Users registering in elgg without an email confirmation
Elgg version : Release - 1.7.2, Version - 2010071002
The new users write spam blogs with repeated links to other sites.
http://eclug.co.uk/elgg/
An attempt to block some of the rogue spammers attempting hack into this site in the last few days from the following ip address.
124.160.102.132
91.212.135.69
124.160.102.131
122.234.243.12
118.250.188.187
To block these ip address.
In cpanel under SITE MANAGEMENT select IP DENY MANAGER Add an "IP Deny Manager" Click on add.
This has helped but each day I have to delete even more unwanted blogs and anonymous logins.
As a temporary measure in cpanel I password protected the blogs directory.
The following plugins used
Enable AllDisable All
This admin panel allows you to control and configure tools installed on your site.
Down Bottom
Disable
Adds a button bar menu below the header
more info
Top Up Down Bottom
Disable
TinyMCE plugin-embed multimedia TinyBrowser - Elgg Language Support and TinyBrowser Userdirs by Karsten Schulze 2009
more info
Top Up Down Bottom
Disable
more info
Top Up Down Bottom
Disable
Site wide categories
more info
Top Up Down Bottom
Disable
Rotate the system log at specific intervals
more info
Top Up Down Bottom
Disable
File browser plugin
more info
Top Up Down Bottom
Disable
Elgg simple twitter widget
more info
Top Up Down Bottom
Disable
Perform some database cleanup tasks
more info
Top Up Down Bottom
Disable
Provides a microblogging service for your Elgg site.
more info
Top Up Down Bottom
Disable
Allow search across entities of the site
more info
Top Up Down Bottom
Disable
Simple user account validation via email.
more info
Top Up Down Bottom
Disable
A simple plugin to let users browser other members.
more info
Top Up Down Bottom
Disable
Elgg notifications plugin
more info
Top Up Down Bottom
Disable
This plugin enables an administrator to define a default set of widgets for new users
more info
Top Up Down Bottom
Disable
This is a very simple plugin that lets site admin populate an about page, terms, privacy and contact. You can also edit the frontpage text.
more info
Top Up Down Bottom
Disable
This plugin allows users to put a message board on their profile for other users to post comments.
more info
Top Up Down Bottom
Disable
Provides group support for elgg
more info
Top Up Down Bottom
Disable
Adds the option for users to report content and for admins to check it out.
more info
Top Up Down Bottom
Disable
Elgg diagnostics tool
more info
Top Up Down Bottom
Disable
Browse the system event log
more info
Top Up Down Bottom
Enable
Friend invite page
more info
Top Up Down Bottom
Disable
This simple plugin lets users play mp3's in the page.
more info
Top Up Down Bottom
Disable
Elgg Pages
more info
Top Up Down Bottom
Disable
Provides a poor man's cron trigger to trigger cron scripts based on site visits.
more info
Top Up Down Bottom
Disable
Elgg blog plugin
more info
Top Up Down Bottom
Disable
Alternative replacement for the standard Elgg dashboard.
more info
Top Up Down Bottom
Disable
Elgg bookmarks plugin.
more info
Top Up Down Bottom
Disable
Provides a simple Elgg wrapper around the twitter class written by David Grudl
more info
Top Up Down Bottom
Disable
Provides security filtering. Disabling this plugin is extremely insecure. DO NOT DISABLE.
more info
Top Up Down Bottom
Disable
Allows users to easily upload and embed media into text areas.
more info
Top Up Down Bottom
Disable
Elgg internal messages plugin. This plugin lets user send each other messages.
more info
Top Up Down Bottom
Disable
A simple plugin to replace the sites index page with boxes containing the latest content from the site.
more info
Top Up Down Bottom
Disable
Provides friend widgets for your profile
more info
Top Up Down Bottom
Disable
Elgg profile plugin.
more info
Top Up Down Bottom
Disable
Provides captcha support (Requires the php_gd library).
more info
Top Up Down Bottom
Disable
Elgg event calendar plugin
more info
Top Up Down Bottom
Disable
Tidypics Photo Gallery
more info
Top Up Down Bottom
Disable
This plugin lets users to put videos from youtube, vimeo, veoh or directly from the desktop.
more info
Top Up
Enable
Elgg Videolist
more info
Do you know any way to stop the anonymous logins that seem to bypass the email verification?
Do I need to change some of the file permissions?
In cpanel I can password protect any directory would this be a solution the password on blogs is not very satisfactory?
Tony
East Cheshire Linux User Group.
info@elgg.org
Security issues should be reported to security@elgg.org!
©2014 the Elgg Foundation
Elgg is a registered trademark of Thematic Networks.
Cover image by RaĆ¼l Utrera is used under Creative Commons license.
Icons by Flaticon and FontAwesome.
- Cash@costelloc
Cash - 0 likes
- Tony@eclug
Tony - 0 likes
- Tony@eclug
Tony - 0 likes
Update on the login and spam blogs. Cash recommendations on updated captcha. Also updated elgg to the latest version. Thank you Cash for the simple answer and fixed the login problems. I tried siteaccess and trapped one of the spammers They attempt to create Elgg accounts by devious means all had an email ending in @126.com tracking the ip address appeared to be a local ip address but the email address with 126.com is located Guangdong. Guangdong is one of China's most prosperous provinces in China. Although 126 appear to be a very large legitimate company. New accounts with the these will need constant monitoring to trap the user and prevent nuisance spam blogs.
- Paul Maidment@paulmaidment
Paul Maidment - 0 likes
- DhrupDeScoop@Dhrup2000
DhrupDeScoop - 0 likes
- Cash@costelloc
Cash - 0 likes
- Paul Maidment@paulmaidment
Paul Maidment - 0 likes
You must log in to post replies.There is no way that I know of to bypass the validation step.
I don't know what you mean by anonymous logins.
Also, there are some better captchas other there. You could try the recaptcha plugin available in the plugin repository.
Hi Cash
Many thanks for your advice. I will try an enhanced recaptcha plugin sounds like good advice.
My very simple temporary approach to stop the continual spam blogs.
Yesterday In cpanel I password protected /mod/ blog directory.
This morning a user logged in and posted 4 spam blogs I wasn’t expecting any.
Spammers seem to be spoiling so many elgg sites I had a look at about 6 or 7 elgg sites all had multiple random off subject texts but with repeated links to watches, clothing, finance.
Trying to trap rogue urls and IP address does help but only to find yet another pop up.
All the post so far originates not from the uk & Europe but from China, Asia/Africa and Russia.
I love the elgg cms but wish we could overcome spam.
I wonder if any coders have any solutions like a plugin to only allow home countries.
Or perhaps a spam filter plugin similar to some of the very good email filters used in Thunderbird.
Thank you all for putting so much time into the elgg project.
Tony
Hi There,
We have been experiencing a similar issue. Take a look at mod/uservalidationbyemail/start.php
function uservalidationbyemail_generate_code($user_guid, $email_address)
{
global $CONFIG;
return md5($user_guid . $email_address . $CONFIG->site->url.get_site_secret());
}
If the line reads...
return md5($user_guid . $email_address . $CONFIG->site->url);
Then you have an insecure build as there is a vulnerability in registration confirmation (it is possible to predict the confirmation code sent in the email.)
The site secret needs to be added to the code as per the listing above
Google "ip blacklist database" to see what sort of spam blockers aid is already available. There are also country-ip databases available where REMOTE_ADDR can be looked up to fetch country and then one can allow or deny.
I fixed the vulnerability in the email validation plugin 10 months ago: http://trac.elgg.org/changeset/3731/trunk/mod/uservalidationbyemail/start.php
Yup, my apologies for that Cash, the only reason this came to my attention is that I was looking an an old 1.5 build. I found that some folks could punch their way through using this technique.
These guys do a great free IP database for determining country of origin
"wget http://software77.net/geo-ip/?DL=1 -O /path/IpToCountry.csv.gz"
1) Wget that file (read the terms as they have some 'non abuse' conditions)
2) Use a mysql infile statement to import it into a table of choice
3) Use code similar to that shown below...This will return a row of data, country of Origin
$address_long = sprintf('%u',ip2long($_SERVER['REMOTE_ADDR']));
$sql = "SELECT * FROM country_ips WHERE start <= ".$address_long." AND end >= ".$address_long;
$rows = get_data($sql);
Get this data and then decide on whether or not the user will receive the validation mail. If the user does not receive the mail, an admin will. Customise actions/register.php to achieve this.
I hope this helps.
Paul