Spam/ Hackers problem

Hi Everyone!

I'm running Release - 1.6.1, Version - 2009072201 on a site at http://gardenerschat-shed.net/

I've been experiencing a lot of problems with spurious members (usually based in Chine) that register and then flood the blog area with spam. I keep on deleting the accounts but the problem is getting heavy. I also notice that one of these had hijacked the "Blogs" link and a Viagra ad. came up when it was pressed.

I think I need to be able to validate accounts manually as the auto e-mail verification set-up is not secure enough OR is there a way of filtering this crap? I notice most of the e-mail addresses given are jibberish - surely there's a mod somewhere that could distinguish between rubbish and genuine account registrations.

Any suggestions anyone?

Many Thanks,

G.

  • There are other "spam" related topics that precede this new post - I think you should have read the other posts and then added your comments there - e.g.

    http://community.elgg.org/mod/groups/topicposts.php?topic=406960&group_guid=52477

  • It is difficult to searach thru the boards here and find useful solutions to specific problems, like spam.

    I've have some success for the past two weeks with this approach:

    http://community.elgg.org/mod/groups/topicposts.php?topic=619266&group_guid=179063#annotation-2554505

    If you wanted, you could use some question about gardening that virtually all of your potential registrants could answer.

  • Thanks DhrupDeScoop.

    I've trawled through the thread you provided a link to (it's VERY long) and I've diligently read EVERY single comment. However nothing jumps out at me as being a perfect solution. Everyone seems to skirt around the problem - lots of contributors keep on reinventing the wheel by repeating the symptoms of the problem in different guises but no one seems to be able to reply with "This IS the solution".

    I think the Elgg community need to get their heads together to sort this problem out with one sure fire solution that actuallt sorts the problem out for good.

    What is your preferred solution suggestion DhrupDeScoop?

    BTW I've been deleting the accounts these spammers open on our site but one refuses to be deleted (so I've edited the details so that login cannot be successfully navigated". The account I can't delete triggers this error message:

    image

    Any ideas how I can rectify it?

    Many Thanks,

    G.

  • Thanks Stephen Sherman!

    This looks more promising. Where do I get the Plugin from? What I mean is, what's the name of it so that I can do a search in the Plugins section of this site.

    Asking a site subject related question that is not easy for a spammer to answer would probably do the trick. However, can you give me a leg-up into the saddle with more details about how to implement this approach please Stephen?

    Thank You in advance,

    G.

  • Stephen -

    I've just found the sitecode Plugin (couldn't find it under "shai_sitecode). Anyway downloaded it and then uploaded it again to my "mod" directory on the server. Went to enable it on the site and discovered that it needs version 1.7 to work - I'm running 1.6.1 :-(

    How much hassle is it to upgrade? 1.6.1 is probably getting a bit long in the tooth now anyway. The only nervousness I have is upsetting my site and losing a lot of hard work in the process (I'm a firm believer in the saying "if it ain't broke don't fix it").

    Can someone advise me on the process of upgrading please?

    Ta,

    G.

  • @BigG ->

    There is no cure for birth, death, taxes, cancer, kindness, rudeness, being mugged @ midnight and many other situations in life ;) The common denominator for all these is not  "..the solution.. one sure fire solution.." There's been a multitude of mathematicians since the 1980's tacking such problems and still.. no light at the end. Had I the means to derive a 'one-shot' solution.. I would not be posting here but cruising the carribeans 10 months a year.

    We must learn to live with the inconvenieces of diseases such as spam on our web-sites. Some of these spammers are actually very technically talented and probably have (surprise!) PHd's in Computing Sciences ;-P

    For our Elgg-based web-sites - we diligently patrol through-out looking for signs of suspicious activity. When our Site-Cops spot anything - they usually do *not delete *anything.. First - they get in touch  eith me so that I can collect all the evidence for later study to detect any patterns or tell-tales - in order that similar attempts in the future may be blocked.

    And yes we have gathered quite a bit of intelligence in this area. We do not publish our finding for several reasons. (1) We do not believe in publically disclosing hacking or spamming techniques and styles so that the average innocents may be a little safer; (2) All this research costs a lot off effort and time - Anyone serious to know of our techniques will usually know how and where to contact us for possible consulting.

    I have in the past invited active participation from Eggsters to contribute to this research and help further the fight against and protection for spam - but no takers so far. No one even bothered to ask what the heck that participation would involved.. and so all suffer.

    e.g. I once invited Elgg people to send me their URLs where they have captcha and other 'safety' measures - (yes ! I can break the SiteAccess captcha..) and that I would (try to) hack through those barriers to reaveal potential weknesses. Any takers ? Not even 0.5.

    I have been somewhat long-winded but.. no panacea for spam ;-(

  • By the by --> The world's first "hacker" ( what chances would we have had against him ) Oh by the way ;-) The story is that he did not actually intentionally create the worm - it was some "bug" in his code that went out of control ;-P  Some guy eh ?

    =>

    Robert Tappan Morris

    Morris, son of former National Security Agency scientist Robert Morris, is known as the creator of the Morris Worm, the first computer worm to be unleashed on the Internet. As a result of this crime, he was the first person prosecuted under the 1986 Computer Fraud and Abuse Act.

    Morris wrote the code for the worm while he was a student at Cornell. He asserts that he intended to use it to see how large the Internet was. The worm, however, replicated itself excessively, slowing computers down so that they were no longer usable. It is not possible to know exactly how many computers were affected, but experts estimate an impact of 6,000 machines. He was sentenced to three years' probation, 400 hours of community service and a fined $10,500.

    Morris is currently working as a tenured professor at the MIT Computer Science and Artificial Intelligence Laboratory. He principally researches computer network architectures....

  • Thanks-

    That's all extremely interesting but at the same time utterly depressing to read DhrupDeScoop.

    With myself plus two other assistant site administrators deleting spurious spam hacking members off our site on a daily basis, a point has to be reached where common sense prevails and you come to the conclusion that you have more pressing and important things to do in your life rather than spend precious time deleting prats off your members list.

    All I want is a bit of information on how I can successfully reduce the problem to a tolerable level. To be told that getting site hacked spam is one of the inevitabilities of life on an Elgg powered web-site hardly helps to resolve my problem.

    At the end of the day there are millions of networking sites out there - powered by other engines that DON'T seem to have the problem at this level. So the question that begs to be asked is: "if other software engines that drive other network sites can make their sites less attack prone, why doesn't Elgg?"

    I'm still hoping someone will come up with a suggestion that will reduce the problem if not get rid of it altogether. Stephen Sherman has helped by suggesting the use of the "sitecode" plugin but I can't use that until I upgrade to 1.7. Any other takers please?

    Thanks,

    G.

  • The problem here is that if the solution is disclosed, it becomes ineffective. Anti-spam techniques by their very nature need to be a bit secret. Posting a community plug-in to resolve this would ultimately be ineffective, as the bad guys would just download it, work out how it works, and go right around it.