What one thing lets elgg down? Spammers... Mainly Chinese!

For the first few months I was getting spammed then I installed site access, and used the site password feature when registering great spam stopped, then a few weeks down the line one spammer so I changed the password great few more weeks then a new spammer, changed password next day new spammer(S) so I thought maybe there 'reading the password' from the text above that says enter xxxx so I changed it to please enter the numbers you see in order excluding the * (exp. **8****9****9*4**3) great 2 days no spammers then 5 in one day!!!!!!!!!!!

This ruins elgg completely....

I run a PHPBB forum with 3500 members We get a spam account once every few months and thats a basic standard installation!!!

I Sincerly hope 1.8 puts an end to spam and deals with it much more than 1.x


One seriously P***** off Elgg site owner.

  • @DJ _ I did not address the spam user delete deliberately, forcing on the spam detect and removal first. Usee+Content delete *is managed by Elg 1.7X versions - tho manual. Automatic deletes cam be done - be with caution - since the code cannot tell 100% if the user is really a spammer - that kind of logic inside code is not perfectly developed - even by the PHd mathematicians. Some manual intervention seems to be usually necessary.

    Your second point (a la phpBB) is interesting.. might require quite some effort to code though ;-)

  • I cant imagine much coding I though wouldn't know were to start with elggs internals, it just needs to get the ip address of user at registration and store it while also checking to see if it already exists in the ban list then make a decision on wether to allow registration or not and a quick back end that lists ip address stored in the ban list and an option when banning users what kind of ban either ip or email,

    the same goes for email as this would work the same way!

  • "trust me on this..."

    many times.. the simplest requirements statement(s) can end up costing a lot more code effort ;) One would need to study the detailed functional requirements, research into the design to most effectively cater for that, code, alpha test, test, beta, acceptance test, etc... I've been coding "one line changes.." for many many years and it is *never "just a one line change" - always ends up costing more. e.g. a 1 line change can cost up to 8 hours of total effort.

  • The log in name and email address are instantly recognizable as 'spammer' to any admin...much harder to do automatically with 'code'.  'approvenewmembers' would totally suit my needs if I could get it to work on my site but I can't. 

    As I said before "It would be HUGE if someone wrote a mod that would allow for us to 'block' whole sites "@(site).com" as most all come from just a few dozen sites" but I imagine that may require much coding. 

  • #2

    Elgg.1.8 SVN has PlugIn "emaildomains" to handle that ;-)


    Would you describe in more detail "..instantly recognizable as 'spammer'" ?

  • Gladly @ DhrupDeScoop...I work with 2 sites...both using 1.71.  They each get anywhere from 3-20 new spammers registering in a typical day.  The names are never John or Sally but rather willxpt325 or something similar.  The email addresses are about half yahoo or gmail but of the .ru or .uk variety or may be  'anyname@jordanboots.com, for example (these are the ones who want links to their own site or blog) but also may be 'anyname@468.com '  or 'anyname@1642.com ' or the like (those being the ones placing mutiple links in blogs to multiple sites...I presume for a fee).

    So JohnWildGuy with an address of smithjohn@yahoo.com would seem to be a valid new member but johncym429 with an address of seowg529@yahoo.ru is clearly a spammer.

    Hard to code with all the possible names and addresses but easy to decide at a glance by me.

  • Question. Why would anyone let just anyone blog? Has this been addressed in the 1.8 beta? I would think blogging woul be kept to approved members who have been there over time. This feature seems like it would help as isn't blog nearly 100% of the problem?

  • TahoeBilly raises a valid point. I've never used Word Press, but B2Evolution for all its weaknesses and shortfalls has a very extensive and strong permissions system with which the admin can control what privileges a user is given from blogging, uploading pics on up to admin privileges.  Spammers were never a problem when using it.

  • Other ideas. Limit the new accounts to view and message only until approved.

  • I do not believe that the point is valid.

    One must study the history of Elgg - how and why it was created - in order to appreciate the apparent lack of WP, B2E or other styled features.

    Our site has 212,000 users while the spam problem is almost non-existent ;) so i am sometimes tempted to ask "what is your problem?" esp if sites that have spam issues have only a few 100 or 1000 users ?

    This blog-spam issue - going by the posts so far on this problem - would appear to irk too few elgg site owners, but not the majority.

    It does not help to keep hammering at the Elgg Dev Team with "Has this been addressed.. ?" The Elgg Dev Team does not exist to satisfy *all demands for features. Remember what GPL means - the code is free *and we are free to extend it, empower it, enhance it as we please..

    In situations such as this - it is usual to roll up and code some extensions, plugins to cater for the requirement or simply to hire some developer to provide the expertise to get the features implmented, release to community, etc, etc and be generally.. nice... to everyone ;)