What one thing lets elgg down? Spammers... Mainly Chinese!

For the first few months I was getting spammed then I installed site access, and used the site password feature when registering great spam stopped, then a few weeks down the line one spammer so I changed the password great few more weeks then a new spammer, changed password next day new spammer(S) so I thought maybe there 'reading the password' from the text above that says enter xxxx so I changed it to please enter the numbers you see in order excluding the * (exp. **8****9****9*4**3) great 2 days no spammers then 5 in one day!!!!!!!!!!!

This ruins elgg completely....

I run a PHPBB forum with 3500 members We get a spam account once every few months and thats a basic standard installation!!!

I Sincerly hope 1.8 puts an end to spam and deals with it much more than 1.x

Regards,

One seriously P***** off Elgg site owner.

  • There were several last night from Russia. I haven't seen those guys in a while at all. On Mondays I go away from my home base for four days and can't really look into the ip's I copied on my home computer. There was one from something like 77.244.174.0, and somebody from another ip there who tried to run an r57.php (happened again just a few minutes ago).

    What's funny is that I am in China and have several users on my small site from here. Mostly they were under control. But today, they are popping up from a few places I rarely see them, except for Fujian Province.

    Note: on my site all new users must be approved, so basically it's not a problem except that I'd really like to open registration up. Can't see that happening as life is.

    The one thing almost all these spammers have in common is the Agent:  Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1;)

    Following is what I can get from c-panel right now:

    109.120.144.247  r57 attempt (just minutes ago, using Mozilla/4.0 (compatible; MSIE 6.0; Windows 98; Win 9x 4.90)

    IP #   Country   Username  e-mail
    213.111.230.59,  Ukraine,   wirosankis%40gmail.com

    184.171.169.115,  USA, krng5666,  actiondim@hotmail.com (secured servers in Tempe, AZ)

    218.86.50.105,  Shanghai, China, rccvnm097, fafafa13123@hotmail.com

    180.109.148.107,  Nanjing,China,    lhaqc4827@sohu.com

    175.44.8.103,   Putian, Fujian China,  problemz,   dfw116@mx8168.net,  (anything from Fujian Province is a spammer I have concluded over a long period of time. They especially use 58* and 59* IP's (such as 59.58.155.9) and are all blocked on my site. They were gone awhile. Are they back with new IP ranges?)
    175.44.8.103,    productm,   yug067@mx8168.net,  AND  producem,   mpi729@mx8168.net

    112.111.187.190,   Putian City, Fujian Province, China (normal attempt to the normal login like he already had an account)
    112.111.174.225, Putian City, China,    afer9rer and ghfd6qdd, gresgesggrseg@aol.com

    66.212.30.111,   Santa Ana, CA, USA,  secured server,   pfrjpl784,  qci745@mx8168.net

    110.84.210.107  Fujian Province, surprise, surprise

    Direct hit on pg/login and not my users.
    173.208.0.0
    109.0.0.0/8
    78.46.64.0/19
    60.214.115.50  Jinan China (another problem area)

  • @j :  i had some issue with the user registration + webgalli_antispammer ..the captcha image would go missing...  captcha was being generated by siteaccess mod.  ..i was not able to investigate the issue much

     

  • @ DhrupDeScoop  I got the 'tracker' mod to work after moving it to the top of my mod list and just sent you a second set of names/emails/ip#s.  The logs from my CPanel don't copy/paste so I am lost there as to how to forward them to you.

    @ Tyler Strayhan  I too sent messages to each spammer for awhile (before deleting them) but it made no difference.  Each of them never seem to come back after their first log in.  None posted additional content if I didn't delete them right away.  I've started to receive ones who put 'Click Here' on their profile page but, it appears, they don't know how to properly make it a link so they are just wasting their time.  About half post a blog(s) (or HTML on their profile page) and about half register, post nothing and never return if I don't delete them right away.

    I truly wish I could get help making 'approvenewmembers' work because I think that would solve my spammer problem entirely...at least at this point.  (So very many plugins I've tried just don't work properly...just sitting on my list not activated.) 

  • We fall in the same pot. Spammers either post blogs or html to their profile page. We delete them, they come back. They are a consistent bunch. One of our sites get spammed, the other 2 don't, but surely all will once they find them. One would think they would use their energy to do something constructive. Life's too short. Our world has too many problems and people hurting.

  • Ron Wallace "One would think they would use their energy to do something constructive. "

    If the idiots on the web didn't click through to their spam, it would make spam unproductive and not worth the time lol

    The webgalli plugin I think is most probably a useless plugin as it uses a 'stop forum spam' service and we're not forums and I really think we are being target specifically, and so need to add measures natively into elgg. We're an easy target so we get it more often!

  • I really think we are being targeted specifically

    Yes, no kidding. They come looking for things peculiar to our system. They do this type of thing for joomla, drupal and whatever too. I have my own ideas what to do about that but an upgrade would be painful.

  • if I was a millionaire i'd track the bastards down and ask them why the hell they do it... hell my websites a photography website, it doesn't need breastpumps!!

    Although I was getting spam every day, at least one new member, so I cut off registrations for a day or two then I wanted to analyse some spam so re-enabled it but since re-enabling I've had no spam?!?!??! and how did I disable? I just commented out the whole registration form leaving just the box that details whats the site about with a note saying 'registrations temporarily disabled' lol....

  • I will however on next spam problem be renaming my register.php form to something completely unique!

  • the webgalli plugin works the best out of all the ones i've looked at.

    breastpumps you say? hmm.. what's the url of your site? i've been looking for one of those... lol

     

    i think very often they are after credit card details.. 

    as has already been said though.. go plant a flower and hug your neighbour instead.. far more productive.

  • I don't think they expect to get anyone clicking on their links or placing orders...What they want is the outward facing links for the crawlers to find and raise their position in search listings.

    Their time would be better spent adding rich content to theit own site.