So I really need the social network connect system for logins, but I had to shut off my new user registrations.... .it's not that recaptcha isn't working.. it's that all the spam bots come in through the social network connections and not the normal registration path...
SO HOW do I get new members to come in AND keep the spambots OUT of my instant logins?
info@elgg.org
Security issues should be reported to security@elgg.org!
©2014 the Elgg Foundation
Elgg is a registered trademark of Thematic Networks.
Cover image by RaĆ¼l Utrera is used under Creative Commons license.
Icons by Flaticon and FontAwesome.
@acientspark
do you know what particular service/s are the problem? I ask because I never find spam a problem on facbebook, but |I do on youtube.
regards
I do not have a youtube connect ... I do have a google plus... I have recaptcha for standard registerations... do you know if spambots are getting past that?
@ancientspark
No I don't know of any bots getting past that, but elgg based sites have been having a lot of problems with spammers, particularly blogs. I've had a few myself. I don't suppose one of your spammers have been advertising repleca watches at all?
Take a look at these if you already haven't:
http://community.elgg.org/pg/plugins/project/821368/developer/Beck24/spam-throttle-18x
http://community.elgg.org/pg/plugins/project/774755/developer/RayJ/spam-login-filter
Ahhhhh I missread your comment "I do have a google plus... I" That might be part of your problem. facebook is funny about what names/emails you use to register with. Maybe somebody/s have created a bot that uses social connect like buttons to register thus negating catures, if that makes sense. I must say (correct me if I'm wrong) I rarely see other social connect options other than facebook. Look here http://www.bebo.com/ no google, look here http://www.myspace.com/ no google. I wonder why top social networks 'wpuldn't' have a google connect button when a 'huge' amount of potential members are likely to have a google account?
@all google plus or any social plugin cannot be the reason for your spams.Turn off your normal registrations for few days but allow registration using the social plugins and then see if you are still having spam posts.Recaptcha or Captcha doesn't stop spam.Easiest way to have short term relief is to change the registration url to something else.
As far as the reason why bebo or myspace doesn't have google connect because the social graph of google plus is very small compared to facebook.
Reason I released this plugin is because other then login,you have url shortner,calendar and tasks synchronization.(You need to code to use these features).Myspace and Bebo don't need this extra features.
I've used captcha/recaptcha in the past and it slowed down the torrent of spam a bit, but plenty still gets through. Try the combination of plugins Stumpy linked to above (one of them being mine). If the spam is coming through a social login then the spam_login_filter may not be effective against it, I'm not entirely sure. Spam Throttle works based on activity though, so it will be effective against the spammers that do get past spam_login_filter.
Captchas have been cracked and are completely worthless to prevent spammers. That's why we don't bundled on in 1.8. Look at "back link" tools and you'll see that defeating captchas is either complete automated with OCR services, or they make it so simple that it barely adds 5 seconds for the spammer. Now, all captchas do is annoy real users. RIP captchas, 2003.
I can't speak to G+, but we've had many Twitter spammers here. Spam is a pervasive problem throughout the entire industry. I don't think any social networks are immune.
Best option might be to add a check using a custom question that requires to enter text / a word as answer. Image catchas seen pointless at some level as they get more and more complex resulting in humans having difficulties reading them and bots cracking them with ease sooner or later. I made good experience on a phpbb site with adding a question to the registration procedure - reduced spam to zero. There are some plugins available here that could be used as a starting point to implement a question check. While they seem focused on using math like questions (1 + 1 = ?) which might be too easy to crack, it should be possible to modify these plugins to allow for some custom question - best would be some site specific question.
Elgg does NOT allow me to turn off regular registrations ONLY... if I turn off new user regs, it does it across the board, it seems. Please correct me if this is wrong.. I might just test that out in a few mins... the registration question idea is probably best.. I'll try that.
thanks for the information about captcha and recaptcha I was not aware of that. I appreciate all of the imput! I also implemented an IP tracker.
where do I edit the user registration at? I can't seem to find it in the admin menus?
- Previous
- 1
- 2
- Next
You must log in to post replies.