Yes, that makes sense, until there are hundreds of IP addresses to try to ban. Also, WP isn’t logging the IP addresses, though I suppose I could install a plugin to do that.
Philosophically, it goes back to the debate over sending new users a confirmation email or not. I’m in the yes camp, because many forum spambots will sign up for memberships with a bogus email address, so if they have to confirm via email, their memberships will never get confirmed. But I suppose there’s a performance trade-off to sending out a high percentage of emails that end up bouncing.
Ideally I can figure out a set of methods to stop most spam registrations from happening in the first place, greatly reducing the amount of user editing I would otherwise have to do after the fact.
“Many spammer IP addresses resolve to the country of Afghanistan. “
Ban their IPs at the server level. Less work for you, less processing for the system.
Just a little WARNING:
Do NOT use
“External Group Blogs” together with
“Group activity stream subscription”
They don’t like each other.
Your users will be spammed with dozens of Emails a couple times a day.
I think this is why the notifications plugin just picks up everything and the “external groups” fetches articles a couple times. Averytime stuff gets fetched, notifications for all the items (not just the new ones) gets sended out. So far my guess.
I wrote the plugin-creators about it. hopefully they find a solution.
BUT the plugins for themselves are GREAT!!! 
THX!
check out:
https://buddypress.org/forums/topic/removing-blog-posts-form-the-swa-widget#post-36775
but instead of component == ‘blogs’ change it to type == ‘new_member’
then change your theme activity/index.php to remove the select option ‘show new members’
I would also like to see this filter turned off if logged in as admin, so we could administer the the spammers better –
using the above example – add before the loop
if ( is_site_admin() )
return $activities;
“I still wonder why they are attacking buddypress”
Backlinks, that’s it.
“I am starting to realise that no matter what BP devs do the spammers always try new things “
and this is open source. the code is OPEN. That means whatever is put in to stop spam, the code is viewable by spammers who just rewrite their programs to get around it.
“the fight against spam is in our hands the users, it will also help us learn more about being better webmasters”
Yes! 
If you are setting up a site to host other people’s information, then you have a responsibility as a webmaster to maintain your site.
“would it not be possible to have certain customizable elements which each and every installation of WPMU/BP had to create whilst doing an install, e.g. the name of the pages and hooks that the sploggers exploit?”
They look for the default registration slug. You already have the ability to change it.
Again to the two guys being relentlessly spammed: post the domain names that you are having problems with and I will try to find out what’s going on.
^F^
zageek and Bbrian017 – what are the URLs of the websites that are getting spammed? I will take a look at them for you.
^F^
What recommendations are there for a captcha or a custom field creation that fits into the BP 1.2 registration process?
I have tried a few plugins but they don’t work in BP 1.2 and dont appear in the registration.
Yes, logging on and custom profiles etc are OK … but this open door approach DOES pass on a lot of janitorial work to site admins
It seems strange that there is no default to offer some basic kind of obstacle to registration in the blog registration process … it is like building a house with wide open doors.
Buddypress only adds layers on top of WPMU liabilities what with the attraction of Activity Directory and so on. It looks embarrassing to have it all advertised their by default.
Er, bump…
On a followup, I can mark the user as a spammer, which at least stops them showing up in the members directory.
Just a question, perhaps this should be on dev, but would it not be possible to have certain customizable elements which each and every installation of WPMU/BP had to create whilst doing an install, e.g. the name of the pages and hooks that the sploggers exploit?
Yes, they know which pages and what code to look for … but if this was having to be changed during each and every installation, would it not work to stop them?
Excuse my ignorance, we suffer sploggers but I have no idea what it is they are exploiting.
Thanks Andrea I didnt even realise that other users could add new users, because I was also wondering how they were spamming me even after I disabled registrations.
I feel kind of sorry for the spammers, because if we all put our heads together they won’t have anymore sites left to spam. I still wonder why they are attacking buddypress, is it to drive users to other platforms? Enemys of Buddypress?
So far I have built a list of domains, most of them are .info or .co.cc in otherwords free domains and of course some .com domains. They get clever and get a user to sign up with gmail every now and then to trick me. So i just ban the Gmail users and send them an email from my personal account asking them who they are if they look legitamate. Luckily for me I am in South Africa and its easy to spot non South African “culture” in terms of the types of names and usernames of members.
I have also checked where the IP addresses come from and most are coming from the United States ( do they use proxy servers and could the be from elsewhere in the world) Some IP addresses are also from Sweden.
Btw, I was also angry and blamed the devs for this problem but the more I devote time to looking at the more I am starting to realise that no matter what BP devs do the spammers always try new things and if the devs had to devote lots of time to fighting spam all the time they would never have a chance to improve buddypress and sort out bugs that come along. And if they didnt sort out the issues we would be even more upset.
So I think the fight against spam is in our hands the users, it will also help us learn more about being better webmasters. Its also the least we could do to help give back something in exchange for a product that we are getting for free and that could quite easily be charged for. We need to stop expecting things for free and in our laps and learn to be greatful for what the developers of open source software are putting in and giving away for free.
@Bbrian017 I feel for you, ma. I am scratching my head. On my prod site, in over 18 months (since pre-BP alpah no less) I have had maybe 9 or 10 spam accounts. While I have a bit more of an involved signup process (just a bunch of addl required fields) I don’t have anything else. Blog creation IS disabled, so maybe that help? Not sure.
Ieven had sCaptcha going for awhile btu took it down as folks had so much trouble reading the stupid characters.
Still thinking of what’s up in your case. Hang in there.
Did you try deleting wp-signup.php?
And have you made sure that all spam users have been ‘spammed’ so they cannot just simply add/open new spam users/blogs?
Seriously no one is having spam issues like I am?
13 accounts since my last post!
please any help here would be great
My spam issue is just not stopping and it’s driving me insane!!!!
Thanks for the tip mlovelock I have done what you said. Seems it has stopped some spam but 10 minute later it all starts again.
They must get error messages stating the register page doesn’t exist or something.
@Bbrian017 – the register ‘slug’ is the path to your register page. So the default is yourdomain.com/register – yours would now be yourdomain.com/randomcrazyslugger
Given that, you probably don’t want your register page to be ‘randomcrazyslugger’ so you might want to change it to something that makes a little more sense to your site / your users.
Alright I have added right after
define( ‘COOKIEPATH’, ‘/’ );
and right before
/* That’s all, stop editing! Happy blogging. */
What is this suppose to do anyways? I’m not sure I understand how this stops spam.
So now my wp-config is like this,
define( ‘COOKIEPATH’, ‘/’ );
define( ‘BP_REGISTER_SLUG’, ‘randomcrazyslugger’ );
/* That’s all, stop editing! Happy blogging. */
/** WordPress absolute path to the WordPress directory. */
Don’t add it below the “Stop Editing” line.
I added the line. as suggested.
/* That’s all, stop editing! Happy blogging. */
define( ‘BP_REGISTER_SLUG’, ‘yourregisterslug’ );
/** WordPress absolute path to the WordPress directory. */
That’s what it looks like.
Andrea_r sorry I’m in three different threads right now I feel like your chasing me around haha!
So now what?
I sit here with a website that doesn’t allow registrations?
Something official from buddy press or WPMU needs to be written…
what do I do?
Yes perhaps that’s true but let’s not ignore the obvious. Who better to write spam software for buddy press then a buddy press developer.
Yes, just add that to the config file. Don’t move any files or folders around.
There’s really no need to make unfounded accusations like that.
