Detect SPAM registration /blogs and stop it

Hi,

I have using many Capacha plugins to avoid SPAM registration / blogs and stop it. I was keep changing these coz i felt none of them is working perfectly and SPAMMer was able to sneak into my elgg installation some of other way.

Case 1 - At present I am using image_captcha to prevent spamer. I just disabled capacha for few mins and noticed that more than 200 SPAM users has been registerd to the site. I was surprise to see this stats. How to detect the source of these attacks and prevent them permanently?

Case 2- I have setup one new small sites using elgg without any capacha 3 days back. No great promotion etc etc..just made sitee live..Today i noticed more than 500 users have registred to the site and all registration was SPAM? How can this be possible...

I am just trying to relate these things at base level...In both the cases, i am surprised with SPAMMer elgg detection and SPamming capability. Tis also leads to my site perforcmance as well..

please advice and share your experence.

 

 

  • @ DhrupDeScoop , While testing `anti-hammer`, I realized that if you make request several times e.g by  hitting computer F5 key several times;  the site hit counts are counted against the user…  for me, I got this error “  You must wait three seconds before trying again. If you believe this is in error, please mail cor about it!” which is a good thing for a site owner…. twizanex captcha

    I know the abusive web spammers can run but cannot hide. In fact, this is a nice tool to stop automated suckers, bots, and spiders from hammering Elgg site pages several times per second.


    Now here is my question, have you tested the `anti-hammer`, with the Elgg page autoload features or detecting scrolling features, --- loading of site articles when a user has logged in, then keeps scrolling down the page towards the bottom page and the site keeps automatically loading more updates… can the Elgg site users be locked out for some time “time out” due to quick page load requests they make due to clicks or continuous page scrolling…

  • forgot earlier ~ matt's similar plugin is Spam Throttle developed for elgg.

     

  • kxx4, You are right; the Captchas should be made not only for registration and forgotten your password pages. If need be, Twizanex will be working on advanced Captcha system. That is, when the user posts spam contents, the Captcha is activated and the user has to enter the Captcha correctly for them to post the contents. If they are spammers and human but not computer robots, another Plugin will scan their contents automatic on-the-fly against common spam patens or word usage and report the suspected spam to the site admin for review. This way, we can keep Captchas away from regular logged in site users who want to share their ideas and information freely.Twizanex captcha idea

  • It would probably go a long way to simply offer the ability to require a comment or blog post with an url to be moderated by the admin.  Or combine that with configurable restrictions such as only users under 30 days old get moderated for posting an url and/or perhaps offer the ability to put users in groups where they can be whitelisted for these types of comments/blogs without moderation.

     Also csf firewall offers some options which will help to autoban spambots which hammer away at the site (based on requests or connections at a given time).  You can optionally set it to do so for X minutes and then after so many triggers make the ban permanent.  It also has a nifty feature where you can pass an IP or net block on the command line and ban someone at the firewall (it uses iptables).  See http://configserver.com/cp/csf.html but be warned!  It can be a real monster to configure.

  • @ DhrupDeScoop Thanks for your extensive research. This is the true spirit of Elgg community. Instead of speading or wasting time watching cats and dogs pictures and videos on YouTube, we are here to help old Elgg users and even the newbies...  hope others can do the same to make Elgg sites browsing experience free from spammers, smooth, and manageable for both Elgg site administrators and site members or users and the browsers or non members...

  • hehhh ~ i actually do watch pictures of dogs on youtube !;-P i like those animals and have had one for quite many years ;-oO his name is 'zeus' and he's a smart little dude ! sleeps at my feet in my office most of the morning.. waiting for beef jerky..;-X he could be trained into being a very good spam busting guard dog ;}

  • there's a wp spam buster called 'bad behaviour that could do well transposed for elgg; i believe it uses more klanguage dependent style symptoms to detect 'spam' for blocks and monitoring. i've looked thru that code, just not found excess spare time to research for converting for elgg. it looks like in the same power league as anti-hammer, csf, matt's spam throttle (maybe some others as such built on same technology style). captcha's been around too long and broken too well to be truly effective; we have to move towards the more technology based blockers, bayesian 'trained' utilities and so on, captchas merely block the very first initial entry point. the bulk of spam is almost always usually off-loaded after that point has been already breached. that is where the others (mentioned above) are better. but ~ we need more users willing to do mnore than ask and download for use. *testing such technology is a very large part of the effort. I have had maybe 0.05% of users here @elgg actually PM me with their contributions whenever I've asked for certain live 'spam data' that i could analyze at further lower detailed levels. users usually just delete their spam ;-) I read them ans study and research.

  • I am using spam detector and ban them on the spot using Stop Forum Spam 1.0(check this:skslink.com/info), Spammers flood my ELGG site 1000's every week: http://skslink.com/network BUT check this spammers when I redirect them to SKSLink.com/info and they die forever hahaha! Someone can get this Global spam detector to add in ELGG, because I think it is the BEST i found for this 4 months compare to 4 years Elgg spammer detectors.

  •  WestorElggMan works good and allows for site mass messaging and group controls...for use by only the admin or for all members.  http://community.elgg.org/plugins/553265/1.8.3%20free/westors-elgg-manager?annoff=50