Blocking Spammers

My new Elgg social network (SimplyFair.net) was hit by spammers this morning. They erased my members and put 10 of their own in instead. Two of them were active when I went to the site, which was really spooky. My developer was able to erase them and restore my members. But she's asked me to consult with you folks to see if there are plugins or other means of combatting this menace. Would appreciate your help. 

My developer says her company's servers are being hit regularly by spammers, apparently from China. Looks like they think they can have a field day with social networks here. We're going to be adding a captcha to our site. But are there other resorts?

  • You should also try the (free) service of cloudflare.com =)

  • I've got IP Tracker, Spam Throttle and Spam Login Filter (turned Fassim off based on what I read on the plugin comments BUT I blocked the country code for the US). This is a very local project so I could actually block 99% of the world. 

    As for Cloudflare, I don't like relying on the services of others and providing them with my site information. Prefer simple local solutions I can control myself. For all I know, anyone offering "security" (corporations and governments included) are the reason security is needed in the first place ;) Protect yourself from the people who claim to protect you and protect yourself yourself. Don't leave it up to others :)

    Dhrup, I left Florida for Switzerland. I always wondered why birds stay in the same place when they can fly anywhere on earth. Then I asked myself the same question ;)

  • Another good anti-spam plugin is Elgg Captcha -- Can be used with Math captcha. It will stop the Robots from bombarding your database with 76 cents products... However, the free labours or humans from China can register but it will slow them down... And this will give you time to deal with the spammers the  DhrupDeScoop way or style "just plain eye-balling ;oO and occassional deletes. blogs, pages, groups." Since I started using these captchas on Twizanex.com , Spam rate has gone to ZERO...  You can check how it works on Twizanex site :)

    http://community.elgg.org/plugins/1172111/1.8.x/elgg-captcha

    Hope it helps...

  • I've got captcha. The last one was a human spammer. Omg, spammers from China are a scary thought. Looks like I have to block China too. If you spam me, I'll block your country. It's that simple :)

  •  @rm@nd@,Which type of captcha do you have? Not all people from china are bad. You don't want to block the whole country because of a few individuals who have made their minds... You will be surprised that some spammers also originate from U.S.A. Especially California and Florida! I think weeding the bad ones out is the best solution.

  • I've got this one:

    http://community.elgg.org/plugins/914006/1.8.0/elgg-18-captcha

    I was kidding about blocking China, of course. Kidding is half the truth so I'll only block half of China :)

    Maybe I'll just modify my .htaccess  to allow only certain IPs.

  •  @rm@nd@, I think Elgg Captcha   will give you more options to work with and you can use it with any extra captcha of your wish.... When it comes to modifying .htaccess to allow only certain IPs, the idea works well if you have a few numbers of IPs to allow of block. However, the more the numbers of IPs blocked by .htaccess the slower the site performance it becomes!

  • amanda: if you' want local enough (switzerland only + some) - there's lots of country ip lists (i'll send you any if you cannot find easily) available for htaccess to deny/allow by specific countries. load on your server (> shared!) will be not of any concerns. we've used our (only ~5000 lines;) htaccess ip blocks since forever and you already know how good out spam issue is at ~0% and (likely) the biggest elgg site handing out there. our concers are usually more like... performance when the kids start hammeirng the site @ (no school) weekends. your server won't be throttled any more than any other normal day-to-day operatons. believe us - we run a real ad-free site;) and.. btw - we do happily block out a whole country (2x in past 4 years!) if we cannot easily & quickly one user b/c of the priority @ protection of the nature & audience segment of our site.

  • OK, I'll modify htaccess. My site is totally ad-free as well. The joy of not being sold anything! :)

    I like your site Dhrup. It's a brilliant solution for kids.  

Feedback and Planning

Feedback and Planning

Discussions about the past, present, and future of Elgg and this community site.