you have any suggestions on a fix so new members aren’t always marked as spammers?

This is for a new installation of BuddyPress and they are the only 2 members I’ve added myself to test out membership to the site.

Here’s the message I’m getting when I visit a new members profile page from the admin area:

“This user has been marked as a spammer. Only site admins can view this profile.”

I’m using BuddyPress 1.2.3.

How do you unmark someone as a member?

Why is it that new members are marked as a spammer, how does the software decide this?

How can this be fixed or controlled?

Thanks for any help you can give on this.

Brian

Are you sure the emails are not going to a junk/spam folder?

Hmm it’s holding up then.

Well it’s been 3 full days now without a SPAM signup.

Windhamdavid, your post got marked as spam by askimet (spelling?). I’m just going through the spam bin atm.

The phrase “Famous last words” springs to mind

But post back with update if still not getting spam maybe I’ll do the same with proxy bans

@Kunal17: I’m sure that’s probably just a coincidence.

@pushi22le: That’s a new tip. Thanks :o)

BTW… since banning proxies from accessing my site… I haven’t had a single SPAM signup.

I upgraded to bp1.2.2.1/wp2.9.2 from bp1.1.2/bp2.8.6 a couple of days ago and the spam on my site has significantly increased.

I also noticed that spammers from previously banned domains are now able to register.

I’ve been getting pummeled with spam signups ever since the BP_REGISTER_SLUG stopped working throughout the site. I used R-A-Y’s idea of just having an .htaccess redirect. Just curious: If others have taken that approach, does it indeed cut down on spam signups?

The BP demo site is also full of spam. Very interesting.