Spam/ Hackers problem

Hi Everyone!

I'm running Release - 1.6.1, Version - 2009072201 on a site at

I've been experiencing a lot of problems with spurious members (usually based in Chine) that register and then flood the blog area with spam. I keep on deleting the accounts but the problem is getting heavy. I also notice that one of these had hijacked the "Blogs" link and a Viagra ad. came up when it was pressed.

I think I need to be able to validate accounts manually as the auto e-mail verification set-up is not secure enough OR is there a way of filtering this crap? I notice most of the e-mail addresses given are jibberish - surely there's a mod somewhere that could distinguish between rubbish and genuine account registrations.

Any suggestions anyone?

Many Thanks,


  • Thanks CORE Education

    Do you mean a file widget that has been installed before the problem erupted (after deleting the Hacker's User Account) or since. Why would a widget want to grab the file of an account that has not produced any files?

    I'm a bit confused!

  • The file plugin or something is trying to grab some file entities on your homepage.  My guess is that there must be a widget of some sort.

    I don't know any other way to fix it apart from going into the database i'm afraid.


  • OK CORE Education

    I'm ready to leap in to start sorting it out - can you lead the way? Because I haven't got a clue how to butcher a DB!

  • Get the guid of the user you are trying to delete.  Go through and delete only the entities that have the owner_guid of that particular user.  Good luck!

  • If it's any help to anyone, what I do get - when I go into the user account that I can't delete (when I'm logged on as Admin and go to "edit details" of the user) - is an image of my Front Page (with the error message) that's trying to squeeze itself into the area headed File Widget. Here's a screenshot:


    This is the Hacker's User Account "Edit Details" area. The File Widget area that should show a File icon is displaying a screenshot of my Home Page - how weird is that?

    Any ideas?


  • Shouvik has already said that Cash's DB Validator could not fix problem.

    Core's surmise re: some widget that is trying to load some "filestore" thingy is I reckon the best explanation so far.

    My own experience here is when we reloaded our database and I lost my own Admin UserID - simple solution - another Admin created a new UserID for me ;-) Months later another Admin went to their Profile DashBoard - where they happened to have have made Friends with my "lost" UserID and wham - WSOD !

    They bugged me.. So I went into the Elgg core code, patched in some sloppy debug code and found out  they were looking for the "old me". DIpped into the DB, found out the out-of-sync data, manually patched and -> no more WSOD *and I got my older UserID back as well ;-)

    This does not mean your problem is exactly the same - but just to illustrate the "surgery"... better know the database.

  • CORE Education

    Is this No the guid of the User? This is the name the Hacker used to register.


    Also how do I get into the DB? Is it via XPanel of my Host company?

    Sorry if I'm sounding dim but at this level I am no expert! So I need to be hand-held to walk me through the process. I'm a gardener first and a webmaster 2nd! Although I am a qualified (retired) electronics engineer that does NOT make me an expert in this field.


  • I'm going to have to call it a day 4 today guys (it's 2.15 AM here in the UK) If I don't get some shut-eye soon I'm going to collapse over my keyboard!

    Catch you later on after a few zzzzs I hope.



  • Been and had a peek at the DB - getting my hands on it wasn't so difficult using cPanel. Trouble is I'm not sure what I'm looking at as I'm not familiar with the terms used. Can someone give me a little pointer for what I need to do?



  • It's a bit hard to just explain anymore than i have already.  You will probably have to get somebody to do it for you as it's not an easy thing for a begineer to do and would be slightly risky.

    Heaps of people on this forum would be willing to help i'm sure :)