Spam Login Filter v1.8.5

Release Notes

Uploaded the version again, without the github files.

  • Hi Ray J,

    Always grateful for your great plugin.

    I see a thing: even if I set ip blacklist on No, I still see many new IPs blacklisted in the Manage Blocked IPs admin page, is this strange or am I missing something?

    Also, even if my daily cron is enabled, this blacklist does not expire as in the plugin's description (Cache expires once a week) my misunderstanding on this function?


  • I am now trying to manually delete each of them (I have hundreds :S) but for each deletion I receive a blank page, is this supposed to work so?

    Suggestion: a 'select all' checkbox per page to then delete all at once would be great...I'm consuming a couple of mouses here :D

  • ohhh man I just checked better and I have offset=16550 blocked ips :S

    How can I delete all of them at once? Can I go to Mysql admin area and delete some table's row and that's all? Which one? :S

    Help very much appreciated..

  • I think there might be a bug in the callback function of the cron job resulting in the ip address entities not being found. The ip delete action does also check for hidden ip address entities while the cron job callback function does not.

    You can try the following script (save on your server in the Elgg root directory, log in as admin and then call the script via the browsers address bar


    require 'engine/start.php';

    if(elgg_is_admin_logged_in()) {

        // Retrieve the the ips older than one week
        $time_to_seek = time() - 604800; //(7 * 24 * 60 * 60);

        // Limit the ips deleted in a single run - set to 0 for no limit
        $limit = 1000;

        $options = array(
                  "type" => "object",
                  "subtype" => "spam_login_filter_ip",
                  "created_time_upper" => $time_to_seek,
                  "limit" => $limit

        $ia = elgg_set_ignore_access(true);
        $access = access_get_show_hidden_status();

        $spam_login_filter_ip_list = elgg_get_entities($options);

        if ($spam_login_filter_ip_list) {
            foreach($spam_login_filter_ip_list as $ip_to_exclude){



    The script only workes if you are logged in as admin in the same browser session. I've also added a limit (1000) of the number of ip addresses that get deleted in one run to not run into memory issues on the server. If you are lazy, you can set the limit to 0 which means no limit. The script will only delete ip addresses older than one week.

    I hope it works (can't test myself as I don't have any blocked spammers If it works it might be best to fix the callback function in the plugin in the long run.

  • @iionly SO GRATEFUL! The script worked great! My server was lazy - not me! :) - and I had to set the limit to 450 but with many refresh could much faster delete the older than 7 days entries. THANK YOU!

    As for the blocked IPs ... I set the slf's option to No but the blacklist is still being created, my misunderstanding or a bug?


  • This is good news. We'll implement the script. Is it expected that this problem will be fixed in a future version of this plugin? - which, by the way is Great and recommended.

  • I too am having a problem with the newest version of this plugin.

    After I upgraded from 1.8.2 I have been unable to login to my site without first changing the name of the plugin thus disabling it. When I attempt to login it get this error "Access denied due to spam issues (IP blacklisted). Please contact the site administrator."

    Any ideas?  I have checked the blacklisted ip addresses and can not fine mine in the list, but too I have 1000's of them.

    I plan to run the script here and see what that does.


  • OK, ran the above script and have no ip addresses in the ip address blacklist.  But I still get the error "Access denied due to spam issues (IP blacklisted). Please contact the site administrator." 

    Any ideas? 

    I am running 1.8.16 version of elgg.

  • i want to use this plugin but it seems to stop normal users signing upto the site or signing in sing facebook etc : ( inbox me if these issues are fixed please asap got alot of porn spammers at the moment it is getting out of hand! i am using

  • i just noticed that the stopforumspam featuresa appear to have been removed from this version of the plugin. previously i had stopforumspam enabled and fassim disabled.

    now i can only see how to configure the plugin with most features if i have fassim enabled.. which is a problem since i am seeing that fassim is not as reliable as stopforumspam.

    today i was blocked from my own site by fassim for an unknown reason (except that the plugin says that my email is blacklisted). fassim is not providing a way to resolve this or to find the cause (or even to login to their site!).

    so i will disable this plugin until this is fixed.

  • The features were and are only available for fassim, just the old settings page layout didn't make that clear.  No features have been removed.

  • oh ok.. i will look at this again then.

    do you know of any way to use the fassim site to unblock email adresses / ip addresses etc?
    the fassim site is devoid of features and functions.

  • I don't know, it does seem like the majority of false-positives are from fassim though.

  • here's a case for improvement to this plugin:

    when a spammer adds an item to a group, the members may receive notification of this via their inbox. these notifications are not being removed when spammers are removed using this plugin.

  • The plugin is a "first barrier" against spammers, blocking him in user registration. After this, the plugin doesnt act anymore.

    To filter spam content, you need a plugin like akismet or spam throtle, from Matt Becket. Thery are "second barrier" plugins, fighting spammers after the registration.

  • i thought this plugin is the one that adds the option to 'delete and report as spammer' via the avatar hover menu.. or is that another plugin?

  • If you delete the user, the content should be removed. Strange...

  • perhaps the delete function does not currently extend to received messages within the elgg inbox.

  • Messages delete on user deletion was added as a bugfix in a recent release, make sure you're using the most recent version of elgg

  • i am running 1.8.16, version - 2013051700 here.

  • i just received a spam email here in the elgg community and the user had been deleted by the admins and yet the spam inbox message remains.

  • Messages have two copies, one is owned by sender, second by receiver, so you can delete them independently.

  • ok yes, so the deletion process being used here is omitting one of them.

  • Hi Ray J,

    this could maybe be useful for this plugin's users (from this thread)

    "Last (bad?) idea in 2013 :)

    Add uservalidation by admin features to spam login filter would also help a lot because when I now delete users from uvba they're not reported to stopforumspam so can register again and again and again...


  • Hello, blacked out and denounced a user. I have to undo it? Has somehow gave retrieve user data in the bank or in some other way?

Matt Beckett

I'm a self-employed web developer, family man, nerd, scuba diver. Manager/maintainer of this elgg community site, and core Elgg development team member.

Project Info


  • Category: Spam
  • License: GNU General Public License (GPL) version 2
  • Updated: 2015-12-18
  • Downloads: 10818
  • Recommendations: 78

Other Projects

View Matt Beckett's plugins