Malicius Bots without validated method

To protect my site versus the spam I'm using Image Captcha 2.0 and Spam Login Filter 1.8.5 Both plugins works fine to stop 99% login spam... yesterday! ;-)

For a few days I have encountered a new type of spam robots. Bots with avatar and Spanish names (my community speak spanish) but his validated method is empty!!!. These bots are able to perform different actions in Elgg as "likes", for example. Anyone have the same problem? As you solved?

  • @ Wogker, most bots are able to perform different actions in Elgg as "likes" because most spam software developers knows that "likes" is triggered by a  page handler called likes, all that they do is just target your site url then followed by the handler e.g likes then run the objects or site annotations stored in the database for specific users or group... by doing this, the bot can register, created a blog, file and then run the likes handlers of that perticular annotation that they have created... to tell the readers or search engines (backlinking) that the spam they have posted has more value than the rest of the site contents. On the other hand, the spam bots can even refresh the pages thousands times to increase the VIEWS count of a certain content to catch attentions of the search engines backlinking or even regular site members.

    To cut long story short, have you tried this plugin and see if your issues is taken care off?

    http://community.elgg.org/plugins/1488356/1.8.15/elgg-hammer

  • I've noticed that you allow signing in with a twitter account on your site. Could this be an explanation for the empty validation method? I've never allowed signing in with Twitter and/or Facebook credentials and therefore I don't know if there is any kind of validation done for these type of accounts. Maybe the spammers simply join your site with a fake Twitter account? You might want to check this. Maybe I'm wrong and there is some validation method entry saved in the database for these accounts.

  • Yeah!, Iionly, You are right! They aren't bots... only twitter users. Buf, I deleted a little! :) Sorry!

    Tom, your plugin idea is great, I will test your plugin, thanks!

     

  •  @ iionly , you are right and thanks for norrowing the problem down to empty validation methods via twitter or facabook and other elgg sign in services! ... I was also thinking about the signing options and then was cought up with family chores and had to leave the site for some time...

    @ Wogker , Thanks for your input concerning Elgg Hammer... Test it and if you have any question or suggestion let me know... Have a nice weekend.