Ok so my website got hit really bad recently. Luckily I have now plugged the hole.. I'm not getting any spam profiles anymore HOWEVER.. I now have 4000 spam profiles on my website as a leftover from the attack. How am I going to get rid of these spam profiles without having to check each one and clicking delete? Is there some kind of search tool where I can say "ok anyone that mentions viagara, or payday loans get deleted"? Or some mass user deletion tool?
Thanks in advance!
info@elgg.org
Security issues should be reported to security@elgg.org!
©2014 the Elgg Foundation
Elgg is a registered trademark of Thematic Networks.
Cover image by RaĆ¼l Utrera is used under Creative Commons license.
Icons by Flaticon and FontAwesome.
Wow that sucks, and thats alot to delete individually. How did you let it get to that point without noticing them? You should be checking memberlist every other day to see what kinds of people are joining and whether you need better spam filters in place to prevent this from happening, its definetly hard to keep up with since the bots evolve and get smarter but the key is to stay one step ahead of them, but goodluck with this.
Hi thefonz22, can you please share with us what feature of Elgg allowed these spam profiles to be created? Is it because there is no CAPTCHA or something else? Also what you didt to "plug" it? The information will help other people and deny these people called spammers, who have no life, another chance.
No need to delete one by one, there is Brett's bulk delete plugin. I think the 1.8 version is on github, dont know why its not here.
@Asmarino - loads of captcha plugins here as well as my own honeypot one and many can be used together
Spammers are now being more agressive, not only in elgg. Bulk delete plugin for elgg 1.8 should be available in github.
To avoid situations like this use:
-Honeypot Spam Catcher
http://community.elgg.org/plugins/1131529/1.0/honeypot-spam-catcher
-Spam Login Filter
http://community.elgg.org/plugins/774755/1.8.1/spam-login-filter
-IP Login Tracker
http://community.elgg.org/plugins/446342/1.8.1/ip-address-tracker-plugin
-Akismet for elgg 1.8
https://github.com/ewinslow/elgg-akismet
Rodolfo Hernandez
Arvixe/Elgg Community Liaison
@ rjcalifornia You are right. When the economy gets tougher, the spammers work harder. In addition to your list, Elgg users can use:
Elgg-captcha: this can be used with any extra captcha
http://community.elgg.org/plugins/1172111/1.8.x/elgg-captcha
http://community.elgg.org/plugins/821368/1.5/spam-throttle-18x
Well long story short I made the mistake of checking my activity feed, latest posts, bookmarks etc. I failed to keep an eye on the members list. I had a captcha installed so I just presumed that because I was only getting a few spam posts here and there that everything else was doing fine.. Maybe 5 months later I click to see all my members.. To my horror there was over 4000 all filled with spammy profiles for payday loans, hair removal etc etc. I installed honeypot the other day, which is freaking amazing!! But now I still have those 4000 profiles as a reminder.
I know a lot of the spam these days can be tracked back to fiverr. For example this guy makes money selling spam links on elgg sites. http://fiverr.com/truthealer07/give-you-my-private-list-of-2700-verified-elgg-social-networking-sites
Is there antyhing we can do to stop these kind of sellers spamming us?
there's really no best defense for actual human spammers. the only way would be to track their IP, traceroute it then do a region blacklist via htaccess or a third party service and just blacklist the entire city, state, country that ISP lives in.
i get a lot of spammers from delhi, delhi so i'm gonna ban that certain city from my site
@Mark i saw Brett's bulk delete plugin for 1.7 but not for 1.8. If you could help locate it and post the URL here that would be aswesome, plus it will help anyone reading this in the future that may have the same problem as me. CHeers Mark!
Y not try this.... if your spammers are not loggin in it will get deleted automatically.. http://community.elgg.org/plugins/1181949/1.1/login-reminders
- Previous
- 1
- 2
- 3
- Next
You must log in to post replies.