Skip to:
Content
Pages
Categories
Search
Top
Bottom

Search Results for 'spam'

Viewing 25 results - 2,151 through 2,175 (of 2,711 total)
  • Author
    Search Results
  • #68382
    Andy Peatling
    Keymaster

    The users who register need to activate their accounts. They are not marked as a spammer (user_status = 1) they are marked as not active (user_status = 2). Until they activate their account they cannot log in.

    If your emails are being marked as spam or phishing then this is likely something to do with the domain or IP address of your site. It has probably been black flagged.

    #68379
    janec
    Participant

    OK…. I think I know the problem – members who do not click on the activation link will be marked as spammers automatically!

    There is just one problem – when I test-registered with one of my email addresses (I used gmail) – gmail automatically trashed the confirmation email AND puts a big red warning sign that said the message was potentially a phishing email.

    NO WONDER… my users are probably thinking that it was a fake email or a phishing email IF they even see the confirmation email at all.

    Is this an issue that is being brought to attention with buddypress developers?

    #68377
    janec
    Participant

    thanks – but I am not on MU – I am on a regular wordpress v. 2.9.2 using the buddypress plug-in.

    The same thing is happening for another one of my sites where I am using a buddypress plug-in for wordpress 2.9.2. That new user was marked as a spammer even though she is definitely not one!

    #68376
    Brajesh Singh
    Participant

    If you are on Wordoress Mu

    Dashboard->SiteAdmin->Users

    search his username and check it, then there is a button above the listing for Not Spammer, that should do it.

    #68361
    djsteve
    Participant

    Thanks for the info Paul!

    #68331
    David Lewis
    Participant

    I wonder if attempting to rename bp-core-signup.php might help. Who know how many things I could break though. LOL.

    Anyway, I just duplicated the /registration/register.php file in my child theme and completely deleted this line… maybe that will help

    <p><?php _e( 'Registering for this site is easy, just fill in the fields below and we\'ll get a new account set up for you in no time.', 'buddypress' ) ?></p>

    #68329
    David Lewis
    Participant

    Okay… I am STILL getting SPAM registrations. I’ve done the following:

    • Changed signup slug
    • Installed hashcash (works with BP now)
    • Disabled “Allow blog administrators to add new users…”
    • Deleted BuddyPress credit in footer.php
    • Deleted wp-signup.php
    • Created a robots.txt file to disallow robots from my signup slug

    Any more ideas? Short of Catcha? Altho’ I’m thinking even that won’t work.

    #68315
    David Lewis
    Participant

    FYI… Elliot updated wp-hashcash for BuddyPress.

    https://wordpress.org/extend/plugins/wp-hashcash/

    #68281
    Andrea Rennick
    Participant

    “It’s not any ONE fully qialified domain for me… it’s dozens of different domains all ending in .info.”

    Yeah, I know, Believe me, we’ve gone around in circles over that one issue in the mu forums. ;) I’ll have to dig up the command.

    A lot of plugins like hascash are recommended because they work. I see a lot of people not try them because they think it’s just for comments. On most sites I’ve tried it on, it just works.

    #68270
    kiwipearls
    Participant

    You might like to get some anti bot plugins from wordpress. I have WordPress MU and Buddypress and use the following plugins to prevent bots from joining my site.

    WP-SpamFree – An extremely powerful anti-spam plugin that virtually eliminates comment spam. Finally, you can enjoy a spam-free WordPress blog! Includes spam-free contact form feature as well. http://www.polepositionmarketing.com/library/wp-spamfree/

    WPMU Super Captcha – Custom captcha program made to stop spam bots cold in their tracks. Features audio, word files, or random text. You configure it! https://wordpress.org/extend/plugins/super-capcha/

    Or go to http://www.wordpress.org, click on extend and find them there.

    #68266
    David Lewis
    Participant

    Okay… I just installed wp-hashcash and pasted in the function mentioned near the top of page 1 of this thread. Let’s see if that stops the *$^#%&@ SPAMers :o)

    #68265
    David Lewis
    Participant

    Thanks Andrea_r

    So can you tell me how to block signups from anyone with a domain that has a .info extension? I’m sure that 99.9% of people with .info domains are SPAMers. I found the “Banned Email Domains” setting in WPMU but cannot find any documentation about how to use a wildcard or regex in that field. It’s not any ONE fully qialified domain for me… it’s dozens of different domains all ending in .info.

    I’ve done everything in my list above (except CAPTHA or Hashcash) and I’m STILL getting signups from these bastards. Maybe I should try Hashcash. You’re right, the htaccess rule above did nothing. Driving me CRAZY!!! Buggers.

    #68250
    Hugo Ashmore
    Participant

    In MU, there *is* an option to block certain email domains. There’s a funny way to put in wildcards though.

    ,

    Thing is Andrea that doesn’t appear to make a blind bit of difference, we had a number of signups from half a dozen email domains repeated over and over, easy I thought, first line of attack drop those domains in the block list. Didn’t do a thing those same email domains kept coming through. I suspect that when someone looks into it they will find that BP registration bypasses this check somehow! sadly!

    #68246
    Andrea Rennick
    Participant

    That won’t harm anything, but it won’t stop signups from that domain, just requests.

    In MU, there *is* an option to block certain email domains. There’s a funny way to put in wildcards though.

    Andy Peatling
    Keymaster

    This should probably happen. Even so, if you mark the blog author as a spammer, it will also mark the blog as spam and remove all the posts.

    #68236

    In reply to: bunch of ideas….

    Anonymous User 96400
    Inactive

    @Peterverkooijen

    as has been said to you many times before. if you don’t want to use forums, then turn them off. and please don’t spam the forums every chance you get with your comments about forums and bbpress. by now we’re all well aware of your opinion. cheers!

    #68225
    David Lewis
    Participant

    So to sum up:

    • Change your signup slug
    • Add some required custom profile fields (or use the hashcash trick posted at the start of this thread)
    • Disable “Allow blog administrators to add new users to their blog via the Users->Add New page”
    • Delete BuddyPress credit in footer.php
    • Delete wp-signup.php
    • Create a robots.txt file with User-agent: * Disallow: /register/ (or whatever your slug is)
    • If all else fails, use CAPTHCA or preferably a simple random question (what colour is snow)

    Am I wrong or missing anything?

    Also… all of my SPAM registrations were coming from .info domains. I added this to my .htaccess file but I’m not sure it’s correct. I found a million examples via Google search for how to ban full domains or subdomains… but nothing about blocking an entire extension (i.e… whatever.info). Anyway, this is what I wrote:

    RewriteCond %{REMOTE_HOST} \\.info$
    RewriteRule .* - [F]

    Paul Wong-Gibbs
    Keymaster

    This is currently done when a user is marked as a spammer; this probably is best to go on https://trac.buddypress.org/ as an enhancement ticket.

    #68167
    Paul Wong-Gibbs
    Keymaster

    When a user is marked as a spammer, all of their Activity data is deleted in the database. There’s no way to retrieve. They essentially start out as new users as far as BuddyPress is concerned; they’ll need to log in or edit their profile, etc, in order to appear throughout the site (on the members directory, for example).

    #68134
    Andrea Rennick
    Participant

    “The only other way I can think of is that a member is “inviting” them via the “Allow blog administrators to add new users to their blog via the Users->Add New page.” on the WPMU options page, so I’m going to disable that as well now.”

    That’s one of the first things I turn off.

    #68112
    nightowl99
    Participant

    I must be overworked or hallucinating. Signups are disabled, wp-signup was deleted some time ago, and they are still creating new accounts and blogs as we speak! How is this possible? For a while I kept entering the ip s in wp-ban and had given up on that plugin, but I noticed it caught about 600 attempts in the last 24 hrs. Still, a few dozen got through anyway.

    The only other way I can think of is that a member is “inviting” them via the “Allow blog administrators to add new users to their blog via the Users->Add New page.” on the WPMU options page, so I’m going to disable that as well now.

    We’re still a relatively small and young community and all these restrictions and jumping through hoops is hurting us.

    #68057
    francescolaffi
    Participant

    @mark

    singlewp: wp-content/uploads/album/$userid/
    wpmu: wp-content/blogs.dir/1/files/album/$userid/

    in both case the album folder is at the same level of the bp ‘avatar’ folder.

    @tosh you can delete a single pic from the pic page, I’ve added ‘mark user as pic-spammer’ to the to-do list

    #68052
    David Lewis
    Participant

    I’m starting to get hit now :o( I have had a custom slug for weeks. I added a robots file today disallowing bot access from /my-signup-slug/ and also installed invisible defender but I’m still getting spam registrations. I also just deleted my wp-signup.php file. I’m going to try hashcash. I’m also considering a htaccess file that simply bans ALL traffic to the entire website from Russia, China and any .info domains.

    #67943
    Hugo Ashmore
    Participant

    Google ‘robots.txt file’ for starters

    #67940
    bpisimone
    Participant

    @Andrea_r good thought, how would that look like?

Viewing 25 results - 2,151 through 2,175 (of 2,711 total)
Skip to toolbar