Spam @ Elgg Sites

How do we handle spam users/ content on elgg-based web sites ?

  • *    ".. not efficient for spammers to try to break captcha which is used by only one site... " - interesting observation and i feel very applicable, these spammers who try to get their sht into others' sites to grab linkbacks and other ways to get famous and rich  win't bother if you're the only one with certain blocks and safety meausures.

    i'm not too sure about audio means - those techie bot spammers will find a way to break that too.

    The better means of blocking spam might be to make your spam-bot detectors too unique and to make it more tedious (time-consuming) for human spammers to go thru your custom registration process to get their cut of the $ internet linkbacks pie.

  • I noticed somebody mentioned admin approve/deny system for new users.  I'm pretty sure the "Site Access" plugin that is in the community somewhere offers this.  I haven't used it myself but I remember seeing it if my memory serves me correct.

  • i just think the more fields to fill out, the better, make yaself finacially unviable. I would even like to see a question area in the reg myself

  • yes - ste-access does do that. and we've got proof that it works - some handful of spammers (bots) keep trying and trying to register one of my clients' sites ;-)

    i forgot re: joomla, drupal,, y'all need to spend some precious time hang out the 'hackers' and 'crackers' web-sites to learn about how they do their dirty deeds - and maybe be able to figure how to combat them. the past 2 years - i've seen enough of clients' apache logs to see the various wordpress, joomla and drupal backdoor and exploit hacks that spam-bots perform to crack through into sites - the most famous being my client's (very tightly "closed" moodle) who had 2,000 spam registrations in 48 hours !! 5 minutes after they told me about this situation.. i cracked thru into the web-site - just like those spammers and 5 minutes later derived a solution to block such spam ;-) what-a-day ;-P

  • Dhrup, its not commercial. Its freely available here @ . I just posted my inference on it.

    Just downloaded the plugin. When I enabled it I got the following message when I access the site.

    Fatal error: Call to undefined function elgg_extend_view() in /home/scc123/public_html/ on line 25

    I've now had to delete the plugin from the Mod folder on the server to regain site functionality. I'm running the site on Elgg v 1.6.1. Any ideas what the problem is or more importantly, what the solution is?

    The spam problem is getting so bad on my site that it's getting to the point where I'm about to pack it up - because it is being swamped (like most other people I have better things to do with my time than spend it deleting spam accounts off my site).

    Is this spam/hackers problem EVER going to be resolved satisfactorily or is it going to have to be a case of putting Elgg in the trash can and looking for something else to do the job?

    No one seems to be giving straight answers to questions on the subject, and when they do - it's like "crypto answers" in case a spammer reads it!!

    If anyone wants to 'secretly' send me some info I'd be delighted to give you my personal e-mail address.



  • Getting to this thread very late so I hope you don't mind my comments. Seems many of you haven't used S/A. I have been using it on 1.7.7 and it's still working well. Originally I had it configured for admin confirmation before a new registree could use the site. As I got tired of deleting accounts, I now require a password.  They come, both bots and humans, but nobody gets in without it - which is why I have so few users, LOL.  I am thinking that since my site will most likely never become large, I'll will take advantage of the S/A invitation only feature and try to make it on word of mouth as an exclusive community.  As a note, I can see the major indexer's know my site better than I do and people (many undesirables searching things such as bookmarks, etc.) are finding the content - blogs, pics and groups - which I hope will lead to actually generating a little revenue to pay hosting. Next I'll probably implement an e-mail admin/explain your reason for wanting to join sytem. That will certainly draw spam to that e-mail account, but not to the site directly.

    DDS, are you still researching strings?

  • I'm most interested in this as I've just started a site with the same demographic as Dhrup, although so far I've only got 2 members! lol

    My site is for sailing/traveling kids and as I live and sail on a boat I'm not online all the time to keep an eye on spammers, I might be out of internet reach for two weeks at a time.

    I really don't want porno spam getting into my site. I have SA running with a site pass enabled and admin activation + Coppa, I'm hoping that will keep most out. Then again it makes it harder for kids to join if they haven't been invited, which may well defeat the purpose. I was thinking of adding a contact admin for pass link on the reg page, also adding some extra fields, like 'boat name etc but I'm not sure how to do that.....

    Anything you Uber-geeks can come up with will be most appreciated from those of us WAY down on the php-volutionary scale! :)


  • I got weary of following too many different threads on this topic of SPAM ;) So here I am back in my Hacker's Elggalaxy's original SPAM topic (e.g. )

    1) IP deny on htacess works quite fine if you know spam-ridden IP#s

    2) There are publically available lists of spam email addresses - which can be blocked at registration time ( see ELgg.1.8 PlugIn "EmailDomains" )

    3) Other, more math driven algorithms can be used to detect spam ( how do you think e.g. GMail so vigilantly discards spam emails? ) on postings and handle that.

    4) There is only one known algorithm for effectively blocking *spam-bots from registering. I have worked with this to some largely workable degree, though I am not prepared to release that code st $0 GPL -> far too much effort has been put into that research ;)

  • SURE-SHOT method to keep spammers away ;-)
    Members need to register for a $0.01 fee using a Credit Card
    No C/C - no Register LOLZ
    bottom line = Once the C/C details are processed - those users **can be traced
    PS: This is the one method used by WebSites that get bought out by Disney for $undisclosed !


  • I figured (already & finally) that htaccess deny rules for *one country is-a-gonna cost several thousand lines lolz ;-) so what is the D'Scoop to do to reduce the read-overheads ? created my own ip# <-> country database --> means input an IP# and with some mickeymouse mysql select - the code places IP's country. i suppose this means that one could setup a simple-shtz-like table of countries (total is only abt 220+) and.. and.. (cheap) lookup the IP-Cntry and if Cntry is blocked - my Elgg PlugIn **itself blocks out that request... ;-P ==> cheaper than coding the htacess deny rules hehh ;-oOOX-P)