BuddyPress.org

@Bbrian017 I feel for you, ma. I am scratching my head. On my prod site, in over 18 months (since pre-BP alpah no less) I have had maybe 9 or 10 spam accounts. While I have a bit more of an involved signup process (just a bunch of addl required fields) I don’t have anything else. Blog creation IS disabled, so maybe that help? Not sure.

Ieven had sCaptcha going for awhile btu took it down as folks had so much trouble reading the stupid characters.

Still thinking of what’s up in your case. Hang in there.

Did you try deleting wp-signup.php?

And have you made sure that all spam users have been ‘spammed’ so they cannot just simply add/open new spam users/blogs?

Seriously no one is having spam issues like I am?

13 accounts since my last post!

please any help here would be great

My spam issue is just not stopping and it’s driving me insane!!!!

Thanks for the tip mlovelock I have done what you said. Seems it has stopped some spam but 10 minute later it all starts again.

They must get error messages stating the register page doesn’t exist or something.

@Bbrian017 – the register ‘slug’ is the path to your register page. So the default is yourdomain.com/register – yours would now be yourdomain.com/randomcrazyslugger

Given that, you probably don’t want your register page to be ‘randomcrazyslugger’ so you might want to change it to something that makes a little more sense to your site / your users.

Alright I have added right after

define( ‘COOKIEPATH’, ‘/’ );

and right before

/* That’s all, stop editing! Happy blogging. */

What is this suppose to do anyways? I’m not sure I understand how this stops spam.

So now my wp-config is like this,

define( ‘COOKIEPATH’, ‘/’ );

define( ‘BP_REGISTER_SLUG’, ‘randomcrazyslugger’ );

/* That’s all, stop editing! Happy blogging. */

/** WordPress absolute path to the WordPress directory. */

Don’t add it below the “Stop Editing” line.

I added the line. as suggested.

/* That’s all, stop editing! Happy blogging. */

define( ‘BP_REGISTER_SLUG’, ‘yourregisterslug’ );

/** WordPress absolute path to the WordPress directory. */

That’s what it looks like.

Andrea_r sorry I’m in three different threads right now I feel like your chasing me around haha!

So now what?

I sit here with a website that doesn’t allow registrations?

Something official from buddy press or WPMU needs to be written…

what do I do?

Yes, just add that to the config file. Don’t move any files or folders around.

There’s really no need to make unfounded accusations like that.

Go turn off the ability for users to add other users. If you already have spammers in your system, they’ll let others in. It’s under Site Admin -> Options.

Doing the easy stuff is just the first level of defense.

Guys when you re write the slug do you have to also move folders or files?

or do I simply add

define( “BP_REGISTER_SLUG”, “random slug” );

to the wp-config?

I simply did the easy things. I added yes or no questions. I put in default profile fields they would have to answer and I added a date of birth field.

What I don’t understand is right now I have registrations closed and they are still signing up.

Registration has been closed for almost an hour and I still got 8 or 9 spam accounts over the last 40 minutes.

How is that possible?

Bbrian – what exactly have you implemented to stop splogs? I’m not being sarcastic. If I know what you’re tried already, I can suggest different things other than telling you things you tried already.

“I wonder where the spammers get the time to figure out ways to spam sites is there like a spam university or something”

They buy automated scripts. Seriously, I can send links. They google for default text like “powered by buddypress” and “/register/”, plus they jointly build lists of BP-powered sites and share them, so they can then drop these lists of sites into their programs.

Part of stopping them relies on figuring out how they come in, which we’ve spent time doing.

I had 110 e-mails this morning and over 60 spam accounts.

Where am I supposed to find time for this?

I looked at the bp demo site registration I don’t see much different besides the date of birth…

http://testbp.org/register/

“Adding an extra feature on signup or even adding a question doesn’t help. “

If you have just the defaults, you will get hammered with spam. No question.

Part of the issue is how they are finding your site and how they are signing up. What works for one site may not work for another as there are quite a number of sploggers out there who wrote programs (I’ve seen them advertised) to hammer your sites. They look for the defaults.

But in my experience, to stop the splogs to a trickle, you have to do a number of things, not just one or two. Andy has a number of fields on signup at testbp.org and doesn’t have a splog issue. The domain has been up long enough for them to find him.

There are signup moderation plugins for MU. I have no idea if they work with BP, but someone can modify them. there are also a number of suggested bot-stopping plugins that are suggested, that I have found DO work, but many people reading about them discount it as they think it only applies to comments. Some sploggers use the exact same techniques. Bad Behavour works. Cookies for Comments works.

Adding an extra feature on signup or even adding a question doesn’t help.

Hi Andrea. Yes, that 1st part is quite easy with BP

the 2nd part is tougher though, as far as I know:

“- the opportunity to manually approve/delete sign-ups based on their answer, at least blocking the unapproved from appearing in blog lists, sidewide activity etc, basically making it 100% private (only vsible for admins) until approved.”

You lucky, the spambots that are after me figure out the new slugs after a few days.

I am actually considering setting up a botnet to jam up their IP’s and domains as payback lol