Fake users registration attack

Hello everybody,

Since yesterday I have been under a spam attack. I disabled "Allow new users to register" option from Settings > Advanced Settings admin panel and I still have got attacks because new fake users have been registered.

Additionaly I have this plugins installed and enabled: uservalidationbyemail, recaptcha, iptracker, spam_login_filter, spam_throttle, honeypot and akismet.  

What can I do? Thank you very much.

  • In case anyone would have any further advice, my sites are still being attacked. Getting anywhere from 1 to 3 attacks a minute that ALL are being blocked by Spam Filter; so I'm not getting any fake registrations on any of our sites; but the attacks keep coming. I don't get why these jerks keep doing this when there's no registrations and no advantage to them. I'd hate to think that all our elgg sites are doomed to these attacks forever. Thanks for any further advice you can shed on this.

  • Well the attackers have gotten meaner. Now we're getting anywhere from 1 to 8 attacks per minute. No registrations just blocked attacks. Isn't anyone else getting this? Are we the only one?

  • What do you consider an 'attack' that's happening 1-8 times per minute?

  • I usually check the blocked IPs by SLF and on average I have 45 pages there which means around 1000-1200 blocked IPs per week. As for blocked attempts we are now around 220.000 and counting. We never stopped being attacked so without SLF this would have been a real nightmare.

    I still think sharing our blacklisted maildomains could help to also better stop the ones who are still getting through. Maybe they're the same spammers focusing on elgg sites so an Elgg-specific database of these domains could be an additional weapon.

    What about at the moment a simple page where to paste our lists so that each of us could take a look and copy if/when needed?


  • You should also consider the solution I shared with you days ago. We no longer have to worry about fake spammers now. We removed the registration page and we use a drop down registration form.

    That's one way to do it, another way is to change the registration address (to a custom one). Automated bots are specifically targeting the registration page. We changed that page for another to see how many hits could get. Over 32,000 just in January.

    Rodolfo Hernandez

    Arvixe/Elgg Community Liaison

  • Hi rjcalifornia,

    useful suggestion, thanks. Sometimes for non devs "easy" things are not so... :)


  • could you send me your site names? i used to get a lot of spam its very small now my traffic is medium i am 260.000 alexa rank world wide which is quite high but nothing to special check szsocial.com even sign up and see how i deal with spam, i use just about every plugin available it may not be liked by hmm all users lol but it is necessery my traffic comes from search engines mostly so spam protection is a must and users dont mind once i explain why it is so spam tight security. the main thing that detered spammers is setting auto suspend users for a certain amount of time when they join from any actions annoying but really works well in detering spammers because they know the site is dedicated to spam free social networking, though of course i still get spammers lol just not as many as before just 1 or 2 or 5 a day sometimes 3 or 4 days no spammers at all sometimes 5 or 6 in 1 day

  • This comment was removed by a moderator because it contained advertising.

  • @Matt Becker-- We are getting 1-8 potential registrations per minute. As I explained, they are all blocked and we are getting no actual registrations because we require a profile image. I think getting 1-8 potential registrations per minute would be considered an attack.

    @rjcalifornia -- we are not elgg developers so do not understand how to implement the options you mention.

    @ Michele -- Your stats are similar to ours = A LOT. And, we have 3 sites, so we are getting 3 times A LOT = a REALLY LOT.

    I wouldn't care about all this since we are not getting any actual fake registrations, but by getting poked so often it's starting to get bothersome.

  • @Ron Wallace

    The Required avatar is a good measure, and you should keep that, in addition to spam login filter. My solution is kinda extreme, because I was tired of the getting hit by spammers.

    Rodolfo Hernandez

    Arvixe/Elgg Community Liaison