Search Results for 'spam'
-
AuthorSearch Results
-
January 29, 2010 at 7:33 am #61973
In reply to: Controlling email notifications
featheroddParticipant@alexmaxim unless they completely missed your question, I guess the answer is no.
I’d also like to know if it’s possible to customize the default settings for e-mail notifications. Not because of server issues, I just don’t want to spam my users by default. (using 1.2 beta)
January 28, 2010 at 10:01 pm #61951In reply to: Spam, Spam and more spam
danbpfrParticipantJust to add something to this (upcoming)paranoïa tread
Since i use the signup trick, i have no more spam registering but receive personnal mails who ask for help for some minor wp troubles…
These mails are send from another part of my site where I have a contact form.
Pleasant for me is to see that this form is on a different CMS (absolutely not wp) but with a look alike BP template.
Difficult for me is to NOT answer these mails…
It seems that some spammers are desperatly searching for IP’s…
January 28, 2010 at 9:33 pm #61946In reply to: Spam, Spam and more spam
guristuParticipantThe short answer is Yes. The long one is they are made for filling out forms and submitting them. A drop-down is just a field that they might encounter, so expect the functionality. On the other hand we are talking here about bots that look for WP/MU installations to exploit the default sign up or comment forms. As a rule of thumb, anything that you can do to change the default behavior, do it. It’s like Andy said: if you make it the default, the spammers will figure out a way to get around it.
Also: try very hard to stay away from the following in your URLs: wp-signup.php, wp-register, register, wpmu, wp, and anything that hints at a wordpress installation.
January 28, 2010 at 8:28 pm #61943In reply to: Spam, Spam and more spam
David LewisParticipant@guristu Right… but can bots submit drop down values? For instance, I have a drop down for “Training Level” which is a required field. If it’s left at “please select”… the form will return a required field error.
January 28, 2010 at 8:28 pm #61942In reply to: Spam, Spam and more spam
guristuParticipant$bp->root_domain . '/' . BP_REGISTER_SLUG;
January 28, 2010 at 8:21 pm #61941In reply to: Spam, Spam and more spam
peterverkooijenParticipantAfter changing the register slug, what can you use to get the right redirect?
Tried this:
bp_core_redirect( bp_signup_page() );
But it just prints the URL on a blank page.
This works of course:
bp_core_redirect( $bp->root_domain.'/mycustomslug' );
But I shouldn’t hardcode. Already got email complaints caused by links I’d missed…
January 28, 2010 at 8:09 pm #61940In reply to: Spam, Spam and more spam
guristuParticipant@David that’s what wp-hashcash does. it adds a hidden form field whose value is set only via JavaScript when the page loads in the browser. if the browser is a bot, the value of the field will not be set because bots usually do not have JavaScript capabilities. It isn’t the field itself that makes the difference, it’s what it contains that enables you to tell a human from a bot.
January 28, 2010 at 7:58 pm #61939In reply to: Spam, Spam and more spam
guristuParticipant@andy I have been meaning to ask you: how do I get a BP module to register as a site wide plugin so that it shows up in the site wide plugins list? BuddyPress and the example module register as site wide plugins but my own module doesn’t — it activates as a regular plugin that has to be activated for each blog within wpmu. I have followed the example model step by step. Is there some magic line of code that I’m missing?
Thanks.
January 28, 2010 at 6:40 pm #61933In reply to: Spam, Spam and more spam
David LewisParticipantWould adding a required custom field help too? Something that a ‘bot would not know about?
January 28, 2010 at 6:17 pm #61927In reply to: Spam, Spam and more spam
Andy PeatlingKeymasterYou can change your registration slug by adding this to your wp-config.php file (above the stop editing line):
define( "BP_REGISTER_SLUG", "create-an-account" );
You can then happily upgrade without worrying if it will break.
Reference:
https://codex.buddypress.org/how-to-guides/changing-internal-configuration-settings/
January 28, 2010 at 6:09 pm #61923In reply to: Spam, Spam and more spam
guristuParticipant@Gp01 My contribution to the plugin is minor and does not justify releasing it as a plugin. However, I am working on something based on the same “proof of work” idea and that may turn into a plugin. In the meantime, my little hack looks like it’s holding its ground.
I agree with Andy. Changing the slugs to something unique is not only a good idea but it also should be a requirement. However, that requires that you know your way around BP so that when you upgrade you don’t go back to defaults. Hey! I just gave myself an idea: dynamic slugs for BP components — a plugin or something that would give the admin an easy way to set the slugs to whatever they want. That would be something…
January 28, 2010 at 2:38 pm #61900In reply to: Spam, Spam and more spam
peterverkooijenParticipantChanged the signup slug to something unusual last night. Had a new splogger 11 minutes ago. They’re not actually making blogs, just accounts.
January 28, 2010 at 2:00 pm #61898In reply to: Spam, Spam and more spam
January 28, 2010 at 1:36 pm #61895In reply to: Spam, Spam and more spam
Mike PrattParticipantI wholeheartedly agre with @andy. It’s an age old debate between making it as simple as possible to register and become a member and requiring some unique information that not only serves your purpose well but adds an extra layer to the process that fights spam.
We have been running our prod site since BP was in alpha (Nov ’08 – crazy, I know) but have had only 2 spam registrations. Both were from Russia and both seemed pointless. But we banned the domain in the WP backend and have had none since. We have not even changed our signup slug.
That said, we require 5 fields on registration, 3 are drop downs and we don’t allow blog registration (we’re building a community not a blog network)
On a side note: We ran reCaptcha flawlessly for 6 months. We disabled it as an experiment to see if we could avoid that extra step (plus reCaptcha words are damn hard to read) and have not had spam since. fingers crossed.
January 28, 2010 at 12:08 pm #61885In reply to: Spam, Spam and more spam
Andy PeatlingKeymasterA good idea is to change the signup slug to something else. This will help significantly. Also, if you don’t need to provide blog registrations, then turn this option off.
The problem with bundling a solution in the core is spammers will eventually get around this and it will become useless. The best way to fight spam is to have something unique on your site that stops them in their tracks. A completely unique signup slug is a good way of doing this.
January 28, 2010 at 10:27 am #61881In reply to: Spam, Spam and more spam
guristuParticipantI will but I would like to take a little more time to see if it works. So far it looks like it does. However I have not tried on bp 1.2. Gotta install that first and see how it goes there.
January 28, 2010 at 8:53 am #61878In reply to: Spam, Spam and more spam
Michael BerraParticipant@guristu: WOW – that sounds very promising, I always found the hashcash-plugin a very good and simple solution. Why not sending your “hack” to the developers, so that they can update their plugin-version for all the future bp-users
January 28, 2010 at 7:22 am #61876In reply to: Spam, Spam and more spam
guristuParticipantI have adjusted the wp-hashcash plugin to work with buddypress signup. Here is what I did: I got the wp-hashcash plugin and I added the following code to the file:
Code:function wphc_check_signup_for_bp(){global $bp;
// get our options
$options = wphc_option();
$spam = false;
//if( !strpos( $_SERVER[ ‘PHP_SELF’ ], ‘wp-signup.php’ ) )
//return $result;// Check the wphc values against the last five keys
$spam = !in_array($_POST[“wphc_value”], $options[‘key’]);if($spam){
$options[‘signups-spam’] = ((int) $options[‘signups-spam’]) + 1;
wphc_option($options);
$bp->signup->errors[‘spam’] = __(‘You did not pass a spam check. Please enable JavaScript in your browser.’);
} else {
$options[‘signups-ham’] = ((int) $options[‘signups-ham’]) + 1;
wphc_option($options);
}}
add_action( ‘bp_signup_validate’, ‘wphc_check_signup_for_bp’);function wphc_error_hook_register_page(){
do_action(‘bp_spam_errors’);
}
add_action(‘bp_before_register_page’, ‘wphc_error_hook_register_page’);Then, under the line (line number about 507)
Code:add_action( ‘signup_hidden_fields’, ‘wphc_add_signupform’ );I put this line:
Code:add_action(‘bp_after_registration_submit_buttons’, ‘wphc_add_signupform’);Then I activate the plugin. It should keep spam bots from being able to create accounts, but humans spammers can still do it. Anyway, if you can’t get it to work, let me know via PM and I will try to send you the file.
Later
January 28, 2010 at 6:15 am #61875In reply to: Spam, Spam and more spam
peterverkooijenParticipantI never had spam on my main site, until now. The invisible-defender plugin doesn’t help at all and clashes with Beau Lebens’s wp-email-login plugin. Haven’t had time to try any of the other solutions yet. It’s now after midnight, deadlines tomorrow, wasting time deleting spam accounts…
January 28, 2010 at 6:02 am #61874In reply to: Spam, Spam and more spam
zageekParticipantI am having major problems with spam as well. Ironically it started as soon as I put my link in the showcase thread on this forum. I think the spam bots are looking there for easy targets as well.
Why do people make spambots that don’t even advertise stuff and just waste everyone’s time filling sites with meaningless crap. Is it like they are trying to sabotage Buddypress?
How does one submit domains and sites and IP addresses to spam traps.
January 27, 2010 at 11:48 pm #61850In reply to: Is there any way to stop spammers?
danbpfrParticipanthttp://www.bp-tricks.com/tips_and_tricks/stopping-the-sploggers/
i guess this is one of the best trick against spam blogs and “wild” registrations.
Step 1 and 2 are a bit obvious, but 3 and 4 are really efficient.
Keep in mind that on a wpmu site each blog created by a member has his first post and comment appearing on the default template – the good ol’ kakumei… on which is also written “powered by…” ( Step 2 is only for main blog i think) Spam bots eat this with delectation i suppose.
Spam programs are written to bypass signup. Well. I presume other narrow words like join, fall in, get together are also activ in such programms. But what do these programms if you choose “groink” or “methabolic” ? So follow the explanation and choose a really original word for your signup redirection. This works well for the moment. And don’t forget to put the functions.php file the in mu-plugins folder (to be theme independant).
To use in addition with some other solutions (wp-ban, invisible defender, …) of course.
January 27, 2010 at 8:19 pm #61841In reply to: Is there any way to stop spammers?
peterverkooijenParticipantCrap, the spammers have now found my site.
These are not the spammers with name+year usernames, like ‘johndoe1973’, that I used to get on test sites. Those seemed to bypass the registration and activation process, because they didn’t show up on my mailing list.
The spammers I get now have realistic sounding full names and apparently usernames generated from those fullnames (my regular custom registration). I recognize them from the long random strings they add in my custom Company field.
Haven’t seen them registering blogs yet. What are they even trying to achieve?!
Sploggers is a serious problem that WPMU/BPAutomattic needs to address!
January 27, 2010 at 2:42 pm #61821In reply to: Mark as spammer option
bbrian017Participantoh yes sorry I meant for this option to be on the members blog page. Normally I could see the users profile in the admin bar and it linked me to his or her profile page to mark as a spammer.
With this template I have to manually find out who the members of that blog is.
Is anyone following what I’m saying?
sorry for the confusion.
January 26, 2010 at 6:07 pm #61717In reply to: I don't receive registration e-mails
Paul Wong-GibbsKeymasterBuddyPress uses regular WP Mail functions. Perhaps they’re getting caught as spam.
January 26, 2010 at 5:57 pm #61712In reply to: Is there any way to stop spammers?
Paul Wong-GibbsKeymasterChecking your referral logs is one way you can see how they’re getting in. Tip: login to the bbpress admin area and CLOSE SIGNUPS.
Obviously this only applies if you are running a seperate bbPress install.
-
AuthorSearch Results