Spam @ Elgg Sites

How do we handle spam users/ content on elgg-based web sites ?

  • @Webgalli and @Izap

    Torsten and I are looking for feedback on the development that we are doing ;) not quite exactly asking you guys to take advantage of yet another opportunity to flaunt your own (commercial?) PlugIns and your (exceptional) programming talents and saying "me too.. me too.." for your own PlugIns here on this my group.

    Please be polite and stay on topic as set.

    There are other places for you both to do your own TCB things and promote your PlugIns, but not here ;-P

  • I guess it's difficult to suggest features for an anti-spam tool in addition to "no more spamming!".

    Using AJAX to allow for cross-checking of available usernames + emails sounds great. I'd been using a plugin that already did this, but unfortunately it was never ported to Elgg 1.7 - and I failed porting it myself. It would be nice - in case you will release your anti-spam tool - to make it working parallel to possibly installed plugins that tune the registration/login page, for example vazco_topbar. Other plugins might also exclude each other. In case of vazco_topbar the issue with for example the useravailable plugin is due to internal identifiers used in JS/AJAX.

    Beside checking for availability of username and email address the admin option to force providing of a profile icon already at registration would be interesting.

  • As before ->

    "As I have said before - you get spammed on your sites' profiles, blogs, pages, etc - do not delete and destroy the evidence immediately -> save all that you can and send to me for study - your reward might be some workable-solution for those attacks for tailored for your site
    ."

    "suggest features for an anti-spam tool..." =>

    we can study the usual spam techniques in use -- this means that everyone can report when, what, how they get spam - there is some chance that we can develop more advanced logic to bypass and block these. While people are complacent and do not report any situations beyond their opinions - there is little evidence to go by to develop more spam-fighting techniques.

  • I guess the only spam-proof solution would be a plugin which validates users by SMS, auto voice call validation or captcha designed for one site only. Another approach is to make your site useless for spammers by eg. registration with recommendation only, small registration fee or visibility of user profiles after certain amount of validated posts and after certain activity. Those are all quite harsh solutions but very effective.

  • I  use quite a few profile fields upon signup as mine are business profiles and I want the info. I have had only a handful of spammers.  I don't know how much having the extra fields helps or not. I have been deleting the users in 1.7.4 no problems so far.

    Isn't there someway to just allow no activuty but viewing for a few days or until the admin approves/vaildates the user?

    "Greetings new member. We take pride in a spam free network environment. We may reserve the right to validate your profile as an appropriate memebr of our community. Can we please have your social secuity number, Homeland Security ID, face recognition profile, the keys to your home and online bank account numbers...."

  • "..just allow no activity but viewing for a few days or until the admin approves/vaildates.." ?
    *now - that's an idea !;-)

    . . .
    register_elgg_event_handler ('create', 'all', 'validate_3_few_days_after_register');
    function validate_3_few_days_after_register ()
    {
        gatekeeper();
        if (..user has registered less than 3 days...
        {
            ...kick him out with message
            "aha ! you have just registered in the past 3 days
            patience ;-)
            after 3 days you can post stuff here lolz ;-) "
            global $CONFIG;
            forward (.. $CONFIG->url... etc hee hee );
        }
    }

  • We encountered serious spam problem this week as it seems reCaptcha was broken. In 4 days over  10.000 spam accounts registered succesfully on our site (even though they couldn't post). Luckily we could instantly delete them.

    I tried recaptcha, visual captcha, webgalli's plugin and a few other solutions. They were all unsuccesfull. All other solutions I heard of were rather helping in removing spam or taking away proffit from spam, not preventing it.

    Finally we wrote our own custom captcha and we had no spam for the last 30 hours. Creating captcha plugin wasn't so hard.

    It seems the best solution, as it's not efficient for spammers to try to break captcha which is used by only one site. Each solution which is used by multiple sites will eventually get broken.

  • Perhaps its time for an audio catchpa to be intergrated into elgg or site index?

  • We are these idiots after Elgg sites? Do they do this to everyone else, Joomla, Drupal whatever? It seems like Elgg is being targeted for some strange reason, someone jealous out there?