BuddyPress

I’m about ready to ditch BuddyPress. I installed the latest trunk and have the BPDEV anti-spam component with a captcha. Still, people continue to register, bypassing required fields.

The least that could happen is either BuddyPress become compatible with Akismet or enable some registration approval step, where an admin could delete accounts with empty profiles before they go “live.”

Hey wordpressfan, understand that BuddyPress runs on top of Wordpress MU so any spam issues are still, at its core, a WPMU issue.

The WPMU readme.txt has some info on how to counter spammers:
http://trac.mu.wordpress.org/browser/trunk/README.txt (read line 165 and on)

For the Darcy Norman link, use WPMUTutorials’ variation for BuddyPress:

http://wpmututorials.com/how-to/spam-blogs-and-buddypress/

—

Also, for your suggestion on moderating signups, WPMUTutorials also has an article on that:

http://wpmututorials.com/hacks/how-to-moderate-signups/

Read the last comment in that post for info on modifying the article’s instructions for BuddyPress.

—

You might also want to check out SI Captcha:

http://buddypress.org/forums/topic/si-captcha-for-wpmu-and-buddypress

The beta version has support for BP as well.

Hope that helps in some way!

Just an update, Matt Kern just made a post on the BP forums about his manually-approve signup plugin for WPMU:

http://mattkern.com/wpmu-manually-approve-new-members-on-local-install/

@r-a-y: I added the .htaccess commands to avoid robot registrations. We’ll see how that works.

I use reCaptcha with askiment in a bundle, well….i will see the result after launch the site

Askimet does great catching spammers comments on regular WordPress installations, but WordPress MU is commonly the target of spam registrations, which is my problem. I tried reCaptcha and the same day had to delete spammers.

I’m hoping a future version of BuddyPress or WPMU will include finer security, allowing admins to block access to only humanly-registered users, rather than either shut off all registrations. Another possibility would be to follow the example of WordPress and allow admins to relocate or rename the registration component.

@ wordpressfan

Did you read this post ?
I give a solution. Not perfect but it works

http://buddypress.org/forums/topic/fighting-splogs#post-22687

I read your example. I need something with a wider net. First off, the robot registration never leave an e-mail address. Unlike WP comment spam, WPMU registration robots appear able to bypass required fields, including e-mail address.

I receive e-mails announcing new registrations that contain only IP addresses. Meaning I would need to include hundreds of IP addresses in your code.

The real solution is somehow create a bullet-proof required registration field or move the registration page behind a firewall. I’ve seen single-user WordPress installations that move the wp-admin or wp-signup pages to avoid robot attacks using the default name and location of these pages.

I’m struggling with a lot of spam registrations.

- a lot list country entry as random characters “Ot9XLfiFD7WNCu” Is there a way to set Country so it has to be a legit one?
- a lot come from email addresses such as “myspacee.info” “@mysace.info” Is there a way to force email confirmation … so they have to receive an email and click on a link to confirm registration?
- is there a way to mark someone as a spammer and delete them at the same time in the admin?

Sigh… I don’t have time for this so I may give up.
Would be nice if a site user can “Flag” a spam entry to disable the user.

My spammers all sign up with .info email addresses. Is there any way to just block all .info?

Legitimate members should use normal .com emails, like normal people.

I changed the signup page name, stopped all new registrations across all blogs, added to the htaccess page and STILL get signups.

I asked over at wpmu and they say it is Buddypress causing this and to ask here but I see that BP blame WPMU.

Great!

I havent had a spammer registration since i used the “WMPU block spam by math” plug-in. i was getting 20 a day, and now absolutely zero.

http://wordpress.org/extend/plugins/wpmu-block-spam-by-math/

captcha and math tools do not really help fighting spam.
spammer register manually and then feed your blog automatically remote via xmlrpc.

i am running a wordpress mu + buddypress site and had about 40 spammer-registrations a day with lots of spam. then i deactivated xmlrpc via renaming xmlrpc.php in wp-root, result was only user registrations (without content spam). about four days later spammer registrations were reduced from 40 to about three a day (easy to delete), seems that the spam-apps noticed that the rpc doesn´t work and deleted my site from their targetlists, entering their messages manually is to complicated for them….

Wouldn’t it be cool for a plugin to remove wp-signup.php and xmlrpc.php from a BuddyPress installation in a way that these changes would be kept through an upgrade of WordPress (which now of course replaces the deleted files)?

Okay! This is pathetic. Spam is a real problem for literally all community websites on the internet. Ever since I’ve updated to WP 3.0, spam has become a pain in the anus! So this is my solution, I’m building a spam prevention plugin that is built in flash. Its all using AS 3.0. I’m having issues with Internet Explorer 6. If you use IE 6 or you don’t have a flash plugin or something for your browser then I don’t care. SPAM IS A PLOBLEM. 90% of the people using my site have flash and don’t use IE6. The 10% have to just deal with it.

UPDATE COMING SOON! IF YOU USE IE6 THEN GO LIVE IN A CAVE LIKE THE HOBBITS DO.