How do we handle spam users/ content on elgg-based web sites ?
info@elgg.org
Security issues should be reported to security@elgg.org!
©2014 the Elgg Foundation
Elgg is a registered trademark of Thematic Networks.
Cover image by RaĆ¼l Utrera is used under Creative Commons license.
Icons by Flaticon and FontAwesome.
I've only gotten a few spammers coming in a week. Banning doesn't really help hide the info (though it would presumably help with them signing up again with the same address) so using the Dashboard to see what they've done I go through and delete the spammer and any posts they made.
That cleans them up, but doesn't prevent them from signing in again with the same address afterwards, though that has not happened yet.
doug
Y'All
I have been working on some code to take care of this... not quite finis'd testing the code yet...
@ douglerner -You said you "delete the spammer". I'm under the impression that we should NEVER NEVER EVER delete a user. I've seen this mentioned a few dozen times in various groups that has strictly warned against doing so.
Are you saying that you "DO" delete the users? And if so, could someone please clear this up for me, can we or can we not delete users? I was under the impression that if we do, it will corrupt our database. Or is there some times we can delete them and other times we can't??
If necessary, I can trace the various conversations about this down, as long as they are not ones in groups that have recently been deleted.
In summary - can we or can we not delete users? I'm assuming in 1.7 we will be able to. Does anyone know the facts about this?
ron
I have been deleting those users. There is no other way of getting rid of them from showing up in various places. Banning still leaves a lot of stuff visible.
Maybe deleting is something that is ok in 1.6.1?
I haven't noticed any issues after deleting these users. But I still have a small database, if that matters.
doug
i have 1.6.1 and i can tell you that i had a horrible issue with loosing my css and database after deleting users, as far as i know the fix is on 1.7 but as of now i am not del any users, i will change their account info so they cant log on, i have a default hash that i use for the password so they cant log in but i wont del anyone till i have a fix in place.
I have 1.6.1 and that's what I've been hearing - that horrible things can happen when deleting users. Maybe it only happens if the user is very active and has opened groups and discussions and added files and pics and videos. Don't know, so we never do it. I'm very glad to hear that it will be fixed in 1.7 cause like doug says there is no way of getting rid of them from showing up in various places.
The whole thing is quite messy right now. Glad we didn't go live with our sites and am waiting till 1.7. Hope things will be better then.
Ron
To clarify the situation on deleting users:
If a user owns a piece of content that is managed by a custom class associated with a plugin that has been de-activated, then the attempt to delete all the content owned by that user may fail, and you may end up with an inconsistent database.
There are not that many plugins that create their own custom classes. (Files or tidypics are examples.)
In general, it is a bad idea to deactivate such plugins on a live site.
This issue is described here:
http://groups.google.com/group/elgg-development/browse_thread/thread/42dd3297346a25fb/
If you are not in this situation, you will probably not have any problems deleting users in Elgg 1.6 or higher. At least I am unaware of any other problems with deleting users and have deleted many test user accounts myself.
The deactivated plugin issue will not be addressed in Elgg 1.7 so far as I know (Brett or Cash please correct me if I am wrong about that).
Thank you Kevin for clearing this up. Other than the fact that Tom said ....
"Ok, I was not aware the problem was still present as such. I know
Dhrup wrote a lot about it...
"Rough info: 1 month ago we had clean install of 1.6.1, v 2009072201,
on a new *dedicated* server with nothing else running. Made about 20
test users. Deleted one user and could not start the members Tool to
list that user. It would show a blank page where it was supposed to
list that specific user. Later found that one table had the right
number of users (19) and another still had 20 users. Sorry I forgot
details and table names so my info is now useless for Trac. However, I
will try to replicate error and with more sensible info make a new
ticket in Trac."
It appears that we should be ok deleting spammer users as long as they haven't gone balistic in entering pics and files. I think I'll cross my fingers and give it a try. I assume that if there is any problems they will show up immediately and not pop up six months from now or during an upgrade to 1.7 - correct?
This sounds like good news. Thanks again, Ron
Hi Dhrup, shelved a Elgg project for few weeks and came back to see my site completely taken over by spammers .. sad and disillusioned .. I have several moodle project sites and they all remain untouched.. why can't there be some manual registration only plugin for elgg.. is this something too much to expect from elgg.. Thanks JP
(edited) ..sorry! ...whoops!
I was considering implementing a few questions at the time of registration. Three very basic trivia style questions pertaining to the purpose of the social networking site. If the user can't get ONE of them right, then alarm bells should probably go off that they are either intellectually impeded or a spammer.
Just a random thought - haven't looked thoroughly into how i'm going to achieve this.
Happy spam free elgging...one day....for everyone :)
- Previous
- 1
- 2
- 3
- 4
- 5
- ...
- 10
- Next
You must log in to post replies.