Surely I am not the only one... but 4 days ago I got spam messages here on Elgg.org messages mailbox with the title "hello my new friend" :(((
Interesting is that the sender image is ... my own ! This should not be possible, but how did it happen?
I've not replied to the message...so no idea where it will be going !
info@elgg.org
Security issues should be reported to security@elgg.org!
©2014 the Elgg Foundation
Elgg is a registered trademark of Thematic Networks.
Cover image by RaĆ¼l Utrera is used under Creative Commons license.
Icons by Flaticon and FontAwesome.
I too got the same 2 days back :D hehehehe
yes, I received this too.
There have been several incidents were spammers have sent messages to large numbers of users in the past several days. Those accounts have been deleted, but Elgg's messages plugin has a bug (http://trac.elgg.org/ticket/1767) that causes those messages to stay behind and look like the receiver sent them.
I have written a messages throttling mechanism that will automatically ban users that attempt to send many messages in a short period of time. I expect that it will be running on this site by the end of the day.
Just enabled it now. One step closer to a spam-free community! :)
Just noticed this post.... If the Throttler is a PlugIn - I sure do hope it gets released to the community. I has noticed many, many Elggsters complaining about such similar spam. How on earth we at FK have escaped I cannot fathom.. Guess we've been lucky ;) Hmmm.. Some form of a combined BigBrother/Zaptor/other open source bayesian scripts might eventually be written.. to save us all.
All the code does is register a function for the 'create', 'object' event. That function does this:
function messages_throttle($event, $object_type, $object) {
if ($object->getSubtype() !== 'messages') {
return;
}
$msg_limit = 10;
$params = array(
'type' => 'object',
'subtype' => 'messages',
'created_time_lower' => time() - (5*60), // 5 minutes
'metadata_names' => 'fromId',
'metadata_values' => get_loggedin_userid(),
'count' => TRUE,
);
$num_msgs = elgg_get_entities_from_metadata($params);
if ($num_msgs > $msg_limit) {
ban_user(get_loggedin_userid(), 'messages throttle');
}
}
Yes, this is a big problem.
@Cash: Should I put your code on /mod/messages/views/default/object/messages ?
@Shouvik - no, create a plugin. There are tutorials on the Elgg wiki that describe the basics of making a plugin. You need to register for the event in your init function.
OK, gotcha. Thanks, Cash!
I just received a spam message from a user named "carlister", subject was "hi". Is this a common problem among other Elgg sites as well or is it just here?
- Previous
- 1
- 2
- Next
You must log in to post replies.