hacker spam

just realized have thousands of people who spammed my site and want to delete them all together. No option?

even trying to delete one of them has lead me to their website, which means they used the username field as a url.

Bummer, this is an impossible problem eating up lots of bandwidth. How can I delete a bunch of users at once???

  • @ex19 - i am academically technically curious and interested in studying your problem. if you want to let me study your database to see how the spamming was done to make it difficult to delete. send me a pm if interested...

  • One of the first things I did was override the registration to require that the username field only contain alphanumeric characters (and a few other requirements, like passwords being 6 or more characters, username must be at least 3, things like that). There really isn't any sanity check as it stands. 

    On your current problem, you don't have to actually go to the user's profile page to delete them. On the member list page, there's a little triangle that appears on the profile icons and it gives you a popup menu of actions you can take, one of which is to delete the user. All the admin options are in red.

    As for deleting a group of users, is there something they all have in common that you could search on, say by using some of the elgg_get_entity routines? If you can get an array of the user guids, then do something like on each one:

    $entity = get_entity($guid);

    if (($entity) && ($entity->canEdit())) {

    if ($entity->delete()) { // success on delete