Fake users registration attack

Hello everybody,

Since yesterday I have been under a spam attack. I disabled "Allow new users to register" option from Settings > Advanced Settings admin panel and I still have got attacks because new fake users have been registered.

Additionaly I have this plugins installed and enabled: uservalidationbyemail, recaptcha, iptracker, spam_login_filter, spam_throttle, honeypot and akismet.  

What can I do? Thank you very much.

  • @Michele, You said, "when I now delete users from uvba they're not reported to stopforumspam so can register again and again and again"

    We we delete fake users, they ARE REPORTED. Our last report was Dec 28, which was the last fake users we got. And they have been being reported since last Sept, when I believe that problem had been fixed.  So, it appeas to me that they ARE getting reported properly. But, to me, the problem is that there are so many of the fake users be created, it's impossible to keep up with them.

  • Experimented with moving the site, bad idea. So, we're back to at the very least trying to keep the fake registrations away - "maybe" if we can do that, they may decide to stop the attack. We've added the Profile Manager and required an icon be added. Let you know what happens.

  • @Ron as for the not reported ones I was referring to the usage of uservalidation by admin not spam login filter which almost always works except obviously when stopforumspam is down

  • So far so good, although we got a boat load of spam attacks that were all discovered by stopformspam, since we installed ProfileManager and required a profile icon during registration we have NOT gotten any fake registrations.

  • You can also try another option.

    1. Remove the registration form from the elgg's default registration page.
    2. Create a new page for user registrations and link your "Register" button to that page. 

    This way all those bot softwares that are targeting your elgg's registration page will fail.

  • An interesting observation: Our site is still on Elgg 1.8.14 and we used to get a LOT of fake user registrations, but since Christmas it actually seems to have stopped. So maybe the bot network was updated to look for 1.8.16 installations?

  • @Team Webgalli, excellent idea, unfortunately we aren't smart enough about elgg to be able to do that. It would be wonderful if there was step by step instruction, or a plugin, even if there was a cost involved, we would, and I'm sure others would, be interested. fyi, we use ismayil's hypeframework, I'll give him a hollar.

  • Hi guys,

    I have this demo site  for about several days without getting fake users. New users registration was on and we only had the core plugins active plus these:

    -River Addon (Ajax River)

    -Custom Theme

    -Custom Plugins

    -Elgg Build Version 1.8.16

    -Custom Front Page Registration Form (/register disabled)

    -No Anti Spammer plugin

    Most of our demo sites are build like this, registration on front page, /register removed. So that might be a temporary solution. 

    Rodolfo Hernandez

    Arvixe/Elgg Community Liaison

  • Besides spam filter login plugin. The following directly implementable measures will stop automatic spam bots and most manuals:

    - Use a captcha plugin. There are a lot of them available here.

    - Require avatar upload. That makes it harder for bots to automate.

    - Change the required fields and mark them as mandatory. Existing scripts immediately fail on that.

    - Check input with java for correct and non existing users, email etc.. Profile manager can do this for the default fields. Extend it with some fancy check on other fields. 

  • @Gerard The Required Avatar is a good way to stop spammers. Also a passphrase captcha is another good idea. Also we need to check if third party plugins are not sending data to somewhere else.

    Rodolfo Hernandez

    Arvixe/Elgg Community Liaison