Fake users registration attack

Hello everybody,

Since yesterday I have been under a spam attack. I disabled "Allow new users to register" option from Settings > Advanced Settings admin panel and I still have got attacks because new fake users have been registered.

Additionaly I have this plugins installed and enabled: uservalidationbyemail, recaptcha, iptracker, spam_login_filter, spam_throttle, honeypot and akismet.  

What can I do? Thank you very much.

  • Over night, we got hundreds upon hundreds of blocked registrations, but since we have New User Registration disabled, we got NO new fake users, but of course, this is not an acceptable alternative. Michele, thank you for the info, I understand. My concern is that we have 3 sites, and if one site is being attacked at a a rate of one per minute that 3 times that will cause our host to blow his cool. Further, we had plans of opening more sites, with this kind of attack rate, it's not likely. We're thinking seriously about moving the sites on a regular basis trying to stay in front of the spammers or looking for an alternative, which is sad since we've been working with elgg since version .9. It just appears that elgg is prone to attacks whick is a serious problem for a professional business. We're thinking.

    By the way, I feel very, very sorry for any person on this universe that has nothing to do with their time than to hurt and harm other people. Life is so short, and there are so many people that need help and are suffering for a million different reasons, that if these spammers would put their energy toward helping people rather than harming them, the world would be a better place and I'm sure the spammers would have a better life. To hell with them.

  • Michele, I'm willing to participate in any way and all ways. Right now I've got 2 of 3 sites shut down and the one that is open is getting 1 to 4 spam attacks per minute. We've gone years without this being a problem, but once they found us, about a month or so ago, all 3 of our sites were attacked. Presently we're working on moving the test site.

    We too are using spam login filter, that's how we know how many hits we are getting. I'm just not confident though that uservalidation by admin is the best choice. I admit I have not tried it, but since we were getting 50-150 fake registrations per day for one site, 3 sites would cause 150-450 per day and that's a lot of messing around to delete them or however. And, the fact that we're now getting such a large attack, we worry that our host will shut us down.

  • @Michele, You said, "when I now delete users from uvba they're not reported to stopforumspam so can register again and again and again"

    We we delete fake users, they ARE REPORTED. Our last report was Dec 28, which was the last fake users we got. And they have been being reported since last Sept, when I believe that problem had been fixed.  So, it appeas to me that they ARE getting reported properly. But, to me, the problem is that there are so many of the fake users be created, it's impossible to keep up with them.

  • Experimented with moving the site, bad idea. So, we're back to at the very least trying to keep the fake registrations away - "maybe" if we can do that, they may decide to stop the attack. We've added the Profile Manager and required an icon be added. Let you know what happens.

  • So far so good, although we got a boat load of spam attacks that were all discovered by stopformspam, since we installed ProfileManager and required a profile icon during registration we have NOT gotten any fake registrations.

  • You can also try another option.

    1. Remove the registration form from the elgg's default registration page.
    2. Create a new page for user registrations and link your "Register" button to that page. 

    This way all those bot softwares that are targeting your elgg's registration page will fail.

  • An interesting observation: Our site is still on Elgg 1.8.14 and we used to get a LOT of fake user registrations, but since Christmas it actually seems to have stopped. So maybe the bot network was updated to look for 1.8.16 installations?

  • @Team Webgalli, excellent idea, unfortunately we aren't smart enough about elgg to be able to do that. It would be wonderful if there was step by step instruction, or a plugin, even if there was a cost involved, we would, and I'm sure others would, be interested. fyi, we use ismayil's hypeframework, I'll give him a hollar.

  • Hi guys,

    I have this demo site  for about several days without getting fake users. New users registration was on and we only had the core plugins active plus these:

    -River Addon (Ajax River)

    -Custom Theme

    -Custom Plugins

    -Elgg Build Version 1.8.16

    -Custom Front Page Registration Form (/register disabled)

    -No Anti Spammer plugin

    Most of our demo sites are build like this, registration on front page, /register removed. So that might be a temporary solution. 

    Rodolfo Hernandez

    Arvixe/Elgg Community Liaison

  • Besides spam filter login plugin. The following directly implementable measures will stop automatic spam bots and most manuals:

    - Use a captcha plugin. There are a lot of them available here.

    - Require avatar upload. That makes it harder for bots to automate.

    - Change the required fields and mark them as mandatory. Existing scripts immediately fail on that.

    - Check input with java for correct and non existing users, email etc.. Profile manager can do this for the default fields. Extend it with some fancy check on other fields.