What one thing lets elgg down? Spammers... Mainly Chinese!

For the first few months I was getting spammed then I installed site access, and used the site password feature when registering great spam stopped, then a few weeks down the line one spammer so I changed the password great few more weeks then a new spammer, changed password next day new spammer(S) so I thought maybe there 'reading the password' from the text above that says enter xxxx so I changed it to please enter the numbers you see in order excluding the * (exp. **8****9****9*4**3) great 2 days no spammers then 5 in one day!!!!!!!!!!!

This ruins elgg completely....

I run a PHPBB forum with 3500 members We get a spam account once every few months and thats a basic standard installation!!!

I Sincerly hope 1.8 puts an end to spam and deals with it much more than 1.x


One seriously P***** off Elgg site owner.

  • I agree DhrupDeScoop.  When I started my site I had only 40 members after one month but was already listed first by Google, mostly because of all the great blog content my members and I posted (and even though there are worldwide sites with a similar name plus groups using it on facebook also...they were all listed before me at the beginning).
    Anyway many of my spammers don't even post blogs but put HTML or links in their profile descriptions instead so limiting blogs is not a solution.  Personally I want new members to be active and post all kinds of things right away.

    The interesting thing is the second site I am involved with is private...nothing is on the main page except the log in box (and the crawlers see absolutely nothing) but the spammers keep registering anyway so I think they all are using a list of sites they were given, sold...that's why some Elgg sites get spam and others never do...just a guess.

  • Spammers are smart coders ;-) They can code to go directly to "www/YourDomain.Com/actions/register.php" with whatever parameters are needed ;( and wham they're in. Would you like to see me code such a hook to register into your private site ? LOLZ ;-P

    The code logic I have posted as referenced above *was only for Pages PlugIn.. short on time to code for everything, but something similar can be done for all PlugIns at content create-time, including logging of IP#s, registration emails, email domains - so that a more intelligent data store of such spam activity can be created, maintained and utilized for blocking.

    There are also sites that store spam domains, emails domains, etc - which can be hooked into thru their APIs to detect and block spammers.

    One small big issue with doing code along those lines for Elgg has been that too many elggsters seem to believe too strongly that since Elgg is GPL'ed and free... everything else around Elgg - PlugIns, etc should be also free.

    Such people forget that most developers actually have to pay rent and buy groceries and so... sadly the kind of support developers get approaches an abyss - unlike some of the other open source platforms where commercial activity surrounding the open-source software does actually provide means for many developers to make a decent amount of spare change and even a living. Those developers usually provide superb support and also code GLP free PlugIns 

    While with Elggsters community.. Most people will not even send in a $1 donation for PlugIn developers.

    Who loses ? e.g. Almost all of my PlugIns and utilities have never been released because I strongly believe in the "you gotta pay to play" philosophy.



  • @ Clyde  You said "The interesting thing is the second site I am involved with is private...nothing is on the main page except the log in box (and the crawlers see absolutely nothing) but the spammers keep registering anyway so I think they all are using a list of sites they were given, sold...that's why some Elgg sites get spam and others never do...just a guess."

    I had never thought or heard of this. I have my login and reg on one page off the main page (see custom registration plugin) and I almost never have had spammers. I also have an extensive set up of profile fields and Vazco's new anti spam reg. My question is, is having the login and reg both off the main page keeping crawlers from seeing what the site is? If so, that would have been a lucky bonus with using custom registration and maybe people would like to know this.

  • @ TahoeBilly  It took months for the second site to ever show up on Google...the only reason it did was because a few of us sometimes post things there and set the access to 'public' so we can post the links elsewhere and have non-members view it.  It has under 50 members...all personal friends of the gal I set it up for.  My site is totally public and open to anyone although the few hundred members are mostly there because they are my friends or their friends...I use the custom_index_widgets mod with everything on the home page so anything set to 'public' is visible even before someone registers (and I also often post things on purpose to put the link on facebook, etc).  Both site get the same number of spammers...sometimes the same ones on the same day. 

    No doubt other Elgg sites get the 'coding spammers' as referenced by DhrupDeScoop but those are not my problem.  The ones I get are clearly individuals looking to post outward facing links for the crawlers to find.  Some post blog(s) with 1-50 links all going to just one site and some post blog(s) with dozens of links...each to a different site.  None ever post dozens or hundreds of blogs so they are not on my sites to disrupt my sites...they are there for the outward facing links.
    Both sites also get unactivated users because the emails are rejected...which leads me to think it is just a few people creating new email addresses and profiles one at a time manually (and sometimes getting mixed up in the process).  How my 2 comparatively small sites got picked for these purposes is beyond me.   

  • @CK - you need my outward links, etc detector to squash those spams. if you can identify which Plugins' content is getting those - I might be able to generalize my blocker-code....

  • @ DhrupDeScoop Not sure exactly what you mean but the only places my spammers ever put anything is in blogs or on their own page.  I am sure these are individuals who are copy/pasting the blogs or HTML after registering.  Almost always it is just one blog but, now and then, as many as 5.  Most are deleted by me before they get to post anything at all (even though I only check for them every 4 hours or so).  That is why I am sure these are individuals.

    I don't want something to block content (or links) they post...I need something to keep them from registering in the first place.  

  • you've answered my quesn 1/2 way ;)

    what is 'their own page' ? profile details ?

    register block will be more complicated to code.

    oh and - do you have those spammers email addrs and/or ip#s ?

  • @Dhrup:if you block all the links,it means even the legitimate links will be blocked.The simplest pattern that can be observed by seeing this posts is that they contain a lot of links.So if we put a cap on the number of links,say 5 at a time.In practical valid blog posts dont contain more than 3-4 links,it should work.If the user crosses say 5 we can then have captcha popup and after successful validation if it crosses 10,we have temporarily ban the users.Then there needs to some amount of heurestical analysis which needs t be done as well.

  • OK sorry @ DhrupDeScoop Yes I mean a few have pasted HTML in their profile details so ads appear right on their profile page.  Funny...not one of them has ever changed their default 'access' (friends) so no one but the admins can see anything they post or paste anyway!
    I always just delete them but, if it would be of any help to you, I will start to record the email addresses (I don't know how/where to get their ip's) and send them to you when I have a bunch.

  • ip#s are logged by plugin http://community.elgg.org/pg/plugins/project/446342/developer/slyhne/ip-address-tracker-plugin

    or if you can send me apache access / error log (daily/weekly) - I can ID all registers (practically everything) ;-) plus the logs reveal lots more useful info ;-O