BuddyPress Spam
-
I’m about ready to ditch BuddyPress. I installed the latest trunk and have the BPDEV anti-spam component with a captcha. Still, people continue to register, bypassing required fields.
The least that could happen is either BuddyPress become compatible with Akismet or enable some registration approval step, where an admin could delete accounts with empty profiles before they go “live.”
-
@pcwriter It’s weird. I tried a proxy server, and was still able to get to the signup page by typing in the url, which leads me to believe the htaccess change isn’t taking right. Is there anything that could be interfering?
I had another anti-spam idea: Would there be a way to require a user to have an avatar? What I’ve noticed is that all the spam signups have no avatars. Wondering if making that essentially the same as required profile fields would help.
I think someone more knowledgeable about things .htaccess could better answer that question. I’m really still learning about all this stuff myself.
About your other idea though… now that could be brilliantly simple! It could sure put one heck of a damper on the efforts of human sploggers who are, if their activities are any indicator, a lazy bunch. Only thing is, it wouldn’t do much for those bots who manage to squeeze through whatever “backdoor” they happen to find (or make).
Anyone want to take on a little “Avatar Required” plugin challenge here?
@TedMann – No, manually going to your signup page will not trip the spam alarm. Putting in the URL with all the submit stuff (like attempting to pass registration info via the URL instead of entering it like a human) will trip the alarm. What it’s checking for is the POST command, and was THAT passed through by your site. Otherwise no one would ever be able to sign up
Thanks for pointing that out… clears things up!
O MY GOD, I am so sick of deleting spam blogs! Does anyone know if the new version of BP coming out will have anything built in to prevent these spam blogs?
There is not anything new in BP 1.2.6 that will address any spam issues. Spam blogs, however, is a problem with multisite WordPress in general (not specific to BuddyPress). It still sucks, of course.
I removed/commented out the create a blog option from the member registration form while still keeping blog creation on. I only left access to the bp create a blog form for users is_loggedin Only. By tucking it away within the member profile for the member to create a blog later during their profile detailing/editing process, I was able to get to the point where I only needed to delete crap members that get in, not crapmembers + crapblogs that get created at one time wasting all my low number blogIDs!
At the end of the day, if you’re running BPmu you don’t really need to have insta-blog. The option to create a blog is link within the member profile “dash” that they can get around to when they feel settled. I’ve found it’s easier for the user to get their profile up and running first and then breathe and think of a good blog name/url after they’ve logged in for the first time.
but if you really really want instablog, which really isn’t that instant due to the wp-admin of it all. Plus, it’s not really instant because there are too few frontend posting options in member themes for the user to start posting right away, so no need for instablog in registration process, so just indicate to your user that they can do that part later. if you still want blog creation at first registration, then you can keep up the good fight by zapping spammers and their blogs.
I wish new blogs worked like comments, meaning that the first post by a new member has to be approved before the blog is active. Once the first post has been approved the blog would then become active and viewable by the public.
Now that is a brilliantly simple and effective tactic that I’m adding to my arsenal!
@pcwriter, it took a while for me to think of that way, but after turning off blog creation for about the 3rd time and contemplating keeping it at all, I thought of just doing it this way and it ended up being a better process for the user while killing those instaspam blogs. which btw, with all the other available strategies for blocking spam, it ends up being a very effective barrier to spam blog creation.
I’m using:
Si Capthca
BuddyPress Humanity Plugin
BP Signup Xtra (with required birthdate and checkbox)
Extra Profile Fields that require text input.
Bad Behavior with HTTP:BL enabled…I’ve not noticed any spam logins yet…. knock on wood/cross fingers.
I am very new to this , I got this topic’s link from a post by @pcwriter in a topic in buddydev.com
and reading so much about spam/splog and fighting it I’m am overwhelmed and worried and exhausted even thinking about the …….
I have read this topic , understood some and implemented some and also didn’t understood some too …..
I ask a very stupid question !!!
How to change the registration slug ?
who ever replys the above question please oblige this foolish novice (that is me) with a complete walkthrough …
.
I am also using Secure Invite plugin , will this slug change effect this invitation plugin ? if so how to battle it ?
.
Thanks to all and special thanks to @pcwriter for all usefull information …Add this to wp-config.php `define( “BP_REGISTER_SLUG”, “your-registration-slug” );` and change ‘your-registration-slug to your own registration slug.
Edit * the wp-config.php file is situated in the root of your wordpress installation
I’m using:
– Buddypress Humanity
– WPMU-Block-Spam-By-Math
– SI CAPTCHA Anti-Spam
and
.htaccess
# BEGIN ANTISPAMBLOG REGISTRATION
RewriteCond %{REQUEST_METHOD} POST
RewriteCond %{REQUEST_URI} .register*
RewriteCond %{HTTP_REFERER} !.*yourhomedomain.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^$
RewriteRule (.*) http://die-spammers.com/ [R=301,L]
# END ANTISPAMBLOG REGISTRATIONYou’re very welcome
Thanks @Anton
I spent some time yesterday to try to stop the constant flow of spam users and blogs being created on my site. Here is what I did…
1- deleted extra registration.php in bbpress folder
2- changed reg. slug
3- installed humanity
4- installed Si Captcha
5- added code from above to htaccessI am still get about 20-30 per day.
Is there a way to tell if these are humans or bots creating these accounts and blogs?
I don’t know what else to do, any ideas? ( I really don’t want to disable blog creation during registration)I escaped.
install and WPMU-Block-Spam-By-MathThere’s also https://wordpress.org/extend/plugins/moderate-new-blogs/ and https://wordpress.org/extend/plugins/limit-blogs-per-user/ which could help
Thanks. That moderate-new-blogs plugin is exactly what I was thinking of but couldn’t find anything like it!
A great way to stop bad bots is the Bad Bot Eliminator script http://www.marcelboast.com/badboteliminator/
It stops bad bots dynamically by blocking IP addresses.*Mod note: Disclaimer – this script is a paid script
thanks to this http://www.marcelboast.com/badboteliminator/
*Mod note: Disclaimer – this script is a paid script
I’m using this plugin : https://wordpress.org/extend/plugins/wordpress-mu-secure-invites/
I have restricted registration only by invitation , yet I got one registration ….
have to done all the spam blocking techniques mentioned here to my installation … but did some definitely
Thanks to this thread I am going on almost 48 hours with no new spam signups or blogs. lol I feel like I should get a coin? Yes that’s a bad AA related joke.
Thanks to this thread I am going on almost 48 hours with no new spam signups or blogs. lol I feel like I should get a coin? Yes that’s a bad AA related joke.
- The topic ‘BuddyPress Spam’ is closed to new replies.