BuddyPress.org

these errors are still happening and today i checked error log to find that a hacker (or bot) within 2 minutes launched 73 attempts to login with non existing username and created 26k error file … thus i’m concerned that this kind of login errors could crash my site by rogue attacks like this … below is clip from first entry and the last one …

accordingly, anybody have any suggestions as to how i can prevent this from happening ..??.. i just installed the login lock down plugin on site 16 thus this should help to limit login attempts but still, BuddyPress seems like it is hiccupping in this dept by looking for non-existant users ..??..

[05-Jun-2014 08:43:58 UTC] WordPress database error Table 'mysite_wp01main.wp01_16_signups' doesn't exist for query SELECT * FROM wp01_16_signups WHERE active = 0 AND user_login = 'islandbread' ORDER BY signup_id DESC LIMIT 0, 1 made by wp_signon, wp_authenticate, apply_filters('authenticate'), call_user_func_array, bp_core_signup_disable_inactive, BP_Signup::get
[05-Jun-2014 08:45:50 UTC] WordPress database error Table 'mysite_wp01main.wp01_16_signups' doesn't exist for query SELECT * FROM wp01_16_signups WHERE active = 0 AND user_login = 'islandbread' ORDER BY signup_id DESC LIMIT 0, 1 made by wp_signon, wp_authenticate, apply_filters('authenticate'), call_user_func_array, bp_core_signup_disable_inactive, BP_Signup::get

I have another question.

If I want to remove wordpress logo from the top wordpress bar where the buddypress activity dropdown shows, I want to place my website logo there. what I need to do. Is that possible.

Awesome!

Thanks for that quick reply.

I have another question. Sorry it is silly I know. As I am new to buddypress I am taking some time reading all the docs. The question is if I make any modification in the front end views for the buddypress installation I guess I need to do in a child theme so that the modifications doesnt go off with the new releases of buddypress. But where do I do it. I mean I read that the new releases of buddypress supports any wordpress theme compatibility I can rather do this modifications inside my website childtheme itself I suppose.

But waht about the directory structures? How that should be. do I need to make a directory inside my child theme. Can you please tell how it works?

I have checked in the database and everything is in tact with the topics so it appears that WordPress isn’t displaying the shortcode.

So my final analysis is that something about buddypress activation emails being sent by spam registration that is causing third party email companies like gmail, hotmail, yahoo to blacklist my domain which in term causes bluehost to block my account from sending email.

What is different between buddypress activation emails and standard wordpress activation emails? Can I disable this change so that the default wordpress activation emails are used?

Small update with regards to bluehost. I have been exchanging emails with them regarding this email. For your reading enjoyment.

First Bluehost tries to accuse me of spamming

Hi, it appears your emails have been reported by multiple providers
(such as yahoo or comcast) as containing spam, this in turn has flagged
our outbound email filter. We have removed your domain from the filter
for now. To prevent this, I would advise the following:

If you are sending email via email lists or a third party ad vendor:

BE sure you are not using any purchased lists

Be sure 100% sure the emails you are sending to are emails that those
people want to receive

Be sure you are using a double opt in when adding to your email lists

Be sure you are not sending to ANY spam traps- a spam trap is created by
multiple providers, it is an email that is never given out and found
only in source code. If a spam trap receives an email from a domain,
this is a clear indication that domain is using an email list that was
not created by people opting in, which is against the terms of service
and is considered spam.

Further more, be sure you are following our complete terms of service
concerning Sending email:

We do not allow the sending of unsolicited mass emails to others. We
have zero tolerance for accounts which contain material that has been
promoted through unsolicited email (spam) or mail fraud schemes, or
which contain pages that promote or condone the sending of unsolicited
email.

All emails sent from our servers or sent from another server that
advertise a site that is hosted on our servers are required to stay
within these rules:

(1.) You are required to follow all rules in the Can Spam Act
(additional information at:
http://business.ftc.gov/documents/bus61-can-spam-act-compliance-guide-business
)

(2.) No purchased lists. Everyone that you send emails to MUST HAVE
CONTACTED YOU DIRECTLY and asked for the information you are sending.
Affiliate opt-ins are not a valid method of opt in.

(3.) The list must be double opt in. This means that the recipient must
request to be added, and then you must send an email asking them to
confirm the request.

(4.) You must have an automated opt out link; Email based opt out
(mailto: links) are not acceptable.

Quoting from the above link:

Please see our Terms of Service at
https://www.bluehost.com/antispam_policy and
https://www.bluehost.com/acceptable_use_policy#spam for additional
information.

If you are sending email individually:

Change all email passwords and check all devices/computers for any virus
or malware

Confirm with everyone that uses email from your domain that they are
following the spam rules as stated above

If you are sending email through a script or a contact
form/tell-a-friend script:

Be sure you have or add a captcha feature on all contact forms or
tell-a-friend scripts

Check your websites content for any malicious or suspecious files that
should not be there

Update all your Websites scripts including themes and plugins

Once you are have confirmed you are following or now applying all of the
above information, you will need to wait for your domains reputation to
become clear. We have no time frame on how long this takes as our
outbound filter relies on information from other providers to determine
this.

In cases of a compromised script/email:

Change all your passwords to your emails

Update all your email scripts

Check for malicious files hidden within your sites

Secure all devices that access your account.

We hope this information helps you.”

****ENDQUOTE****

If you have any other questions please reply to this ticket, chat us, or call our technical support line which is open 24/7.

My response to the bluehost response above

I send no emails from this account. I don’t have any email accounts
associated with this domain. I only use one email forwarder to send any
email sent to admin@site.com so I am not really sure any of
your analysis below holds any ground. Please provide any information to
back up your summary? What email account was sending messages?

There is a bigger issue at hand here. Look at the buddypress FAQ. Why
do you think that out of every web host they only call out bluehost?

Your resolution was the same resolution that was put in place a month
ago. How do I prevent my account from getting flagged again? Please
find out what it is about buddypress that is causing bluehost to
incorrectly flag accounts as spam accounts.

Bluehost continues to stick to the assumption that my account is spamming

Thank you for contacting Technical Support. We understand that sending out emails is vital to any business. Since you are on a shared server, all email you send out uses shared mail servers. Our filter system is in place to prevent our mail servers IP from becoming blacklisted by third party companies. When this occurs, it will block the ability of all of our customer accounts to send out emails. The process then becomes long and complicated once it has been flagged. In order to prevent this we have put in place several services to prevent this from happening.

We don’t solely check blacklisting services to see if a domain and or IP address is being blacklisted. One of the spam prevention tools that we have in place relies on reports from other email and internet service providers; such as yahoo, comcast, broadband and others. The reports were generated by those who receive the emails and are marking them as spam or junk. We do not have the ability to view who specifically flags the email. Due to this, we can only rely on the reports from these major providers that report them to us. As we do not have control as to if they flag it or not, we cant control if your domain gets listed or not.

I would recommend checking through the lists that you send out and remove any email addresses that you get bounces from. You can then remove that email address from your list. Over time people may forget that they had signed up for your list and are simply marking your messages as spam/junk. It might be a good idea to email your list and have them opt-in again to your list. You can then remove those that do not opt-in to ensure that that those on the list are legitimate.

If you have any other questions please reply to this ticket, chat us, or call our technical support line which is open 24/7.

My response

I don’t think you are reading my email responses. I do not send emails
from any account on this domain. The only emails that are sent are
registration activation emails. How is my domain getting black listed
if I am not sending emails?

Their response. Apparently my email forwarder to my own account is also somehow sending spam email to other people and buddypress is responsible for spam.

Hello,

You send e-mail via buddypress, you also send mail via the forwarder. These both contribute to the blacklist you’ve now been added to.

My response. I request information on what about the activation emails is causing my site to get blacklisted

I have only received one email via the forwarder and that wouldn’t put me
on a black list. Therefore the activation emails must be what is putting
me on the blacklist WordPress installations get registration spam all the
time but they do not get the sites blacklisted. What is it about
buddypress that is triggering the blacklist?

Their response. It is top secret.

Hello,

We release no specifics on the exact criteria incorporated to flag the contents of e-mail messages to prevent our filters from being defeated. Generally, quantity of messages sent, specific reports of spam e-mail from third parties, internal links or keywords associated with known mass mailing agencies, or a combination of all of the above can lead to the domain’s reputation being reduced to the extent that it requires intervention.

My final response tonight

Very well,

The net sum is I do not send email from this account. The only email sent is activation emails sent by wordpress/buddypress. I have had the typical spam troubles dealing with fake registrations from spammers and I assume those spam registrations are flagging the spam filter. I have never had this issue with wordpress spam activation emails flagging one of my accounts as spam so it is clear that SOMETHING about the buddypress activation emails is to blame (it is the only variable that has changed). This fact is reinforced by the fact that buddypress calls out bluehost.com’s failure to address this email in their FAQ https://codex.buddypress.org/legacy/faq/

[quote]BuddyPress isn’t sending out emails (eg. activation emails, email notifications). This appears to be a problem with certain web hosts (Bluehost primarily). Members of the BP community have had success using]/quote]

I have provided a copy of the activation emails my account is sending on my previous ticket for analysis. I have changed nothing to the default buddypress activation emails.

Please invest some time in identifying why this very popular wordpress plugin is triggering spam filtering by bluehost email. I am happy to make any modifications to my code to resolve this issue and I am sure the buddypress community would love to remove this section from their FAQ. I appreciate your support addressing this issue. Thank you for your continued support with this issue. I have invested a lot of time and effort into this project and I would hate to see it die because bluehost continues to flag my account incorrectly due to an error in the spam filtering software on bluehost’s end. Thank you.

Thanks everyone. I figured it out myself – turns out i was confused because i had a wordpress.ORG account, but Gravatar requires a wordpress.COM account :\

For some reason this was resulting in weird redirects when i tried to get a Gravatar account. This whole thing has been more or less resolved now, aside from the fact that i had to use a different username at wp.com – kind of weird needing separate accounts and not being able to use the same username between them. But oh well.

Sorry for being vague before. I didn’t think this forum was the right place to get help with account-related issues, but i couldn’t find any “site help” links or the like, so i was just hoping someone would point me in the right direction and not be too annoyed that i had posted in the wrong place. I didn’t include all the details because it was pretty convoluted and i didn’t want to waste anyone’s time when i thought the question i was really asking was “where do i get help with my account”. Not a great strategy, apparently – my bad.

Thanks for all your help.