So I hadn't logged into my site for a few days and then when I did I discovered I had 5962 spam comments on my admin blog. I tried to delete the user but get HTTP 500 server errors because the request apparently takes too long to complete. Any suggestions? How can I get rid of them?
info@elgg.org
Security issues should be reported to security@elgg.org!
©2014 the Elgg Foundation
Elgg is a registered trademark of Thematic Networks.
Cover image by RaĆ¼l Utrera is used under Creative Commons license.
Icons by Flaticon and FontAwesome.
In my view, I believe a configurable limit on the number or messages, comments, and blog posts per day could have prevented this problem. I will open a feature request in trac. I've discussed this with Evan and his suggestion was to open a feature request but when I tried trac was offline.
Possibly combined with an email notification to the administrator that a limit was hit and by whom.
It's a must to sort out and really should have come as a first priority
I have opened a new feature request: http://trac.elgg.org/ticket/4080
Plus a defect for the 500 server error: http://trac.elgg.org/ticket/4081
I am also still looking for any comments or suggestions on how to delete.
can it be done server side?
For example through SQL commands, yes I could do this to delete the posts, but I'm a little wary.
If you meant blocking them, once they have valid userids and passwords, the spam bots were set up patiently enough to get past my firewall, as in only so many actual HTTP requests per hour.
Well, I finally started to get rid of them after increasing my PHP memory limit to 512M and the PHP timeout to 300 seconds. 256MB failed. HTTP request still fails but mysql query kept running and still is. Looks like it averages 100 posts deleted per minute and might be finished by the morning.
No idea why it takes so long. Probably another potential area for improvement there, too. Again this is a dedicated box with over 4GB or RAM and 4 dual core Xeon processors but CPU use is low.
Got rid of half the spam blog posts but now I have database corruption validate can't detect:
DatabaseException
Incorrect key file for table '/elgg_entities.MYI'; try to repair it
QUERY: SELECT * from elgg_entities where guid=217778 and ( (1 = 1) )
DatabaseException
Incorrect key file for table '/elgg_objects_entity.MYI'; try to repair it
QUERY: DELETE from elgg_objects_entity where guid=224102
DatabaseException
Incorrect key file for table '/elgg_river.MYI'; try to repair it
QUERY: delete from elgg_river where object_guid = 188644
Guys, look at my plugin: spam_login_filter
Is a forefront antispammer, blocking spammers in registration process. Works well. I am planning a extension to block users that create more than X content at a determined time.
If a user create more than 10 blog posts in about a hour, the plugin could block the user and notify the admins. Is in my roadmap. For now, try the spam_login_filter. Thrust me: It works.
- Previous
- 1
- 2
- 3
- Next
You must log in to post replies.