For the first few months I was getting spammed then I installed site access, and used the site password feature when registering great spam stopped, then a few weeks down the line one spammer so I changed the password great few more weeks then a new spammer, changed password next day new spammer(S) so I thought maybe there 'reading the password' from the text above that says enter xxxx so I changed it to please enter the numbers you see in order excluding the * (exp. **8****9****9*4**3) great 2 days no spammers then 5 in one day!!!!!!!!!!!
This ruins elgg completely....
I run a PHPBB forum with 3500 members We get a spam account once every few months and thats a basic standard installation!!!
I Sincerly hope 1.8 puts an end to spam and deals with it much more than 1.x
Regards,
One seriously P***** off Elgg site owner.
info@elgg.org
Security issues should be reported to security@elgg.org!
©2014 the Elgg Foundation
Elgg is a registered trademark of Thematic Networks.
Cover image by RaĆ¼l Utrera is used under Creative Commons license.
Icons by Flaticon and FontAwesome.
Math Captcha has been working for us... =)
All due respect to everyone...it really makes no sense to do anything to keep the spammers from posting content with outward links...they are already registered by then (and will still have to be manually deleted). The only satisfactory answer here is to stop them from registering in the first place. Blocking ip#s may be part of that (I will never have a valid member from China or Russia) but I often get spammers from all over the US too. I've looked over the sign in and user names (and the email addresses used) and don't see a pattern that a mod would be able to reliably 'find' to stop most spammer registrations but that could stop many of them (most of mine seem to actually be humans rather than bots).
I (also a human) can see the patterns almost 100% of the time in the user name and/or email combo..ie: the name 'Buy Drugs Cheap' (or anything like that) is surely a spammer and 'anyname'@'anysite'.info also is, as is 'anyname'@pursescheap.com, or anything like that (Could a mod be written that would reliably notice things like that without blocking valid members?...doubt it). Having to approve each member would work for me but would take just as much of my time as deleting them after they are registered. I think we need a mod to block the bots and block specific ip#s...the human spammers will continue to have to be manually deleted.
There's a weakness in elgg and we need to plug it!
Here are the IP for the latest spam poster I've had. I have noticed the patterns, they are from Russia, the urls belong to a temperary email service and registered thru Go Daddy. Hope this helps. I have been blocking the urls with .htaccess. But the list just keeps growing.
69.10.61.50
@ captnbob I show that ip in Brooklyn...many of my spammers are from all over the US now!
djSupport said "There's a weakness in elgg and we need to plug it!". I very much agree, and it appears to be getting worse with each passing day.
@ Clyde Yes the IP is from Brooklyn. But the url, I should have posted it, belongs to a user in Russia. I am also getting a lot of "users" from urls like this;
708nhl-jerseys.com
They never or rarely validate their email address so they never or post anything. Most all seem to be from China.
Yes captnbob...I get similar...some from today:
708gucci-shoes.com
708nba-jerseys.com
deagot.com
708jordan-shoes.com
708nba-jerseys.com
126.com
708mbt-shoes.com
Another spamer;
64.191.16.101
url = emeraldwebmail.com Registrar = www.enom.com
Another spamer;
IP = 69.10.61.50 url = mailexpired.com Registrar = registrar.godaddy.com
- Previous
- 1
- ...
- 5
- 6
- 7
- 8
- 9
- Next
You must log in to post replies.