I made an elgg site (version 1.8) a couple months ago, and it didn't have a problem with spammers until just the last couple of weeks.
I proceeded to install the following plugins:
gutwacaptcha :
https://community.elgg.org/plugins/1172111/1.8.15C/elgg-captcha
Spam login filter with all the defaults:
https://community.elgg.org/plugins/774755/1.8.5/spam-login-filter
and Honeypot spam catcher:
https://community.elgg.org/plugins/1131529/1.0/honeypot-spam-catcher
They still got through at about the same rate as before, which I suppose means that the captcha is useless, they're using domains/IPs that aren't on the blacklists, and they know to look past that hidden honeypot field that is supposed to catch them.
What to do now? Before I mess around with the code in these plugins, I'd like to know if there are any other measures you guys have used to prevent the onslaught of spam accounts being created just to post a single spam post.
On a side note, I noticed that every one of the spammers was creating an account through an outlook.com email, and as a temporary fix, I blacklisted outlook.com emails, but of course, they're now starting to come in with yahoo and hotmail, and so the bad workaround is an even worse one.
info@elgg.org
Security issues should be reported to security@elgg.org!
©2014 the Elgg Foundation
Elgg is a registered trademark of Thematic Networks.
Cover image by RaĆ¼l Utrera is used under Creative Commons license.
Icons by Flaticon and FontAwesome.
- Oranjoose@oranjoose
Oranjoose - 0 likes
- Evan Winslow@ewinslow
Evan Winslow - 0 likes
- Krischan@krischan
Krischan - 0 likes
- Sathish Kumar@rubon
Sathish Kumar - 0 likes
- Dries@driesdk
Dries - 0 likes
- Tom@Thomasondiba
Tom - 0 likes
- Oranjoose@oranjoose
Oranjoose - 0 likes
You must log in to post replies.Does 1.9 have better spam rejecting features?
No
We have stopped spammers registering almost completely with this plugin and some very creative questions:
https://community.elgg.org/plugins/793357/1.9/elgg-text-captcha
But I guess for a general public site, you will have difficulties to find questions that can not be easily solved by manual spam sweat-shops. I also don't know how many genuine people give up registering because they can't answer the questions ;)
https://community.elgg.org/plugins/793357/1.9/elgg-text-captcha
use this and create a different question and keep on changing the questions .. it will protect you
thanks
Ohyesteam
This is effective: https://community.elgg.org/plugins/1612728/0.1/registration-randomizer
This prevents bots from signing-up since your register page is never the default url, always random and it's the default URL they are heading to, to try and sign up.
I am sorry to hear how the spammers are frustrating you and your site. The hardest thing to stop is human spammers. Most companies will pay spam sweat-shops to solve most captchas available even at the moment including the, gutwacaptcha :
https://community.elgg.org/plugins/1172111/1.8.15C/elgg-captcha
At the moment, gutwacaptcha works faithfully but needs a few tweeks to make it work to it's optimum.
For example, the next versions will include a limit a user can mess around with the site or solve gutwacaptcha. This way the bots can not just brute force the gutwacaptcha.
Try sitecode plugin. The site code will help you shut down the registration of your site to new members and including the bots or spammers while dealing or deleting the registered spammer.
Comment posted from a cellphone~~~
Thank you all. It seems that the spamming has tapered off since I installed the textcaptcha. Won't count my chickens before they've hatched, but this is a good sign!