@r-a-y: I added the .htaccess commands to avoid robot registrations. We’ll see how that works.
Just an update, Matt Kern just made a post on the BP forums about his manually-approve signup plugin for WPMU:
http://mattkern.com/wpmu-manually-approve-new-members-on-local-install/
Hey wordpressfan, understand that BuddyPress runs on top of WordPress MU so any spam issues are still, at its core, a WPMU issue.
The WPMU readme.txt has some info on how to counter spammers:
https://trac.mu.wordpress.org/browser/trunk/README.txt (read line 165 and on)
For the Darcy Norman link, use WPMUTutorials’ variation for BuddyPress:
http://wpmututorials.com/how-to/spam-blogs-and-buddypress/
—
Also, for your suggestion on moderating signups, WPMUTutorials also has an article on that:
http://wpmututorials.com/hacks/how-to-moderate-signups/
Read the last comment in that post for info on modifying the article’s instructions for BuddyPress.
—
You might also want to check out SI Captcha:
https://buddypress.org/forums/topic/si-captcha-for-wpmu-and-buddypress
The beta version has support for BP as well.
Hope that helps in some way!
If you use custom profile fields in your registration spammers wont effect you.I dont know why but i havent had a spam sign up since i tried this
I’ll add a ticket, but I thought the problem was corrected. It seems spammers are targeting BP installations. In the meantime, I’ve installed BPDev’s NoSpam plugin, which uses a captcha.
i don’t know if robots go directly into db, or use the wp code…
but one thing you can try is to hack a little the register_new_user function in wp-login.php
to ban some email domains like “XXXX@myspacee.info” witch massevely occurs in the past last weeks….
function begins at line 228 (v. 2.8.4a)
add this on line 233
$email_check = explode(“@”, $user_email);
insert also this at line 248
} elseif($email_check[1] == ‘myspacee.info’) {
$errors->add(‘invalid_email’, __(‘ERROR: The email address isn’t correct.’));
insert the same code and change the mail domain name if you need to ban more domains
In use with invisible-defender, wp-ban and wp-spamfree i think you would be quiet for a moment with unwanted registering of blogs or users.
You could also try some WP plugins that add additional hidden, input fields to the registration form:
-Invisible Defender – https://wordpress.org/extend/plugins/invisible-defender/
-NoSpamNX – https://wordpress.org/extend/plugins/nospamnx/
Chances are a spam bot will fill these input fields in, and thus these plugins will block these submissions.
—
I’ve been meaning to give this a shot, but I haven’t tried it yet because I don’t need the extra layer of protection (right now anyway)!
Michael, you can also try protecting spam signups by using a RewriteRule in your .htaccess:
http://wpmututorials.com/how-to/spam-blogs-and-buddypress/
This is quite an effective method that will stop most spambot signups (except the manual ones!)
You also have to secure your bbPress install from spam signups (if you have forums installed).
Things you’d want to do is disable registrations in bbPress and redirect attempted signups to WPMU’s signup page.
Hey JF,
Yes, your bp-custom.php file should start with <?php and end with ?>.
I assumed that you did that already! But if you didn’t, put that in your bp-custom.php file.
Give that a shot and let me know if that works!
—
If you’re having problems with spam signups, I recommend using this .htaccess snippet by WPMUTutorials.com (by way of Darcy Norman):
http://wpmututorials.com/how-to/spam-blogs-and-buddypress/
Hi r-a-y,
Thanks. I was hoping not to have to use this function, because alot of our users are getting to know each other and are sending messages.
The problem is that someone keeps creating accounts and spamming all of our members (well over 100) and I have to keep going in and deleting all of the messages. And I have to watch the user signups like a hawk.
So, anyway, this was my first time using it. I changed the functions, but still can’t get it working. I think it may be how I’m adding it to my bp-custom.php. Here’s what I’ve added:
function bp_send_message_to_friend_button() {
global $bp;
if ( bp_is_home() || !is_user_logged_in() || !friends_check_friendship($bp->loggedin_user->id,$bp->displayed_user->id) )
return false;
$ud = get_userdata( $bp->displayed_user->id );
?>
<div class="generic-button">
<a class="send-message" title="<?php _e( 'Send Message', 'buddypress' ) ?>" href="<?php echo $bp->loggedin_user->domain . $bp->messages->slug ?>/compose/?r=<?php echo $ud->user_login ?>"><?php _e( 'Send Message', 'buddypress' ) ?></a>
</div>
<?php
}
But I’m a bit confused. Shouldn’t it start with <?php and end with ?>
Thanks for your help,
jfcarter
Hey Jfcarter,
There is no add_action for this function as the changes require manually replacing the existing message button function in the BP member template.
Were you able to get this working before? Or is this the first time you’re trying this?
Anyway, follow these steps:
(1) Make sure you put the bp_send_message_to_friend_button() function in your /wp-content/plugins/bp-custom.php
(2) Replace the bp_send_message_button() function with the newly, created bp_send_message_to_friend_button() in your BP member template.
If you’re using the default BP member template, you have to replace the function in these places:
* /bp-themes/bpmember/activity/just-me.php
* /bp-themes/bpmember/wire/latest.php
* /bp-themes/bpmember/profile/index.php
If you’re using a modified version of the BP member template, you’ll need to manually find each instance of the bp_send_message_button() function and replace it.
—
Just FYI, I’m no longer using this function as we did indeed wanted users to message non-friends.
r-a-y,
I’ve used the code and changed the files, per your instructions. Is there some sort of ‘add action’ that should be at the end of the function? Right now i can’t get it to work.
Any help would be appreciated.
thanks,
jfcarter
Either client side spam filters, or one of the mail servers between the hosts refusing to deliver it.
WPMU deals with all the email sending, so I suggest you do a search on their forums to see if anyone has came across this specific issue before.
I’d like to know this as well. I get spam blog that apparently go around my custom signup process – name not capitalized etc.
Can you “safely” delete certain WP or WPMU registration files? Which ones are obsolete when you use BP? Would that fix part of the problem?
I installed a plugin called WP-BAN. It is doing a terrific job. In a week it halted about 100 attempts in just 4 days from the list below…. and no more of those… I recommend trying it and use the list below for your list banning.
htt://*.onlq.com
http://*.myspacee.info
http://*.host-a-site.info
zhanglingjuan*
87.233.174.250
174.139.12.106
I would try to prevent member registration through .htaccess:
http://wpmututorials.com/how-to/spam-blogs-and-buddypress/
If not .htaccess, then try WP Hashcash, but I prefer the simplistic method of blocking through .htaccess. This will block most spam signups, but of course you can’t block everything! 
Thanks to Darcy Norman for the original tip!
hi zageek,
Since mounth, zhanglingjuan appears with several different ending numbers.
Personnaly i banned it from 112 to 116 in wp-options ->banned domain’s over 40 days now.
additionnally, i add some ip’s used by zhang… into the htaccess
If you can verify in your server log file, you would see that they are offten the same ip’s which are used.
I also blocked access to all trafic comming from libwww-perl witch brings a lot a lot of brut force tempting.
A little mail to abuse@gmail…. will not resolve the problem with zhang…., but will stress a bit the giant…. (i believe in the “butterfly effect”)
Using wp-spammfree and invisible defender widgets would also help you.
Of course, daily cleanning in the DB in wp-register and wp-signup tabs
since 40 days, no zhang… registered on my site.
Instead some new spammer appeared: firstnamelastname 1961 or any other year, mostly with mail on mysace.info or onlq.com
spamm is a never ending desease
I worked with building a website for academics in psychology in my country. After two years of hard work the website lives on its own pretty much. I’ve found that in my population of interest there’s 1 out of 10 who will actively participate; write something. The rest will just read and lurk. That means that you should calculate with this in mind.
You could always try to partner with that Ning-network and build something with them. If you’ve got an interesting system they might be interested.
I’m about to build my second community and have lots of contacts to get help from now. I’ve got them from the first project so all the hard work has paid off. I’m going to ask them to help me. They will be able to invite people to the network (WPMU plugin). It won’t be spam like (as per DJ Pauls comment).
Any luck with bad behavior? I was having good success with wp-hashcash but recently found it was blocking all registrations. Even a legitimate one could never get off the wp-signup page. I finally had to disable it so people could register, and now I’m back to getting splogs again. All of them seem to be a name then numbers (angie539034). Very frustrating.
check your junk/spam mail and see if it landed there. if you’re using mail services like yahoo or aol it may take a while to get in your inbox. i’ve had mail delay by several hours using those services… very rarely, but it happens.
Admins can change the name of their groups because they are the rulers of their little kingdoms. If you don’t trust the admin – don’t join the group.
Of course there are many ways to look at the group functionality. For my part, I see the group as a community within the community – a place where a few people can coordinate something, discuss something, or whatever. A group has it’s dynamics, and part of that is being able to change. Perhaps the “Event X Planning Group” will later take on a new event and thus change their name to “Event Y Planning Group”, or perhaps they’ll just bask in their old glory and rename the group “We who were behind event X”.
Another way to see the group functionality is the way they have evolved on Facebook – a sort of name list, each group a statement on a particular issue, with no function other than to be spammed and show up on profile pages.
If you prefer the latter, I can understand your predicament. A plugin can probably be built to provide the functionality you are looking for.
3635122Inactive
Thanks, I’ll give this a try.
