@Evan

That spam blocker code was not a plugin, but coded into the the "Pages" PlugIn code's actions at time of creating the Page. This goes back about 1+ months when those spammers were posting Pages with mostly links and links.

I had actually posted that code here on some other topic...No big deal logic here ->

    // Have we got it? Can we edit it?
    if ($page instanceof ElggObject)
    {
        // Yes we have, and yes we can.
        // Save fields - note we always save latest description as both description and annotation
        if (sizeof($input) > 0)
        {
            foreach ($input as $shortname => $value) 
            {
                ////C:\xampp\htdocs\elgg176\mod\pages\actions\pages\edit.php
                ////START::DC.2011.01.31.A
                ////SPAM-BLOCKS
                ////IF INPUT CONTAINS THESE FUNKY HTML CONSTRUCTS
                ////ASSUME THAT THIS MUST BE A SPAMMER 
                ////TRYING TO POST SHITTY LINKS TO SCREW US
                if    (
                        preg_match("/href/"            ,$value    )
                    ||    preg_match("/src=\"http/"    ,$value    )
                    ||    preg_match("/src=\"https/"    ,$value    )
                    ||    preg_match("/</div/"        ,$value    )
                    ||    preg_match("/z-index"        ,$value    )
                    )
                {
                    register_error("OOPS..! ".elgg_echo('pages:notsaved'));
                    forward($_SERVER['HTTP_REFERER']);
                    exit;
                }
                ////END::DC.2011.01.31.A
                $page->$shortname = $value;
            }
        }

A simple preg search for the kinds of known text content spammers post to trigger no create. The tet I coded is the basics of the famous spams I was aware of then. Simple code could be expanded to include any other known and newly discovered keywords spammers post - e.g. labotim, viagra, ad nauseum..

Ideally - all content creating PlugIns need something like this (as a PlugIn). Brett's "BigBrother" PlugIn from about Elgg v.1.5 did do pretty much, but I think it not woiky now @ higher versions.

Another, measured approach - as suggested by other Elggsters -- is to choose several (well) known community, concerned dedicated members, give them ability to delete spam users. Rationale for this seems to be that community members are usually poking around here a lot more often and they will see junk spam starting quick and can then kill those spammers right away.

1. it prevents any links from being included in pages (and does not address messages at all)

2. it is best not to hack core plugin files but write modifications as a plugin

What I'd like to see are more spam defeating plugins in the community plugin repository.

1. True - only was coded quickly for the Pages PlugIn when those spammers (who still attack regularly) were seen on the community here. Other PlugIns will need to addressed separately or as a new PlugIn ;)
2. Extending a *PlugIn* (Pages) does not equate to "hacking" the core LOLZ ;-P
3. There's enough developers out there to code such PlugIns including Cash Costello... who can code anti-spam PlugIns.. as and when they have spare time ;)

The Pages PlugIn code enhancement was done in a hurry to see what can be done to defeat that particular lind of spam - it took some minutes to code and it *works to reduce spam ;) I'd be interested to see your anti-spam code efforts published here on the community. We are all blessed with various talents.. including writing code, plugins, criticizing, enjoying benefits of community plugins...-O

Re #2 - hacking the action of a plugin bundled with Elgg is *not* recommended. It is better to write a plugin that overrides the action.

Re #3 - I work for an organzation that uses Elgg as an intranet application. We don't have spam.

We know that spam is an issue on this site and others. Again, it would be great to see spam-related plugins being created by developers. The more variety of these plugins that exist, the harder it is for the automated spammers.

We plan to release upgraded text captcha plugin in one month. It should be 100% effective... that is untill a programmer tries to break this specific solution. It should be too costly to do it just to post spam on Elgg sites though.