What one thing lets elgg down? Spammers... Mainly Chinese!

For the first few months I was getting spammed then I installed site access, and used the site password feature when registering great spam stopped, then a few weeks down the line one spammer so I changed the password great few more weeks then a new spammer, changed password next day new spammer(S) so I thought maybe there 'reading the password' from the text above that says enter xxxx so I changed it to please enter the numbers you see in order excluding the * (exp. **8****9****9*4**3) great 2 days no spammers then 5 in one day!!!!!!!!!!!

This ruins elgg completely....

I run a PHPBB forum with 3500 members We get a spam account once every few months and thats a basic standard installation!!!

I Sincerly hope 1.8 puts an end to spam and deals with it much more than 1.x


One seriously P***** off Elgg site owner.

  • Blocking IP's in China has helped a little bit to put bots and live people at bay (and I'm in China so I have a feel for the provinces they come from). I have noticed people searching on google for my accounts registration password. Those were mainly from the philippines, ip blocks stopped them. Also, I've noticed that people search for sites that have pg/bookmarks and the like. Also notice a lot from the Middle Kingdom and Mother Rus.... who enter directly onto the pg / register. A normal user would enter, look around, and decide to join or move on I feel. I'd like to block everybody who comes directly to register or looks at the front page less than 5 - 10 seconds then decides to register. Losing such a person, spammer or not, probably is no loss.

  • Well I get 3-30 every single day....mostly .ru or .uk email addresses but some are directly from other websites with mail@xxxxxxxx.com .  Most post blogs with links for shoes, boots, purses or diet supplements of one kind or another or with links in Israeli. None of the avilable mods I tried worked.


  • You can try this plugin. It has some simple antismap mechanisms, one of the most important one is a set of questions which users are asked before registration. You can set 10-20 questions, they will probably be harder to break than a single one.

  • I have posted before on other spam related topics about how everyone can help each other fight spam attacks.

    I have offered to study spam attacks -- if you elgg-site owners will ->

    a) not delete the spam straight away

    b) make a copy of those spam content and send to me to study for "patterns"

    c) then maybe I coukd work out a spam blocker to pre-empt such attacks on sites

    d) the basic idea is to study the evidence of the crime and look for the m.o

    The logic I have posted on another spam topic earlier today outlines some code logic for Pages PlugIn
    http://community.elgg.org/pg/forum/topic/704573/spam-spam-again/ to detect known spam and block those pages from being created. I have tested that code and  it *will autonomously 100% block certain kinds of spam posts.

    Regarding points a) - d) above - I have yet to see even one elggster send in any spam evidence for study.. who loses ?


  • Thank you for the offer. Next spam I see I send it to you. Do you also need the email of the spammer ?

  • Have a look here for example ->


    ideally I want to see this kind of content saved and sent before y'all delete

    The spammers EMail will help also - because manby spammers use the same (kind of) email hosts. Tho.. there's some PlugIns around (esp v1.8) that allow such EMail blocks @ register time.


  • The spammers that post blogs on my site have no pattern...one topic after another...often just gobbledygook with no coherent message and with links all through it.  Others just post links on their profile page in the description area...There is no patern except in the email addresses.  It would be HUGE if someone wrote a mod that would allow for us to 'block' whole sites "@(site).com" as most all come from just a few dozen sites although others come from yahoo or gmail with .ru or .uk

    Some are clearly individuals just trying to get links to their own site and use an actual name and a unique email...no way to block those 'loners'.

  • LOLZ ;-)

    There *is a pattern there. Spammers usually drop <a href links and similar code in the content

    and this is trapped by that code I posted at


                    ////ASSUME THAT THIS MUST BE A SPAMMER  
                    ////TRYING TO POST SHITTY LINKS TO SCREW US 
                    if    ( 
                            preg_match("/href/"            ,$value    ) 
                        ||    preg_match("/src=\"http/"    ,$value    ) 
                        ||    preg_match("/src=\"https/"    ,$value    ) 
                        ||    preg_match("/</div/"        ,$value    ) 
                        ||    preg_match("/z-index"        ,$value    ) 

    These keywords do not occur on "normal' posts ;-) And so the code'logic is if these words / codes occur in a post - most likely spam ! kill it !! ;-PThe keyword list in the code above was buit from soem spams here at Elgg and the z-index is from our own fbfkids.com spam some months back - that took me a good 40 minutes to figure how and what exactly the real-code-smart spammer was doing - that one guy knew his php, html, css shtz better than most elggsters I have seen here ! ;-) And.. that spam would make most people cry in tears if you get hit by that !


  • most of the spammers i get are from chinese and india people

  • Drhup that may well all come in useful but it only stops the page being created it doesn't delete the user.... I don't want inflated site users shown to prospective members if 90% of them are bots/spammers!!

    Also the Ban feature is useless because it still keeps the user!! delete the user and ban dissapears! maybe some one can create a ban list like phpbb's where at registration it records there IP and when you select ban you can ban either there email, ip or both and it saves them in a permanent list so when you delete the user, it also can ban users ip/email with wildcards for example 123.12.34.*