Fake users registration attack

Hello everybody,

Since yesterday I have been under a spam attack. I disabled "Allow new users to register" option from Settings > Advanced Settings admin panel and I still have got attacks because new fake users have been registered.

Additionaly I have this plugins installed and enabled: uservalidationbyemail, recaptcha, iptracker, spam_login_filter, spam_throttle, honeypot and akismet.  

What can I do? Thank you very much.

  • Hi guys

    When I register elgg community, then it shows " access denied due to spam issues( ip blacklisted). please contact the site administrator "  so I have to login by twitter.

    Can anybody help me ?

  • @rjcalifornia  We too are tired of getting hit by spammers, which can't be good for our server, especially at the high number of hits we are getting, and I would very much like to implement your solution, it's just we are not a developer and do not understand how to do it. That said, we use Ismayil's hype framework for our sites, so that may leave us out of other solutions other than having him change the way the registration is done, and I've asked him about it, but no solution as of now. I think that if he could accomplsh such a task it would make his framework more valuable and others too may consider it. We like it a lot. Thank you.

  • @ ron Wallace..... what do you think about this ideas ..check this discussion ...... http://community.elgg.org/discussion/view/1584512/new-anti-spam-technique

  • spam_login_filter along with honeypot and uservalidation by email are a really good combo, however, you need to train spam_login_filter to work optimally and that depends on your community and their topics. Here are some suggestions:

    - Populate your email domain blacklist with the common domains used by spammers. There are a lot of these lists out there posted by forum admins and you can find them with a quick web search.

    - Consider adding Hotmail and Outlook email domains to your blacklist. I have found that a lot of spammers use these email domains and its way easier to block them and deal with the occasional false positive on a case by case basis by adding individual email addresses to the white list.

    - Block login from countries that generate a lot of spam if they do not also have a lot of potential users.

    - Block login if website, company, or other user metadata contains common spam topics like porn, shoes, and credit. While this step doesn't stop spammers from registering, it does keep them from causing damage afterward.

  • RJCalifornia, when you say your solution is "kinda extreme," do you mean, in terms of development?

    To the USER, I imagine it working almost the same as a regular registration. They click Register, they are taken to a place where they can register.... Then what happens?

    To me, the ideal solution will make it just as easy for a VALID USER to register. And impossible for a Bot.

    For that, I would hire hours of dev time, because it would save me 10 or 100 times those hours, down the road.

    Edited to add; Ed, maybe ask Newton how well that works, blacklisting whole IP domains. I mean, obviously you're right, he perservered and got onto Elgg. Would he have bothered for my site? I worry, maybe not. 

    Now going to look for plug-in for smilies, because that really needed one!

  • I can confirm that moving the registration form to a new location is quite effective. This has been tried on a client site and no new spam registrations have taken place since.

  • Ok guys, there's an easy way to change the url of the registration page.

    I'm sharing here the plugin that Brett released. It creates unique URLs for the registration page.


    Give it a try, recommend it!

  • This rules set in .htacess is very effective against registration bots and also avoids automated other postings like a brute force attack on your login. No need to change registration url.

    RewriteCond %{REQUEST_METHOD} POST
    RewriteCond %{HTTP_REFERER} !.*example.com.* [OR]
    RewriteCond %{HTTP_USER_AGENT} ^$
    RewriteRule ^(.*)$ - [F,L]