BuddyPress.org

Thank you for your help and replies. I added the define to my wp-config.php. That did not solve my problem.

1. With no users or blogs in the system other than the site-wide blog and admin user, visiting “blogs.corp.lan” takes me to the Corp Blog. From there, I can click on the Activity / Members / Groups / … etc. tabs, taking me to “blogs.corp.lan/activity”, “blogs.corp.lan/members”, … etc. pages. This looks good.

2. Now, after I login as a user, the user’s page gets created (but unfortunately with the WordPress mu Homepage (Kubrick) theme, even though I have disabled all themes other than the BuddyPress default theme). After I go to the user’s dashboard and change the theme to the BP default theme, and visit the user’s site, it takes me to “blogs.corp.lan/username”. Great, that’s what I expect from a WPMU installation. However, from the User’s home blog, clicking on Activity takes us to “blogs.corp.lan/username/activity”, saying Page Not Found, The page you were looking for was not found. Same with the other BP tabs (Members, Groups, Forums, Blogs). This is not desired.

Is it possible to set up my installation so that the BP tabs are global for all blogs in my corporate lan? That is, from ANY blog for ANY logged in user, clicking on “Members” should take us to “blogs.corp.lan/members”, not “blogs.corp.lan//members”.

Also, and I realize this is a different question, how do I configure it so that the BP theme is the default theme when a new user authenticates?

Thank you for your help. I greatly appreciate it.

– Scott B

I did that. I had installed it both ways and got the same thing. The first time, I installed it via WordPress. Then when it didn’t, I blew everything out and did it through FTP upload.

Interesting idea, how would I got about checking if a user_id folder is there?

The avatars folder for each person user id is here:
/wp-content/uploads/avatars/678/

found this code online.. trying to think how to modify it to find the “wp-content” folder to start out on.

WP_CONTENT_DIR
https://codex.wordpress.org/Determining_Plugin_and_Content_Directories

$dirname = $_POST[“DirectoryName”];
$filename = “/folder/{$dirname}/”;

if (file_exists($filename)) {
echo “The directory {$dirname} exists”;
} else {
mkdir(“folder/{$dirname}”, 0777);
echo “The directory {$dirname} was successfully created.”;
}

All About BuddyPress Spam

From what I’ve seen over the past few days, the range of knowledge about spam in the BP community ranges from zero to PhD research project. So, to get this thread off to a productive start, I’m going to give everyone some background info on why spammers target our installations, how they do it, and what we can do to reduce or eliminate these kinds of attacks.

1) Why do spammers attack BP communities?

-> Spam is 100% economically motivated. Spammers do what they do because it’s very profitable. Even if only 1 out of a million messages the spammer sends actually reaches somebody, if it cost $2 to send out those million messages and the spammer makes $50 by tricking one person into giving them a credit card number, the spammer is going to throw every resource they have into sending out more messages …because they’re getting a 2500% return on their investment.

-> Given the choice between multiple sites, a spammer will pick the one that gives the largest payout.

Gmail is a “hard” target, with users that are experienced with spam. If a spammer sent a billion spam messages to accounts on Gmail, 99.9% of them would be probably be deleted by automated filters at other ISP’s along the way before even arriving at Gmail. The first thousand messages that arrived at gmail would likely be delivered but would be put in user’s spam folders; and the remaining 999,000 messages would be flat-out refused by Gmail’s servers.

Because anyone with an email account is familiar with spam, probably 999 of those 1000 users would ignore the spam message and 1 user might act on it. So if it cost $20 to send those billion messages and the spammer made $50 by tricking the one person into giving them a credit card number, they’ve only made $30 for all that work.

BP communities are usually “soft” targets that are inexperienced with spam.

Once a spammer gets into a BP community, every single message they send is delivered to a member, and most members are NOT expecting to be attacked by other users on the site.

If a user called “site_news” sends everyone a message that says: “Our site just got featured on Oprah! check out the video! http://www.youtube.com/watch/dQw4w9WgXcQ.cn” every single member is going to get that message, and probably half of them are going to click on the link. (did anyone notice what’s wrong with that “YouTube video” … )

Then, assuming there are 50,000 members on the BP site, half of them click on the link, half of those people are using Internet Explorer, and the attack site the link points to installs a backdoor on computers running IE …at $2 / install the spammer has just made $25,000!

Now, if *you* were a spammer, which site would you attack?

2) How do spammers find BP communities?

Using Google.

Example: http://www.google.ca/search?hl=en&q=%2B”is+proudly+powered+by+WordPress+and+BuddyPress” (front page of every BP site on the net)
Example: http://www.google.ca/search?hl=en&q=inurl:%22/community/members/%22+%2Bbuddypress (members page of every BP site on the net)

3) How do spammers attack websites?

-> Most spam attacks are done using robots, because sheer volume of posts is usually the winning factor. In situations where there is a “captcha wall” or other defense blocking registration to a “high value” site (hint: yours), spammers will use people in low-wage countries to break the captcha and sign up on the site. The going rate is about $2 per 1000 captchas.

http://www.decaptcher.com/client/

Once inside the site, they will then use bots to post spam to all the members on the site.

-> There are literally *thousands* of different programs available that spam websites, and they all have *different* venerabilities.

For example, this program: http://forums.digitalpoint.com/showthread.php?t=1124949

a) Will DEFEAT a “hidden fields” challenge,
b) Will DEFEAT a “javascript proof of work” challenge,
c) Will FAIL a “captcha” challenge
d) Will FAIL an “Akismet” challenge
e) Will FAIL a “Hashed Form Field ID” challenge

But this program: http://www.botmasternet.com/more1/ , wikipedia: http://en.wikipedia.org/wiki/XRumer , video of it running: http://www.youtube.com/watch?v=AL2i4SNPJmg

a) Will DEFEAT a “hidden fields” challenge,
b) Will DEFEAT a “javascript proof of work” challenge,
c) Will DEFEAT a “captcha” challenge
d) Will DEFEAT an “Akismet” challenge (uses proxy networks, never sends the same message twice)
e) Will DEFEAT a “Hashed Form Field ID” challenge
f) Will FAIL a “enter the numbers with a triangle over them” challenge (as used by PlentyOfFish.com)
g) Will FAIL a “click on the photos of cats but not the photos of dogs” challenge

4) How do we stop spammers from attacking BP communities?

-> By making it frustrating and unprofitable (but not necessarily impossible) for spammers to target us; while making these tactics invisible to normal users.

I will cover how I propose to do this in the next post.

^F^

Yes, I’m trying to style the comments of a particular group a little differently. The community I’m building is for users and potential clients of a membership-based service. Anyone can sign up, but I’d like to give commenters who are actual members of the service a little bit of a different treatment, so their comments carry more weight. I’m envisioning a small icon that overlays their gravatars indicating they are members.

For the moment I had planned on using xprofile data for this. I don’t have groups enabled (yet), but if we use them in the future, I would like to make them user-controlled for smaller interest groups (whereas membership to this group would be more admin-controlled). We have an external database with the names of all members in it, but I’m not yet sure how to cross-check with that database when users sign up (or if that’s even possible!).

Maybe xprofile data is not the best way to go about this? I know there are role options in WordPress, would this maybe be a better way to handle this? My main concern is ensuring maximum flexibility as the site develops.

Sorry man, here is the info of my site:

[the url of my site is http://gothicnet.co.cc]

1. Which version of WP/MU are you running? WordPress 2.9.2
2. Did you install WP/MU as a directory or subdomain install? Subdomain
3. If a directory install, is it in root or in a subdirectory? —
4. Did you upgraded from a previous version of WP/MU? If so, from which version? no
5. Was WP/MU functioning properly before installing/upgrading BuddyPress (BP)? e.g. permalinks, creating a new post, commenting. Yes
6. Which version of BP are you running? 1.2.3
7. Did you upgraded from a previous version of BP? If so, from which version? no
8. Do you have any plugins other than BuddyPress installed and activated?
BP Member Filter
BuddyPress Like
BuddyPress Profile Privacy
Buddypress Sitewide activity widget
Invite Anyone
Post videos and photo galleries

9. Are you using the standard BuddyPress themes or customized themes?
Randy Candy 1.0.0

10. Have you modified the core files in any way?
no
11. Do you have any custom functions in bp-custom.php?
no
12. If running bbPress, which version? Or did your BuddyPress install come with a copy of bbPress built-in?
buddypress come with a copy of bbpress install
13. Please provide a list of any errors in your server’s log files.
[Thu May 6 09:06:36 2010] [error] [client 201.114.205.34] mod_security: Filtering against POST payload requested but payload is not available [hostname “www.gothicnet.co.cc”] [uri “/wp-login.php”]

14. Which company provides your hosting?
neubox (neubox.net)

1.2.1 beta is now ready for WordPress and WordPress MU without Buddypress.
I added new meta fields for post and pages.
New Version is compatible with wpSEO and All in One Seo.

Please do not use this thread. Its closed!

The new support forum can be found here:
https://buddypress.org/community/groups/seo-for-buddypress/forum/topic/seo-for-buddypress-1-2-1-beta/

my WP version is 2.9.2 and I’m using BP 1.2.3 with it.
I only checked the standard wordpress widgets

I was directed to a plug in that fixes or makes the addition of tabs easier. Install the Page Links To by Mark Jaquith or go to http://txfx.net/wordpress-plugins/page-links-to/ It works great!

Oh, I see. I imagine that might have been obvious if I were a WordPress user. Thanks!