Cannot delete users (spammers)

Hi,

This mourning I had an spamm atack. Normally I am protected with the spam_login_filter plugin that works pretty good. Some days it does not work as good and today was one of those days and I get a loooot of spam.

The first thing that I found out was that the table elggobjects_entity (98% sure that was the table) was corrupted and needed to be repair. I repair it using phpmyadmin.

After that I try to delete the spammers and I get an php.ini timeout error:

[Tue Nov 01 12:43:15 2011] [error] [client 200.110.234.162] PHP Fatal error:  Maximum execution time of 30 seconds exceeded in /var/www/cayambelibre.com/engine/lib/entities.php on line 99, referer: http://www.cayambelibre.com/pg/profile/eholscheshar

I also try using the bulk-user admin to delete user. There I got out of memory for the phpscript

[Tue Nov 01 12:45:51 2011] [error] [client 200.110.234.162] PHP Fatal error:  Allowed memory size of 67108864 bytes exhausted (tried to allocate 15308 bytes) in /var/www/cayambelibre.com/engine/lib/database.php on line 330, referer: http://www.cayambelibre.com/pg/admin/user/

 

I try both increasing the time and the memory, but with 5 minutes and 256 mb it did not work.

Also when I try to delete a user(s) I get apache and mysql procesor consuption very high. From 60% to 80%. Whe it use to be only as high as 10%.

 

Googling I found out that it was a good idea to delete de elggsystem_log_****** tables so I did so.

Any idea of why I am having this issues?

Regards,

Rafael

 

  • Rafael, try to repair your database with cash´s database repair plugin.

    After that, search for a dhrups plugin to scan and delete blog posts. I dont remember the name.

    You can use the entity browser plugin, but is a bit risky.

  • How many users are you trying to delete at a time?

    If you still get the error when you're trying to delete just one user, it might be because that one user has so many entities that the server is timing out. You might need to either up the mem / time even further, or delete some of the entities manually first, then delete the user.

    Unless you're familiar with Elgg's database, I wouldn't recommend deleting directly from the database.

    Apache and mysql spikes are normal for this type of operation.

  • RayJ, I would check that plugin.

    Brett, I try deleting just one user and I had that problem Then thanks to your message I could delete a user, but it was a no so problematic one.

    Here is some info about one of the real problematic users I can't delete:

    strykertrish | strykertrish | krogstadlet@sohu.com | 29076

    Last login: hace 10 minutos | First login: hace 14 horas | Last action: hace 10 minutos

    Objects: 3946 | Annotations: 0 | Metadata: 2914

    I would first try increasing the memory as much as I can and see what happend.

    Regards,

    Rafael

  • So I increased the execution time to 5 minutes and the memory to 300 MB and I could delete one of thoses users. It takes for ever, but seems to work.

    Is there a way I can protect from this kind of flooding. In less than 10 hours the created more than 3000 objects. My user in around two years has creted more than 500.

    RayJ spam filter is a great tool and defends us from the first line atack. But once the atacker is in, it could be trouble.

    Best regards,

    Rafael

  • One solution that we've partially implemented on this site is to rate limit certain actions. In our case, we rate limit sending private messages, since that's usually where we get the most bulk spam. The same technique could be applies to any action. Here's where we do it:

    https://github.com/Elgg/community_customizations/blob/master/start.php#L47

  • Brett: Is in my roadmap implement filters to limit user´s actions. I will check your code and, with your permission, implement it in my antispam plugin. We still need some protection against spambots.

  • So it looks like a good idea to never turn off the spam trottle filter.

    This morning I had this same problem. 

    I just turned off most of the pluggins and then I was able to delete the spammers.