What one thing lets elgg down? Spammers... Mainly Chinese!

For the first few months I was getting spammed then I installed site access, and used the site password feature when registering great spam stopped, then a few weeks down the line one spammer so I changed the password great few more weeks then a new spammer, changed password next day new spammer(S) so I thought maybe there 'reading the password' from the text above that says enter xxxx so I changed it to please enter the numbers you see in order excluding the * (exp. **8****9****9*4**3) great 2 days no spammers then 5 in one day!!!!!!!!!!!

This ruins elgg completely....

I run a PHPBB forum with 3500 members We get a spam account once every few months and thats a basic standard installation!!!

I Sincerly hope 1.8 puts an end to spam and deals with it much more than 1.x

Regards,

One seriously P***** off Elgg site owner.

  • Math Captcha has been working for us... =)

  • All due respect to everyone...it really makes no sense to do anything to keep the spammers from posting content with outward links...they are already registered by then (and will still have to be manually deleted).  The only satisfactory answer here is to stop them from registering in the first place.  Blocking ip#s may be part of that (I will never have a valid member from China or Russia) but I often get spammers from all over the US too.  I've looked over the sign in and user names (and the email addresses used) and don't see a pattern that a mod would be able to reliably 'find' to stop most spammer registrations but that could stop many of them (most of mine seem to actually be humans rather than bots). 

    I (also a human) can see the patterns almost 100% of the time in the user name and/or email combo..ie: the name 'Buy Drugs Cheap' (or anything like that) is surely a spammer and 'anyname'@'anysite'.info also is, as is 'anyname'@pursescheap.com, or anything like that (Could a mod be written that would reliably notice things like that without blocking valid members?...doubt it).  Having to approve each member would work for me but would take just as much of my time as deleting them after they are registered.  I think we need a mod to block the bots and block specific ip#s...the human spammers will continue to have to be manually deleted.  

  • There's a weakness in elgg and we need to plug it!

  • Here are the IP for the latest spam poster I've had.  I have noticed the patterns, they are from Russia, the urls belong to a temperary email service and registered thru Go Daddy.  Hope this helps.  I have been blocking the urls with .htaccess.  But the list just keeps growing.

    69.10.61.50

     

  • @ captnbob  I show that ip in Brooklyn...many of my spammers are from all over the US now!

  • djSupport said "There's a weakness in elgg and we need to plug it!". I very much agree, and it appears to be getting worse with each passing day.

  • @ Clyde Yes the IP is from Brooklyn.  But the url, I should have posted it, belongs to a user in Russia.  I am also getting a lot of "users" from urls like this;

    708nhl-jerseys.com

    They never or rarely validate their email address so they never or post anything.  Most all seem to be from China.

    urrent Registrar: MELBOURNE IT, LTD. D/B/A INTERNET NAMES WORLDWIDE
    IP Address: 97.74.215.53 (ARIN & RIPE IP search)
    Lock Status: ok

     

      
    Domain Name.......... 708nhl-jerseys.com
      Creation Date........ 2010-07-15
      Registration Date.... 2010-07-15
      Expiry Date.......... 2011-07-15
      Organisation Name.... 708nhl-jerseys
      Organisation Address. 26 ren wrn
      Organisation Address. 
      Organisation Address. shanghai
      Organisation Address. 210000
      Organisation Address. shanghai
      Organisation Address. CHINA
    
    Admin Name........... ren wrn
      Admin Address........ 26 ren wrn
      Admin Address........ 
      Admin Address........ shanghai
      Admin Address........ 210000
      Admin Address........ shanghai
      Admin Address........ CHINA
      Admin Email.......... bengreen12364@yahoo.com
      Admin Phone.......... +86.13587879890
      Admin Fax............ 
    
    Tech Name............ YahooDomains TechContact
      Tech Address......... 701 First Ave.
      Tech Address......... 
      Tech Address......... Sunnyvale
      Tech Address......... 94089
      Tech Address......... CA
      Tech Address......... UNITED STATES
      Tech Email........... domain.tech@yahoo-inc.com
      Tech Phone........... +1.4089162124
      Tech Fax............. 
      Name Server.......... ns25.domaincontrol.com
      Name Server.......... ns26.domaincontrol.com
    
    
    
  • Yes captnbob...I get similar...some from today:

    708gucci-shoes.com

    708nba-jerseys.com                            

    deagot.com

    708jordan-shoes.com

    708nba-jerseys.com                            

    126.com                                          

    708mbt-shoes.com

     

  • Another spamer;

    64.191.16.101

    url = emeraldwebmail.com  Registrar = www.enom.com

  • Another spamer;

     

    IP = 69.10.61.50    url = mailexpired.com    Registrar = registrar.godaddy.com