We are having a growing problem with spammers hitting my Elgg site, SimplyFair.net, so much so that we have turned the registration off for now. It used to be they were coming overnight, now it's daytime too, as though this is a competition. We have a captcha in place, but it doesn't seem to be deterring phony "registrants".
My question is, Does Elgg have a plug-in that refers new "registrants" to the site administrator before they are accepted as members? That might solve this problem, if a solution is indeed possible.
info@elgg.org
Security issues should be reported to security@elgg.org!
©2014 the Elgg Foundation
Elgg is a registered trademark of Thematic Networks.
Cover image by RaĆ¼l Utrera is used under Creative Commons license.
Icons by Flaticon and FontAwesome.
i am using the spam filter plugin in conjunction with stopforumspam.com and also cloudflare.com.
this equates to zero spam.. you may need to tweak the settings so they are best for your preferences.
For admin validation try, http://community.elgg.org/plugins/875414/1.0/user-validation-by-admin-for-18x
I operate a range of elgg based sites - and I see some interesting things where some sites are attacked far more than others, when they all have essentially the same spam protection. I wonder if there's any particular reason why one site would get more spammer attention than another...
Also if anyone's interested - I just made a big pull request to spam_login_filter with some new enhancements - including whitelists for ip/email/domain and configurable protected pages.
thanks matt - i didn't look at your update to the plugin.. though i can envision that the whitelist feature would work well if there is a list of the emails/users that have been marked as spammers and a way to add them to the whitelist directly in the elgg admin panel.
different sites certainly attract different types of spamming.. and different spammers..
every case is unique and sometimes the choices might be as simple as the name of one web-sight beginning with a particular letter of the alphabet.
My site (only 200+ users) went a couple of years with around 2-20 spammers on most days but they were clearly individuals selling everything from boots to septic cleaning and they were from all over the world...telling me my site was posted on a list somewhere those spammers saw. Recently, however, a bot found it and, at first, there were a few hundred a day (each with an (xxxxxxxx+xxxxxxx) at outlook dot com address)...manageable as long as I signed in and deleted them every few hours but, at the end, there were several hundred every hour...not manageable at all (I had to delete over 15,000 one morning when I got up). My site crashed, and was unrecoverable after that (each available backup included a host of spammers and posts I had already deleted before), so I started from scratch...installed the new script and got over 200 registrations before I signed in as admin and removed the 'allow new users' check mark in the settings!!!
For new registrations I added 'gender', an 'accept our terms' check box, require an avatar upload, require 'location' and 'brief description' plus added 'captcha' while I was building, and testing, the new site...then allowed new registrations again to see what would happen.
I've had one spammer register in the last 3 weeks (he never got to post anything...I noticed 'London' for location but the IP was China so he was deleted). I have the other suggested mods in my tools, ready to activate if/when I need to. Now I just have to re-post all the content that was lost and get real members to sign up again. There's no fun in dealing with spammers.
@ dougbed, spammers are here to stay. It is a hard pill to swallow but that is the reality... Anti-spam tool do not stop human spammers from registering to Elgg sites. I have several Elgg sites and I can agree with Matt Beckett that some sites are bombarded more than others by spammer’s robots. Most spammer's companies and individuals especially "human spammers" from China - have realized that our team is stopping and tracking them with Elgg anti-spam plugins and they have stopped their dubious activities....We now normally get one or two spammers after four to six months!
To keep up with human spammers, the Elgg anti-spam plugins developers have to understand the pattern of spammers. No warder facebook was tired of spammers and introduced a dollar charge for sending messages to strangers ....
Thanks to all who replied on the issue of spammers. We have installed an Elgg anti-spamming plug-in, the one recommended by ura soul, I believe, and it's been very helpful. Learning as we go. Thanks, again!
@Matt Beckett, good to see the pull request. I really do believe once SLF is updated to where it reports IPs and emails to SFS it will radically reduce the spam Elgg users see almost immediately. Even for those without spam protection.
I noticed differences in attack patterns as well. As I mentioned before it seems if you are dilligent in removing the spam right away eventially they give up. Could the reason for sites with the same security getting variable spam rates be due to this or perhaps differing traffic patterns or search engine visibility or perhaps even PR (page rank)? That would make some sense as spammers want to concentrate on where the return is greatest and the least amount of effort is required.
@clydek I've filed a ticket to make registration closed by default.
- Previous
- 1
- 2
- Next
You must log in to post replies.