Idea: Anti-human spammer approach?

Stopping spam-bots from registering is one aspect in fighting against spam. But the more difficult problem - currently observable here at the site - is to deal with human spammers. Once they start posting their spam postings it's a very annoying sight until the account is deleted by an admin.

So far, the "Report this" button and the underlying plugin respectively only help to draw the attention of admins to these postings and the user account that was used for these postings. How about tuning the reportedcontent plugin to put reported content under quarantine as soon as a certain number of reports are made within a defined period, for example 3 reports per hour (of course it depends on the size of a community how many reports are made on average, so this parameters might be needed to be adjustable).

"Quarantine" in this context means banning the user's account, making all postings of this user invisible and sending notifications to admin(s) and the user (maybe it's a false alarm, so the user should be told that the ban will be lifted if the postings are alright). Coding the account ban might be possible already with Elgg. The problem seems to me how to make the postings invisible in a reversible manner (if needed). The access level of all postings could be set to private to make them invisible, but I don't know how to reverse this process, i.e. restoring the original access levels of all postings as they might differ (some might have been private, others might have been the default site access level etc.).

The report page could also be improved by offering the selection of some common reasons for reporting content (spam, illegal links, off-topic, harassment etc.). Depending on the reason chosen, the quarantine could be triggered immediately, after a certain number of reports or not.

The implementation of what I described is beyond my knowledge unfortunately. I don't even know if it's possible at all. I'm interested what you think about it. Maybe someone with the skills might be able to code it?

  • how about human vs human approach, admins know who are long time members, after gaining admin trust be granted moderator status where said moderator could suspend a noobie account when spamming is spotted?

    Just a thought

  • iionly, yes, it certainly can be implemented. It's enought to write old access level of entity in metadata, change it to private and then restore it from metadata if required. It's not hard to code such plugin.

  • Steve,

    That is a good idea, it is already used on a few Vbulletin installs that I know of. Easy way would be to keep a user's posts private if they don't have n number of published posts. The new ones who spam can be banned/deleted instantly and ham can be let through.

    The downside is that it increases the workload of the admin team who already have enough to do. But the spam issue is so bad now that I don't look forward much to visiting the site and it is a really bad advertisement for what is an awesome platform.

  • In some instances, human vs. human just is not possible. I have had issues with human spam on my elgg site and it's getting out of control. There is no easy way to do mass deletes of accounts and I've deleted the site since all there was was spam accounts by the hundreds.

    Elgg should not rely on the community to harden it's software, or come up with ways to deal with it. Case in point, I have yet to have spam issues with either of my Wordpress sites, and if I did, it's much easier to delete those users en mass.

    Seriously, I'm considering moving to Wordpress MS.

  • k5jat,

    You write "I have yet to have spam issues with either of my Wordpress sites".


    There is no difference between Wordpress and Elgg at that very basic level. Create an account. Post spam.

    That suggests to me that spammers think that stuff on an Elgg site (social network) might be visible to more people than a Wordpress blog. And they might be right. Or perhaps your Elgg registration process is too lax? Or perhaps you have spam filters enabled on Wordpress that you have not enabled for Elgg?

    But that has nothing to do with the technology of Elgg itself so far as I can see.

  • @all I still don't understand how do they find Elgg sites. I am currently in the final stage of developing a social network for a client, and somehow, they manage to find my site, even though I have only 3 users (developers) registered and no one knows about it. I don't know how they can accomplish that..

  • rjcalifornia,

    If you have access to the server logs, can you check what the referrers are to the account sign up page?

  • " issues with human spam on my elgg site and it's getting out of control." 

    ;-) I keep seeing such comments from elggsters running sites with several hundred users.. we've got 203,500 users (nb: soon to hit 1/4 million!) on our elgg based site and spam level is almost 0% ;-) maybe we're doing something right, maybe we're lucky, maybe we've the smarts to block out spammers who find everyone elses' elgg bases sites ;-P We *are a Elgg-bases site "case in point" demonstrating that Elgg is robust enough to take care of the biggest elgg-based in the world.We do not quarrel with the technical tools we have chosen..

    " no easy way to do mass deletes of accounts "

    LOLZ ;-) Just search through the Elgg API documents and study the data model to go figure the way to "mass delete users" ;-)

    " yet to have spam issues with either of my Wordpress sites "

    Having studied the Apache logs of many of my $clents -I can sincerely say that websites based on all other CMS-SocNet platform have far more spam, hacker attacks and such negative situations than Elgg has ever been seen to show. RE: all this "spam" on Elgg-based sites - my educated guess is that most web-site owners do not quite have the technical know-how necessary to "harden" their web-sites... whether Elgg, WordPress, Joomla, Drupal (Yes, my Tech Team does work with all these platforms, so we know) and so they suffer.

    The primary concern for all should be to educate themselves to a level wgewre they can intelligently prepare their web-sites to withtand the attacks and be safe.

    " Seriously, I'm considering moving to Wordpress MS..."

    Guess that = *personal choice ;;;

  • I have been associated with a medical research centre in India with several people joining it and so far encountered 0 spam. What I did is that I had developed a list of blacklisted ip addresses of spam-bots which seem to have worked pretty well. As well as this, the community is monitored strongly, barely leaving any room for a spam post to sustain more than a few hours. But, we haven't seen any such attempt yet.

  • Curious... --> Is the blacklist via apache, htaccess, or coded within elgg ? We've usually just quickly coded htaccess, though I've given thought(s) to packaging the blocks via a Plugin - as I believe 1 or more Plugins already do - e.g. "EmailDomains" from the v.1.8 SVN.

Feedback and Planning

Feedback and Planning

Discussions about the past, present, and future of Elgg and this community site.