[buddypress-trac] [BuddyPress] #4200: Better spam-prevention admin settings (password strength, username blacklists, content filters) (was: No Spam Features or User security)

buddypress-trac at lists.automattic.com buddypress-trac at lists.automattic.com
Sat May 12 00:32:32 UTC 2012 

#4200: Better spam-prevention admin settings (password strength, username
blacklists, content filters)
-------------------------+-----------------------------
 Reporter:  dbasolo      |       Owner:
     Type:  enhancement  |      Status:  new
 Priority:  normal       |   Milestone:  Future Release
Component:  Core         |     Version:
 Severity:  normal       |  Resolution:
 Keywords:               |
-------------------------+-----------------------------
Changes (by boonebgorges):

 * severity:  critical => normal
 * milestone:  Awaiting Review => Future Release


Old description:

> For buddy press
>
> I have for the past several months been receiving several spam / fraud
> accounts through buddy press via my website Goodforsociety.com Is there
> or shouldn’t there be an area to set the security up for usernames,
> passwords, and first and last name fields? Example I should have a place
> to add and edit items I believe should not be allowed such as in the name
> field first name and last name I should be able to say in this field that
> numerical characters such as 1,2,3,4 etc cannot be used and or
> alphabetical characters in sequence like abcd of aaa, zzz, ddd making the
> user use their actual name. In the password field I should be able to say
> must contain one numerical and capital letter and password must be a
> minimum of 8 characters etc.. Also there should be a setting for email
> criteria so you can ad and edit a list you create that you consider to be
> invalid or false and or fraudulent accounts. For example I might would
> say any email that is aajjaajjaajj at 123.com is not a valid email account.
>
> Spam today is horrible and there isn’t much you can do about it if you
> don’t have these features available so we buddy press users can add to a
> growing list we create thus making our sites more and more and more
> secure.
>
> Also there isn’t a feature I can see that allows me to say I don’t want
> users to use html in there post and or activity streams. there should
> also be a list you can add words to that you don’t want to have on your
> site say if your site is pg13 then I should be able to exclude words like
> ass, and f@#@ck from being used via there profiles. Wordpress has this
> feature for comments!
>
> Can you assist me in trying to fix these issues? I receive 15+ fake spam
> accounts a day.
>
> Please respond to itbasolo at gmail.com you can also call if you have
> questions 925-522-9679

New description:

 For buddy press

 I have for the past several months been receiving several spam / fraud
 accounts through buddy press via my website Goodforsociety.com Is there or
 shouldn’t there be an area to set the security up for usernames,
 passwords, and first and last name fields? Example I should have a place
 to add and edit items I believe should not be allowed such as in the name
 field first name and last name I should be able to say in this field that
 numerical characters such as 1,2,3,4 etc cannot be used and or
 alphabetical characters in sequence like abcd of aaa, zzz, ddd making the
 user use their actual name. In the password field I should be able to say
 must contain one numerical and capital letter and password must be a
 minimum of 8 characters etc.. Also there should be a setting for email
 criteria so you can ad and edit a list you create that you consider to be
 invalid or false and or fraudulent accounts. For example I might would say
 any email that is aajjaajjaajj at 123.com is not a valid email account.

 Spam today is horrible and there isn’t much you can do about it if you
 don’t have these features available so we buddy press users can add to a
 growing list we create thus making our sites more and more and more
 secure.

 Also there isn’t a feature I can see that allows me to say I don’t want
 users to use html in there post and or activity streams. there should also
 be a list you can add words to that you don’t want to have on your site
 say if your site is pg13 then I should be able to exclude words like ass,
 and f@#@ck from being used via there profiles. Wordpress has this feature
 for comments!

 Can you assist me in trying to fix these issues? I receive 15+ fake spam
 accounts a day.

--

Comment:

 I'm removing your phone number and email address, as you probably don't
 want them here in this public forum. I'm also going to change the
 description to something more accurate, as this is not a security issue
 per se.

 The issue of spam on BuddyPress installations has been discussed often
 here, on buddypress.org/support, and elsewhere. Here are a few helpful
 links: http://wpmu.org/daily-tip-kill-buddypress-registration-spam-with-
 buddypress-recaptcha/ http://www.buddyboss.com/how-to-combat-spam-signups-
 in-buddypress/ http://themekraft.com/spam-in-buddypress/

 Your suggestions for password strength and username restriction fields are
 good ideas. I'm not sure that they have a place in BuddyPress itself -
 they seem more like they should be WordPress features, or at the very
 least should be part of a more general WordPress plugin - but I will leave
 the ticket open as an enhancement request for these suggestions.

 Your suggestions regarding content filtering are reasonable. Some of your
 concerns will be taken care of by the integration of Akismet filtering for
 activity streams in BP 1.6.

-- 
Ticket URL: <https://buddypress.trac.wordpress.org/ticket/4200#comment:1>
BuddyPress <http://buddypress.org/>
BuddyPress

More information about the buddypress-trac mailing list