You really get that many humans registering to spam on a smaller site?
One solution I use on a large site is to prevent any post with more than 2 urls.
Spammers typically cannot help but be morons and post several urls at once, normal humans rarely post more then two per post, and then not every post.
Not sending a password would be fairly easy by hacking the core, I’d have to look at it more carefully to see if it can be done via plugin without hacks. I believe it’s done in pluggable.php
which means it’s replaceable, so that’s good.
Another method would be to use my Instant Password but NOT do the final step of logging them in and activating the account, but instead store a scrambled password and log the request, then manually authorizing it which would drop their chosen password hash into place. The important/hard part is not letting them request a new password to activate the account.
This might also be worth a shot but not sure if it’s useful against humans unless they work from the same IP pool:
https://bbpress.org/forums/topic/new-stop-forum-spam-api-plugin-block-fake-user-registrations
Thanks for the reply _ck_.
I’m actually using it on a larger site than recommended and we have pretty strict forum policies so ban people for 24 hours when they slip up using the Ban-Plus plugin. The problem is people just set up another account and instantly start posting again.
We recently had a spammer, a human one who would deliver actual advice to a discussion, but then follow it with links to escort agencies and the like. We banned him but he just signed up again – 5 times in a row!
The 24 hours approval rate would solve all these problems. Just need to find some time!
There isn’t any site “larger than recommended” for bbPress
There is a bbPress site with nearly 2 million posts and another with 8 million users, so there aren’t any limits.
I’ll look at the approve plugin and see how hard it is to make work with 1.6
I have now fixed the Approve Registration plugin for bbPress 1.0a
as well as another bug it had with resetting passwords upon approval.
(it might also now work again with bbPress 0.9.0.4, untested)
http://bbshowcase.org/plugins/approve-user-registration_ck_mod.zip
Wonderful. Thank you very much. I’m sure many will appreciate this.
“site larger than recommended” in that 1.6 isn’t recommended for anything live…
The updated plugin has been working ok except it has major flaws
1 – The user displayname is not being put into the database – therefore all new users appear as a blank when they post.
2 – registration error messages aren’t displayed. (e.g. Invalid email)
The fix was straightforward. The bb_new_user function needed updating as so:
if (!function_exists('bb_new_user')) :
function bb_new_user( $user_login, $user_email, $user_url, $user_status = 0 ) {
global $wp_users_object, $bbdb;
// is_email check + dns
if ( !$user_email = bb_verify_email( $user_email ) )
return new WP_Error( 'user_email', __( 'Invalid email address' ), $user_email );
if ( !$user_login = sanitize_user( $user_login, true ) )
return new WP_Error( 'user_login', __( 'Invalid username' ), $user_login );
// user_status = 1 means the user has not yet been verified
$user_status = is_numeric($user_status) ? (int) $user_status : 0;
$user_nicename = $_user_nicename = bb_user_nicename_sanitize( $user_login );
if ( strlen( $_user_nicename ) < 1 )
return new WP_Error( 'user_login', __( 'Invalid username' ), $user_login );
while ( is_numeric($user_nicename) || $existing_user = bb_get_user_by_nicename( $user_nicename ) )
$user_nicename = bb_slug_increment($_user_nicename, $existing_user->user_nicename, 50);
$user_url = bb_fix_link( $user_url );
$user_registered = bb_current_time('mysql');
$password = wp_generate_password();
$user_pass = wp_hash_password( $password );
$user = $wp_users_object->new_user( compact( 'user_login', 'user_email', 'user_url', 'user_nicename', 'user_status', 'user_pass' ) );
if ( is_wp_error($user) ) {
if ( 'user_nicename' == $user->get_error_code() )
return new WP_Error( 'user_login', $user->get_error_message() );
return $user;
}
$user_id = $bbdb->insert_id;
$options = bb_get_option('approve_user_registration_options');
bb_update_usermeta( $user_id, $bbdb->prefix . 'capabilities', array('waitingapproval' => true, 'member' => true) );
approve_user_registration_send_pass( $user_id, $password );
do_action('bb_new_user', $user['ID'], $user['plain_pass']);
return $user['ID'];
}
endif;
although I am using a fairly hacked together install with some bleeding edge stuff in there so you may need to experiment a little.