Skip to:
Content
Pages
Categories
Search
Top
Bottom

Spam user registrations bypassing BuddyPress register page

  • @elangley

    Participant

    Hello All,

    I am running WP 3.3.2 Multisite and BP 1.5.5

    I am getting spam user registrations that appear to be bypassing the BuddyPress register system. I have several fields setup, that are required. Spam user accounts are being created that do not have these fields filled out.

    What can I do to stop these registrations?

    ~eric

    @elangley

Viewing 6 replies - 1 through 6 (of 6 total)
  • @mercime

    Participant

    @elangley the thing is that whether you have BuddyPress or not, when you have open registration, expect spammers – bots and humans. There are human spammers who are paid by companies to post backlinks in as many websites as possible and those who spam just for the heck of it, and other than making your site by invitation only, you’d have to monitor membership in your site regular and be prepared to cull the spammers.

    @elangley

    Participant

    @mercime thanks for the reply.

    I did not realize how extensive the spam registration, comment and trackback issue is on WP/BP. I am curious though as to how these registrations are getting past the required fields.

    In doing more research there are several models for limiting spam registration;
    captcha, which appears to have been compromised through the use of attack tools and, IMHO, is unfriendly to users.
    honeypot, which places a hidden field in the registration and when filled out registration is blocked.

    Currently I am testing WangGuard. It looks like it takes a more holistic approach treating spam registrations like a virus and building a database of bad domains.

    I have not fully launched my site yet so I don’t know how effective it is.

    Anyone else have a recommendation for methods/solutions for limiting spam registrations?

    ~eric

    @elangley

    @oceanwidedesigns

    Participant

    I wouldn’t use WangGuard because it sounds like that could easily cause problems for non-bots.

    I’ve been having good success with SweetCaptcha, I haven’t had any complaints from anyone & it seems to work for people from all cultures. One bot through since installing, but that is a lot less than lots of bots a day.

    @elangley

    Participant

    @oceanwidedesigns

    You wrote: I wouldn’t use WangGuard because it sounds like that could easily cause problems for non-bots.

    I ask: What could cause problems for non-bots?

    You wrote: I’ve been having good success with SweetCaptcha,

    I ask: SweetCaptcha looks cool. Do you have to come up with your own designs or are they stock?

    One possible problem with this model, like any captcha, is that once the bots create a database of these drag and drop actions, human figures it out and then put in the database, it may become ineffective. The more adoption a model gets in WP the more attacks it will undergo from spammers.

    ~eric

    @elangley

    @reverendspam

    Member

    In the past 6 months I was getting 50+ spam bot registrations a day. I used WangGuard, but it was not catching them.

    The bots were looking for the default registration page at http://yoursite.com/register

    I changed the permalink of my default registration page to something else and have not had any issue since then.

    Knock on wood, I have not had to delete any bogus registrations for the past month.

    I hope this helps.

    @placementmantra

    Participant

    I am daily getting very much spams on http://placementmantra.net/
    no idea how.even tried plugin no use

Viewing 6 replies - 1 through 6 (of 6 total)
  • The topic ‘Spam user registrations bypassing BuddyPress register page’ is closed to new replies.
Skip to toolbar