Fake users registration attack

Hello everybody,

Since yesterday I have been under a spam attack. I disabled "Allow new users to register" option from Settings > Advanced Settings admin panel and I still have got attacks because new fake users have been registered.

Additionaly I have this plugins installed and enabled: uservalidationbyemail, recaptcha, iptracker, spam_login_filter, spam_throttle, honeypot and akismet.  

What can I do? Thank you very much.

  • spam_login_filter along with honeypot and uservalidation by email are a really good combo, however, you need to train spam_login_filter to work optimally and that depends on your community and their topics. Here are some suggestions:

    - Populate your email domain blacklist with the common domains used by spammers. There are a lot of these lists out there posted by forum admins and you can find them with a quick web search.

    - Consider adding Hotmail and Outlook email domains to your blacklist. I have found that a lot of spammers use these email domains and its way easier to block them and deal with the occasional false positive on a case by case basis by adding individual email addresses to the white list.

    - Block login from countries that generate a lot of spam if they do not also have a lot of potential users.

    - Block login if website, company, or other user metadata contains common spam topics like porn, shoes, and credit. While this step doesn't stop spammers from registering, it does keep them from causing damage afterward.

  • RJCalifornia, when you say your solution is "kinda extreme," do you mean, in terms of development?

    To the USER, I imagine it working almost the same as a regular registration. They click Register, they are taken to a place where they can register.... Then what happens?

    To me, the ideal solution will make it just as easy for a VALID USER to register. And impossible for a Bot.

    For that, I would hire hours of dev time, because it would save me 10 or 100 times those hours, down the road.

    Edited to add; Ed, maybe ask Newton how well that works, blacklisting whole IP domains. I mean, obviously you're right, he perservered and got onto Elgg. Would he have bothered for my site? I worry, maybe not. 

    Now going to look for plug-in for smilies, because that really needed one!

  • I can confirm that moving the registration form to a new location is quite effective. This has been tried on a client site and no new spam registrations have taken place since.

  • Ok guys, there's an easy way to change the url of the registration page.

    I'm sharing here the plugin that Brett released. It creates unique URLs for the registration page.

    http://community.elgg.org/plugins/1612728/0.1/registration-randomizer

    Give it a try, recommend it!

  • This rules set in .htacess is very effective against registration bots and also avoids automated other postings like a brute force attack on your login. No need to change registration url.

    RewriteCond %{REQUEST_METHOD} POST
    RewriteCond %{HTTP_REFERER} !.*example.com.* [OR]
    RewriteCond %{HTTP_USER_AGENT} ^$
    RewriteRule ^(.*)$ - [F,L]