For anyone that runs across the problem. I never got any response from anyone here so I found an Ajax login plugin that is working beautifully as a workaround. I’m also not having any issues with spambot fake registrations this way either.
ok, so if anyone is usimg the twi connect plugin and a users does not activates after signing up and then goes to your site and clicks the twitter login it will log them in but they will be marked as a spammer. I edited database to 0 and its ok
Hmm it’s holding up then.
Well it’s been 3 full days now without a SPAM signup.
Windhamdavid, your post got marked as spam by askimet (spelling?). I’m just going through the spam bin atm.
The phrase “Famous last words” springs to mind 
But post back with update if still not getting spam maybe I’ll do the same with proxy bans
@Kunal17: I’m sure that’s probably just a coincidence.
@pushi22le: That’s a new tip. Thanks :o)
BTW… since banning proxies from accessing my site… I haven’t had a single SPAM signup.
I upgraded to bp1.2.2.1/wp2.9.2 from bp1.1.2/bp2.8.6 a couple of days ago and the spam on my site has significantly increased.
I also noticed that spammers from previously banned domains are now able to register.
I’ve been getting pummeled with spam signups ever since the BP_REGISTER_SLUG stopped working throughout the site. I used R-A-Y’s idea of just having an .htaccess redirect. Just curious: If others have taken that approach, does it indeed cut down on spam signups?
The BP demo site is also full of spam. Very interesting.
@agrunder
I have added the feeds idea to my list of requests. If I get a bunch of requests I will consider adding that feature.
Link avatars are already stored in a separate directory under wp-content/blogs.dir/files/link-avatars. I wonder if maybe this is not the case for single WP? I still need to do a bunch more testing.
The thumbnails that are uploaded are handled very much like the other BuddyPress avatars, and nearly all of the functionality for handling them is re-used as far as code goes. Right now the original “should” be getting resized down to 450×450 on upload, and then a copy down to 150×150 and 50×50 after the crop. All of these dimensions are determined by BP constants.
The thumbs are scaled down via CSS depending on the situation. For instance the 50×50 is used exactly as is.
I have not received much feedback at all regarding real world spam issues with Links, but I know eventually there will be a problem. I want to wait to tackle spam when there are real world use-cases to solve, not hypothetical ones.
What you described is very similar to Digg, and I think would be a cool feature, but maybe not to handle spam. I have planned from the beginning to allow users to set a threshold for negative rated links that would prevent them from showing up, for instance anything rated -5 or lower, don’t show me. The admin could set the default value.
Thanks for taking the time to submit some valuable feedback.
@infution I’m concerned as well about the space the avatars will take up. Right now it uploads the images to the uploads folder in its original size (a problem if you have a fixed sized template area you’re working in).
My wishlist for @MrMaz:
1. Let admins specify a separate directory to use for BP Links avatar images or create a sub-directory in uploads
— Reason: It keeps things separate in case we want to remove BP Links in the future and delete all associated images.
2. Use the setting in WP > Settings > Media to create matching sized thumbnails (i.e. 150×150) and resize images down to the “Medium” image size setting (my max width is currently at 500px).
— Reason: one word… consistency. Plus, it helps keep things manageable.
* I noticed the thumbnail BP Links uses is actually the fullsize stored image — but scaled down per the width, height pixel values.
+++++++
Advanced cool feature I’d like to see…
Links that have been voted down by X number (most likely because they’re spam or totally unrelated) automatically get weeded out and their associated image(s) removed. This would free up a lot a space as well.
Did this never get developed? It is a right pain at the moment, I have loads of spam registrations and people posting unsuitable content! Something like a Registration Approval system is very important, spam and abusive posters ruin many a good forum blog etc!
I would have thought something as important as this, would be high on the priority list of available options on buddypress! Or is there something already out there ?
Not necessarily accept, but feeling sort of resigned to, still trying to see the actual process and how the circumvention of so many disparate steps to thwart these little idiots is occurring. I still intend on trying put a stop to these but at the moment not about to waste too much further effort on it, I tend to catch them within minutes of signup and remove them so it doesn’t upset the community too much.
Another step I took was to place a trap on php curl scripts attempting to download the register page, that put a stop to a few signups I think.
They could be legitimate proxies… yes… but I’m assuming they are in the minority.
I don’t think I have no referer rules. I’ll look into that.
So you just accept it? What a pain.
Hmm proxy servers could be legitimate though, couldn’t they?
I empathise with the issue I still have to delete on average a dozen a day and have employed al the suggested fixes and a few domain blocks and no referer htaccess rules.
I just clued in that these bots are probably all using proxy servers… and compiling a big list of them all would be futile. So I found this htaccess code that blocks servers based on their methods. I know this topic has gone beyond specific BuddyPress fixes… but I’ve done all of the BuddyPress fixed (and more) and I’m STILL getting SPAM signups. So perhaps this will help someone else.
RewriteEngine On
# block proxy servers from site access
RewriteCond %{HTTP:VIA} !^$ [OR]
RewriteCond %{HTTP:USERAGENT_VIA} !^$ [OR]
RewriteCond %{HTTP:FORWARDED-FOR} !^$ [OR]
RewriteCond %{HTTP:FORWARDED} !^$ [OR]
RewriteCond %{HTTP:X-FORWARDED-FOR} !^$ [OR]
RewriteCond %{HTTP:X-FORWARDED} !^$ [OR]
RewriteCond %{HTTP:PROXY_CONNECTION} !^$ [OR]
RewriteCond %{HTTP:XPROXY_CONNECTION} !^$ [OR]
RewriteCond %{HTTP:XROXY_CONNECTION} !^$ [OR]
RewriteCond %{HTTP:HTTP_PC_REMOTE_ADDR} !^$ [OR]
RewriteCond %{HTTP:HTTP_CLIENT_IP} !^$
RewriteRule ^(.*)$ - [F]
Credit goes to: http://perishablepress.com/press/2008/04/20/how-to-block-proxy-servers-via-htaccess/
Just got another registration from a .info email address. It occurs to me that that is not necessarily the domain they are coming from since my htaccess deny had no effect. The email ban setting also had no effect. Nor does hashcash or any of the other multiple measures I have put in place. I have no idea what to do anymore. I’ve tried everything. I’m resorting now to banning individual IP’s as they come in.
@Boone & @giocaputo
One quick thought…if you haven’t thought of this already…
There should be a cap of maybe 25 or so people that can be invited at any one time. No spamming 
I’ll try. I just got a new registration from ANOTHER .info email address. Minutes ago. Ugh 
Unreal.
I’ve done everything mentioned in this thread and MORE. And no dice. Kind of at my wits end. How the heck are they signing up?! Unless it’s humans signing up. But I assume all SPAMers use bots. Even if it’s not a bot… I don’t know how you’d ever find the signup page with Google. It has a custom slug and I’ve gotten rid of the default BuddyPress text.
Anyway. Thanks Andrea.
I wonder if this would work in .htaccess
deny from .*\\.info.*
/.*\.info/
that might work. it was buggy at one point.
@Andrea_r How do your say “SPAMbots please screw off” in Latin? LOL. Maybe Google can translate for me.
No more SPAM registrations since my last post. Fingers crossed.
Did you find out how to use regex in the WPMU “banned domains” setting?
That string is also translatable, meaning you can replace it. Doesn’t have to be with another language.
Add the standard instructions to your registration page for new users to whitelist yourdomain.com in their email accounts.
The users who register need to activate their accounts. They are not marked as a spammer (user_status = 1) they are marked as not active (user_status = 2). Until they activate their account they cannot log in.
If your emails are being marked as spam or phishing then this is likely something to do with the domain or IP address of your site. It has probably been black flagged.
