Skip to:
Content
Pages
Categories
Search
Top
Bottom

Blocking Buddypress User signup/Group spam


  • Tom
    Participant

    @godsdead

    I have had thousands and thousands of bot signups every day with thousands of spam groups being made, I have a captcha on my signup page and I have custom required field, yet somehow thosuands of automated bots are signing up and spamming my website! Its out of control, Ive tried a few plugins and nothing seems to stop them!

    is there a back-door in buddypress? or a vulnerability that is being exploited?

    website: https://piratemc.com

Viewing 4 replies - 1 through 4 (of 4 total)

  • wackao
    Participant

    @wackao

    There is no backdoor, but yes there is a lot of spam which will enter. The groups are indexed by google and users use it to spam.
    You can add the Google captcha easily, I am unable to locate a plugin at the moment.
    You can check this link : https://buddypress.org/support/topic/simple-recaptcha-for-buddypress-register-page/

    p.s : Seems like a missed opportunity. I can upload on wp.org and share with you later this week. Let me know if you need it.


    Tom
    Participant

    @godsdead

    Hi @wackao I already have a captcha on my register page, which is why its confusing why I have so many bots, I just deleted 1000 groups!
    This is my register page

    register

    Im wondering if there is another way these bots are signing up, like an API or somehow the default wordperss signup.php? I am not sure


    wackao
    Participant

    @wackao

    Make sure the captcha is verified on both browser and server levels. If this captcha is working only at browser level, then yes a simple CURL request can bypass it and register bots in your site.
    There are other ways as well, but the Google captcha should do the trick. We have not had any issues with signups at all.


    Tom
    Participant

    @godsdead

    I dont see why it shouldn’t be server side, Ive tried both V3 and V2 Captcha using the plugin “Advanced noCaptcha & invisible Captcha Settings” as I can actually see the Captcha be added to the buddypress register page, but Im still getting 10-20 fake registrations a day!

    what one do you recommend?

Viewing 4 replies - 1 through 4 (of 4 total)
  • You must be logged in to reply to this topic.
Skip to toolbar