Help with Blog Spam Content added by non registered users ?

Hi,

I have a dev site here http://www.cloud-webdesign.co.uk/ and even though I have turned off users from registering, I am getting SPAM blogs being posted by numberous users. There are only TWO accounts / official users, and there are two many of these fake users to delete.

How can users who have not registered SPAM blogs without accounts ?

Any help appreciated.... btw I have also activated HYPESPAM and various other anti spam techniques, but none seem to stop this activity... do I have some other vunerabilities I have left open ?

Help appreciated.

  • It works well enough...We use it here. I don't think there's an actual release so you'll have to pull it from my GitHub account: https://github.com/brettp/Bulk-User-Admin/

  • Sorry for being a newbie, where would I enter these commands... a command line ? have never done this, so guidnace appreciated.

    Actually wiping the database is probably easier, although I dont know how to do that either.... I guess there is a way rather than delete it. I use MySQLDumper, so I could I guess restore a very old database... but since I have added new plugins and upgraded, no sure if that would work..

     

  • "Wiping the database" would mean deleting the database, deleting the content of the data directory and re-start the site with a "new" site without content or users. I would see this option as last resort, if you don't have any recent backup of database and data directory.

    The above code should be saved in a file named for example delete_users.php and then placed in the Elgg root directory on your server. Then you can execute it by calling http://yoursite.url/delete_users.php.

    For getting the users' guids of the user accounts you want to keep you can install my Lastlogin plugin (http://community.elgg.org/plugins/874298/1.8.4/elgg-1819-lastlogin). In addition of the time of last login this plugin can also display a user's guid on the profile page. You would then enter this numbers as the number in the $user1_guid = 123; lines before executing the script. The script might take a while to delete the users and their content. You might need to call it several times to delete many users or you could add the line

    set_time_limit(0);

    below require 'engine/start.php'; to prevent a execution timeout.

  • @Andy - grab the bulk user admin plugin from Brett's repo and install it as a regular plugin. Then you can delete the users in bulk.

    To use the above code shared by iionly, you need to create a file (say delete.php) in the root of your elgg install and then you have to call it via the browser like http://yoursite.com/delete.php

    To wipe the database, login to the hosting accounts control panel and then drop the database. You can then start with a fresh database.

  • @Andy - grab the bulk user admin plugin from Brett's repo and install it as a regular plugin. Then you can delete the users in bulk.

    To use the above code shared by iionly, you need to create a file (say delete.php) in the root of your elgg install and then you have to call it via the browser like http://yoursite.com/delete.php

    To wipe the database, login to the hosting accounts control panel and then drop the database. You can then start with a fresh database.

  • @iionly, would like to try your script. Where would I enter this ?

  • @Andy - grab the bulk user admin plugin from Brett's repo and install it as a regular plugin. Then you can delete the users in bulk.

    To use the above code shared by iionly, you need to create a file (say delete.php) in the root of your elgg install and then you have to call it via the browser like http://yoursite.com/delete.php

    To wipe the database, login to the hosting accounts control panel and then drop the database. You can then start with a fresh database.

  • @Andy - grab the bulk user admin plugin from Brett's repo and install it like a regular plugin. Then you can delete the users in bulk.

    To use the above code shared by iionly, you need to create a file (say delete.php) in the root of your elgg install and then you have to call it via the browser like http://yoursite.com/delete.php

    To wipe the database, login to the hosting accounts control panel and then drop the database. You can then start with a fresh database.

  • As Team Webgalli described, you would need to insert the above code into a new file saved in the root directory of your Elgg installation that you can then execute by calling it in the browser. If you need to figure out the user guid numbers of the accounts you want to keep, you can for example install the Lastlogin plugin (http://community.elgg.org/plugins/874298/1.8.4/elgg-1819-lastlogin) which will display the guid of a site member on his profile page among some other info. The correct user guids would have to be entered in the $user1_guid = 123; lines before executing the script.

    If you want to use the script, you might also want to add the line

    set_time_limit(0);

    after require 'engine/start.php'; because the deletion of many users will take some time and this line prevents the execution of the script to timeout.

    "Wiping out the database" means "start fresh with your site". You will lose all accounts and all content (as you should also remove the content of the data directory when you start again with an empty database). Therefore, I would suggest to try the deletion of the spam accounts first (either with a delete script or the bulk user admin plugin) and to postphone the database wipeout option.

  • @iionly, @Team Webgalli, I simply restored an older version of my DB, before I started getting spamed. My dev site was left unattended and now fully upgraded with the various Anti Spam measures, I will carefully monitor to see if new user can get created on mass via soem loop hole.

    Users now have to upload an Avatar as well as CAPTCHA and also utilising HoneyPot, Spam Throttle & Spam Login filter... that should all work I hope.

    Anyway wanted to say a big thanks :)