BuddyPress.org

The WPMUDEV folks purport to be big players on the bP community but they have zero presence on these boards helping people out and they have plugins designed to suck you into their overpriced premium model. I treat everything on that site with a cautious eye. But that’s just me

There is no problem with people recommending certain plugins, either paid-for or “free.” If this was Gpo1’s own plugin, then that would count as advertising. But as it isn’t… good find! Will have to take a look sometime.

Arturo, there are other ways to stop sploggers. Check this out

http://www.bp-tricks.com/tips_and_tricks/stopping-the-sploggers/

but is a premium plugin… not free like akismet… argh!

Contact a forum moderator On that one.

Read this article on bp-tricks.com:

http://www.bp-tricks.com/tips_and_tricks/stopping-the-sploggers/

There’s a ton of methods listed there to stop spam.

I am not following what you are saying at all..

I always go into wp-admin and click on users and then go through there to mark as spammers – I guess there is another way to do this with buddypress?

I would like a way to mark as spammers from the front page. I would also like a way to add email domains to the spam list at the same time, so the same email domain the spammer used to sign up with can’t be used again.. perhaps also pull the ip addy that they used and add that to a list that could be inserted into an htaccess deny list…

A better way to find them by username or screen name would be nice. When spammers hit my BP site, it shows up as blog spam in the recent wire or whatever it’s called, listed as posted by “danielle jones” – but when I go into wp-admin backend / users and search for danielle, it comes up with nothing – that sucks – so I have to go back to my site’ home page, and hover over the spammers name to see what the url is, and then search for the member signup name that way – bleh

@alexmaxim unless they completely missed your question, I guess the answer is no.

I’d also like to know if it’s possible to customize the default settings for e-mail notifications. Not because of server issues, I just don’t want to spam my users by default. (using 1.2 beta)

Just to add something to this (upcoming)paranoïa tread

Since i use the signup trick, i have no more spam registering but receive personnal mails who ask for help for some minor wp troubles…

These mails are send from another part of my site where I have a contact form.

Pleasant for me is to see that this form is on a different CMS (absolutely not wp) but with a look alike BP template.

Difficult for me is to NOT answer these mails…

It seems that some spammers are desperatly searching for IP’s…

The short answer is Yes. The long one is they are made for filling out forms and submitting them. A drop-down is just a field that they might encounter, so expect the functionality. On the other hand we are talking here about bots that look for WP/MU installations to exploit the default sign up or comment forms. As a rule of thumb, anything that you can do to change the default behavior, do it. It’s like Andy said: if you make it the default, the spammers will figure out a way to get around it.

Also: try very hard to stay away from the following in your URLs: wp-signup.php, wp-register, register, wpmu, wp, and anything that hints at a wordpress installation.

@guristu Right… but can bots submit drop down values? For instance, I have a drop down for “Training Level” which is a required field. If it’s left at “please select”… the form will return a required field error.

After changing the register slug, what can you use to get the right redirect?

Tried this:

bp_core_redirect( bp_signup_page() );

But it just prints the URL on a blank page.

This works of course:

bp_core_redirect( $bp->root_domain.'/mycustomslug' );

But I shouldn’t hardcode. Already got email complaints caused by links I’d missed…

@David that’s what wp-hashcash does. it adds a hidden form field whose value is set only via JavaScript when the page loads in the browser. if the browser is a bot, the value of the field will not be set because bots usually do not have JavaScript capabilities. It isn’t the field itself that makes the difference, it’s what it contains that enables you to tell a human from a bot.

@andy I have been meaning to ask you: how do I get a BP module to register as a site wide plugin so that it shows up in the site wide plugins list? BuddyPress and the example module register as site wide plugins but my own module doesn’t — it activates as a regular plugin that has to be activated for each blog within wpmu. I have followed the example model step by step. Is there some magic line of code that I’m missing?

Thanks.

Would adding a required custom field help too? Something that a ‘bot would not know about?

You can change your registration slug by adding this to your wp-config.php file (above the stop editing line):

define( "BP_REGISTER_SLUG", "create-an-account" );

You can then happily upgrade without worrying if it will break.

Reference:

https://codex.buddypress.org/how-to-guides/changing-internal-configuration-settings/

@Gp01 My contribution to the plugin is minor and does not justify releasing it as a plugin. However, I am working on something based on the same “proof of work” idea and that may turn into a plugin. In the meantime, my little hack looks like it’s holding its ground.

I agree with Andy. Changing the slugs to something unique is not only a good idea but it also should be a requirement. However, that requires that you know your way around BP so that when you upgrade you don’t go back to defaults. Hey! I just gave myself an idea: dynamic slugs for BP components — a plugin or something that would give the admin an easy way to set the slugs to whatever they want. That would be something…

Changed the signup slug to something unusual last night. Had a new splogger 11 minutes ago. They’re not actually making blogs, just accounts.

@guristu, Please look into your code for BP1.2 and release it as a plugin?

I wholeheartedly agre with @andy. It’s an age old debate between making it as simple as possible to register and become a member and requiring some unique information that not only serves your purpose well but adds an extra layer to the process that fights spam.

We have been running our prod site since BP was in alpha (Nov ’08 – crazy, I know) but have had only 2 spam registrations. Both were from Russia and both seemed pointless. But we banned the domain in the WP backend and have had none since. We have not even changed our signup slug.

That said, we require 5 fields on registration, 3 are drop downs and we don’t allow blog registration (we’re building a community not a blog network)

On a side note: We ran reCaptcha flawlessly for 6 months. We disabled it as an experiment to see if we could avoid that extra step (plus reCaptcha words are damn hard to read) and have not had spam since. fingers crossed.