Spam @ Elgg Sites

How do we handle spam users/ content on elgg-based web sites ?

  • yeah, I mean improve that one to include river posts, message board posts and pm.

  • Imagine a test-only elgg-site being spammed by about 60 jokers from .cn .ru .uk ? The one good thing about these spammers is that I can go in and study the apache access amd error logs to discover any patterns that identify them - so that I can code work-arounds and blocks for the future.

  • There is a WAY AROUND THIS and sometimes you have to CLOSE DOWN ALL ACCESS to Registration almost like how the USA is trying to SEAL all of it's Borders (This is only as an example!). So you think about it you are like a small Country in Cyber Space or Outpost and you have to SEAL off your area from EVIL. So what I did was for a period of 3 months or so I totally LOCKED down my Site and the ONLY WAY people could join is by Google Friend Connect or Facebook Connect. This was the ONLY way I could have stopped all the JUNK that was trying to come in.

    This method is mainly a Last Resort type of method but it started to work after a while. They stopped coming and after a while I was able to go back to normal and who ever it was lost interest in my site because they KNOW at ANY SECOND I can LOCK DOWN MY SITE AGAIN. Plus I could Trace back all IP ADDRESSES right to their VERY ADDRESS and use some of my resources within law enforcement to go further investigate and really put some pressure on all those who tried to cause any harm to my site.

    One other thing MOST OF THE SITES they were trying to Spam I would either Notify who ever the Site Owners were and if I did not get a REPLY BACK I would do all I COULD to have their entire DOMAIN Banned from GOOGLE for Eternity. Now this will scare the S_____ out of anyone if they knew their entire domain would be banned from Google they will NEVER RECOVER FROM THAT!

    So you have to out think your enemy who ever you make while you run an ELGG site and use what ever WHITE HAT methods exist against the forces of Darkness.

    Yes I am a writer so I like to compare stuff with wild ideas but it all makes sense I am sure.

  • I have Wordpress, Drupal and Elgg testsite's. The Elgg sites are spammed and the Wordpress and Drupal not. But I do not know why and no idea what one could do?

  • I have Wordpress, Drupal and Elgg testsite's. The Elgg sites are spammed and the Wordpress and Drupal not. But I do not know why and no idea what one could do?

    use captcha plugin and uservalidation by email. with that u can reduce the spamers. In my site also i could see 4 spamers and i banned them. if you delete they will again signup.

    also  you can restrict the sign up by certain email ids. if you search in this site you will get the code

  • Here is a persistent pattern in my server logs:

    image Http Code: 200 Date: Nov 28 11:52:27 Http Version: HTTP/1.1 Size in Bytes: 16060
    image Referer:
    image Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1;)
    image Http Code: 302 Date: Nov 28 11:52:29 Http Version: HTTP/1.1 Size in Bytes: -
    image Referer:
    image Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1;)
    image Http Code: 200 Date: Nov 28 11:52:31 Http Version: HTTP/1.1 Size in Bytes: 16816
    image Referer:
    image Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1;)

    Which quite certainly seem to be spammers.

    I find that only these spam attacks use that specific user agent. (And they shift IPs and email addys constantly.)

    Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1;).

    Would it be feasible to ban/redirect those user-agents in .htaccess?

    I tried this approach:

       #get rid of bad bots
    RewriteEngine on
    RewriteCond %{HTTP_USER_AGENT} ^Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1;)
    RewriteRule ^(.*)$ http://go.away/

    But it caused a 500 Internal Server Error.

    Any thoughts on how we might use the 'user agent' info to defend our sites from spammers?

  • We are using elgg in an educational setting (as part of a research experiment) and spam (especially prono) would be disastrous. We got 3 cases lately (email type .ru and @mailforspam...) even though self-registration is disabled. We are using 1.6.2 and upgrading to more secure later versions is not an option for us.

    Any ideas how to fix this? Your help will be very appreciated.

  • One thing I think could help also but could have  an affect on the site in more good ways then bad is...

    Have ALL LINKS that Anyone Posts from the Blogs Plugin all the way to TheWire have all links that anyone types to:


    Twitter and Facebook were smart they have this in full effect. This kills big time the Interest of people wanting to SPAM and try to Market all of the MLM Stuff in the world.

    I am getting to a point that I would like to have a Plugin that could control who has DoFollow Link Access and Who DOES NOT. All New Users should have rel=NoFollow while others who I could choose who have earned their right could have rel=DoFollow and they could enjoy some Google PR Link Juice.

    People know that almost any ELGG installed site is rel=DoFollow. Most of the Plugins are DoFollow and I know for a FACT that the Bookmarks Plugin is DoFollow.

    One way I know this is... well see for yourself CASH knows what I am talking about if you bookmark on here to try to get a backlink of PR6 by using the bookmark tool.

    This might be a difficult plugin to create and could have a high cost to creating it. I really do not know who could create such a thing and what cost is involved and how many others who have very large Elgg Sites would like to join and share on the cost to get this very needed plugin created.

    Bottom line is this: Folks who set up these Spam accounts are using a program to do it that will check if the site is DoFollow or NoFollow. Even doing a simple Google Search you can find all Online Forums based on a keyword and if they are PR 5+ and also if they are all DoFollow. If they are NoFollow they will not even show up in the search results (WHICH IS GOOD!!!).

    NoFollow Elgg Sites would create way more value for the Elgg Platform and will alone be a deterent for ANYONE who even thinks about Spamming because a NoFollow Site is a total Waste of Time to post Spam Links too.

  • One more thing and this is not meant to SCARE anyone who uses ELGG or runs an ELGG Site but I have read that Google really monitors websites all the time. Google Bot can detect posts that contain an unusually HIGH Amount of Enbedded Links (Anchor Keyword Text Links) inside content you better believe the BLOG Plugin and BookMark Plugin are items that Gooble Bot LOVES!

    So if a high number of enbedded links show up enough times it is possible that your entire .Com Domain even all other Sub Domains can be Temp. Banned from Google with you begging on your knees before the Google Gods to Unban your domain after you fixed and deleted all the Spam.

    Getting banned from Google is the Greatest FEAR that any webmaster can ever have besides being Hacked and Defaced. This alone has to be good reason why a NoFollow Plugin needs to be created and sold for a decent price.

  • @SS

    Your ReWrite for UserAgents looks mistyped ;)


    in concert with SS's concerns - has anyone looked "Anti-Hammer" - a techie tool to detect/ stop/ block bots which 'hammer' a site ?? GIve it a look-over.. might save your s and your web-site ;-)