@infution I’m concerned as well about the space the avatars will take up. Right now it uploads the images to the uploads folder in its original size (a problem if you have a fixed sized template area you’re working in).
My wishlist for @MrMaz:
1. Let admins specify a separate directory to use for BP Links avatar images or create a sub-directory in uploads
— Reason: It keeps things separate in case we want to remove BP Links in the future and delete all associated images.
2. Use the setting in WP > Settings > Media to create matching sized thumbnails (i.e. 150×150) and resize images down to the “Medium” image size setting (my max width is currently at 500px).
— Reason: one word… consistency. Plus, it helps keep things manageable.
* I noticed the thumbnail BP Links uses is actually the fullsize stored image — but scaled down per the width, height pixel values.
+++++++
Advanced cool feature I’d like to see…
Links that have been voted down by X number (most likely because they’re spam or totally unrelated) automatically get weeded out and their associated image(s) removed. This would free up a lot a space as well.
Did this never get developed? It is a right pain at the moment, I have loads of spam registrations and people posting unsuitable content! Something like a Registration Approval system is very important, spam and abusive posters ruin many a good forum blog etc!
I would have thought something as important as this, would be high on the priority list of available options on buddypress! Or is there something already out there ?
Not necessarily accept, but feeling sort of resigned to, still trying to see the actual process and how the circumvention of so many disparate steps to thwart these little idiots is occurring. I still intend on trying put a stop to these but at the moment not about to waste too much further effort on it, I tend to catch them within minutes of signup and remove them so it doesn’t upset the community too much.
Another step I took was to place a trap on php curl scripts attempting to download the register page, that put a stop to a few signups I think.
They could be legitimate proxies… yes… but I’m assuming they are in the minority.
I don’t think I have no referer rules. I’ll look into that.
So you just accept it? What a pain.
Hmm proxy servers could be legitimate though, couldn’t they?
I empathise with the issue I still have to delete on average a dozen a day and have employed al the suggested fixes and a few domain blocks and no referer htaccess rules.
I just clued in that these bots are probably all using proxy servers… and compiling a big list of them all would be futile. So I found this htaccess code that blocks servers based on their methods. I know this topic has gone beyond specific BuddyPress fixes… but I’ve done all of the BuddyPress fixed (and more) and I’m STILL getting SPAM signups. So perhaps this will help someone else.
RewriteEngine On
# block proxy servers from site access
RewriteCond %{HTTP:VIA} !^$ [OR]
RewriteCond %{HTTP:USERAGENT_VIA} !^$ [OR]
RewriteCond %{HTTP:FORWARDED-FOR} !^$ [OR]
RewriteCond %{HTTP:FORWARDED} !^$ [OR]
RewriteCond %{HTTP:X-FORWARDED-FOR} !^$ [OR]
RewriteCond %{HTTP:X-FORWARDED} !^$ [OR]
RewriteCond %{HTTP:PROXY_CONNECTION} !^$ [OR]
RewriteCond %{HTTP:XPROXY_CONNECTION} !^$ [OR]
RewriteCond %{HTTP:XROXY_CONNECTION} !^$ [OR]
RewriteCond %{HTTP:HTTP_PC_REMOTE_ADDR} !^$ [OR]
RewriteCond %{HTTP:HTTP_CLIENT_IP} !^$
RewriteRule ^(.*)$ - [F]
Credit goes to: http://perishablepress.com/press/2008/04/20/how-to-block-proxy-servers-via-htaccess/
Just got another registration from a .info email address. It occurs to me that that is not necessarily the domain they are coming from since my htaccess deny had no effect. The email ban setting also had no effect. Nor does hashcash or any of the other multiple measures I have put in place. I have no idea what to do anymore. I’ve tried everything. I’m resorting now to banning individual IP’s as they come in.
@Boone & @giocaputo
One quick thought…if you haven’t thought of this already…
There should be a cap of maybe 25 or so people that can be invited at any one time. No spamming 
I’ll try. I just got a new registration from ANOTHER .info email address. Minutes ago. Ugh 
Unreal.
I’ve done everything mentioned in this thread and MORE. And no dice. Kind of at my wits end. How the heck are they signing up?! Unless it’s humans signing up. But I assume all SPAMers use bots. Even if it’s not a bot… I don’t know how you’d ever find the signup page with Google. It has a custom slug and I’ve gotten rid of the default BuddyPress text.
Anyway. Thanks Andrea.
I wonder if this would work in .htaccess
deny from .*\\.info.*
/.*\.info/
that might work. it was buggy at one point.
@Andrea_r How do your say “SPAMbots please screw off” in Latin? LOL. Maybe Google can translate for me.
No more SPAM registrations since my last post. Fingers crossed.
Did you find out how to use regex in the WPMU “banned domains” setting?
That string is also translatable, meaning you can replace it. Doesn’t have to be with another language.
Add the standard instructions to your registration page for new users to whitelist yourdomain.com in their email accounts.
The users who register need to activate their accounts. They are not marked as a spammer (user_status = 1) they are marked as not active (user_status = 2). Until they activate their account they cannot log in.
If your emails are being marked as spam or phishing then this is likely something to do with the domain or IP address of your site. It has probably been black flagged.
OK…. I think I know the problem – members who do not click on the activation link will be marked as spammers automatically!
There is just one problem – when I test-registered with one of my email addresses (I used gmail) – gmail automatically trashed the confirmation email AND puts a big red warning sign that said the message was potentially a phishing email.
NO WONDER… my users are probably thinking that it was a fake email or a phishing email IF they even see the confirmation email at all.
Is this an issue that is being brought to attention with buddypress developers?
thanks – but I am not on MU – I am on a regular wordpress v. 2.9.2 using the buddypress plug-in.
The same thing is happening for another one of my sites where I am using a buddypress plug-in for wordpress 2.9.2. That new user was marked as a spammer even though she is definitely not one!
If you are on Wordoress Mu
Dashboard->SiteAdmin->Users
search his username and check it, then there is a button above the listing for Not Spammer, that should do it.
Thanks for the info Paul!
I wonder if attempting to rename bp-core-signup.php might help. Who know how many things I could break though. LOL.
Anyway, I just duplicated the /registration/register.php file in my child theme and completely deleted this line… maybe that will help
<p><?php _e( 'Registering for this site is easy, just fill in the fields below and we\'ll get a new account set up for you in no time.', 'buddypress' ) ?></p>
Okay… I am STILL getting SPAM registrations. I’ve done the following:
- Changed signup slug
- Installed hashcash (works with BP now)
- Disabled “Allow blog administrators to add new users…”
- Deleted BuddyPress credit in footer.php
- Deleted wp-signup.php
- Created a robots.txt file to disallow robots from my signup slug
Any more ideas? Short of Catcha? Altho’ I’m thinking even that won’t work.
“It’s not any ONE fully qialified domain for me… it’s dozens of different domains all ending in .info.”
Yeah, I know, Believe me, we’ve gone around in circles over that one issue in the mu forums. I’ll have to dig up the command.
A lot of plugins like hascash are recommended because they work. I see a lot of people not try them because they think it’s just for comments. On most sites I’ve tried it on, it just works.
You might like to get some anti bot plugins from wordpress. I have WordPress MU and Buddypress and use the following plugins to prevent bots from joining my site.
WP-SpamFree – An extremely powerful anti-spam plugin that virtually eliminates comment spam. Finally, you can enjoy a spam-free WordPress blog! Includes spam-free contact form feature as well. http://www.polepositionmarketing.com/library/wp-spamfree/
WPMU Super Captcha – Custom captcha program made to stop spam bots cold in their tracks. Features audio, word files, or random text. You configure it! https://wordpress.org/extend/plugins/super-capcha/
Or go to http://www.wordpress.org, click on extend and find them there.
Okay… I just installed wp-hashcash and pasted in the function mentioned near the top of page 1 of this thread. Let’s see if that stops the *$^#%&@ SPAMers :o)
Thanks Andrea_r
So can you tell me how to block signups from anyone with a domain that has a .info extension? I’m sure that 99.9% of people with .info domains are SPAMers. I found the “Banned Email Domains” setting in WPMU but cannot find any documentation about how to use a wildcard or regex in that field. It’s not any ONE fully qialified domain for me… it’s dozens of different domains all ending in .info.
I’ve done everything in my list above (except CAPTHA or Hashcash) and I’m STILL getting signups from these bastards. Maybe I should try Hashcash. You’re right, the htaccess rule above did nothing. Driving me CRAZY!!! Buggers.
