Spam Login Filter v1.8.5

Release Notes

Uploaded the version again, without the github files.

  • I think there might be a bug in the callback function of the cron job resulting in the ip address entities not being found. The ip delete action does also check for hidden ip address entities while the cron job callback function does not.

    You can try the following script (save on your server in the Elgg root directory, log in as admin and then call the script via the browsers address bar


    require 'engine/start.php';

    if(elgg_is_admin_logged_in()) {

        // Retrieve the the ips older than one week
        $time_to_seek = time() - 604800; //(7 * 24 * 60 * 60);

        // Limit the ips deleted in a single run - set to 0 for no limit
        $limit = 1000;

        $options = array(
                  "type" => "object",
                  "subtype" => "spam_login_filter_ip",
                  "created_time_upper" => $time_to_seek,
                  "limit" => $limit

        $ia = elgg_set_ignore_access(true);
        $access = access_get_show_hidden_status();

        $spam_login_filter_ip_list = elgg_get_entities($options);

        if ($spam_login_filter_ip_list) {
            foreach($spam_login_filter_ip_list as $ip_to_exclude){



    The script only workes if you are logged in as admin in the same browser session. I've also added a limit (1000) of the number of ip addresses that get deleted in one run to not run into memory issues on the server. If you are lazy, you can set the limit to 0 which means no limit. The script will only delete ip addresses older than one week.

    I hope it works (can't test myself as I don't have any blocked spammers If it works it might be best to fix the callback function in the plugin in the long run.

  • This is good news. We'll implement the script. Is it expected that this problem will be fixed in a future version of this plugin? - which, by the way is Great and recommended.

  • I too am having a problem with the newest version of this plugin.

    After I upgraded from 1.8.2 I have been unable to login to my site without first changing the name of the plugin thus disabling it. When I attempt to login it get this error "Access denied due to spam issues (IP blacklisted). Please contact the site administrator."

    Any ideas?  I have checked the blacklisted ip addresses and can not fine mine in the list, but too I have 1000's of them.

    I plan to run the script here and see what that does.


  • OK, ran the above script and have no ip addresses in the ip address blacklist.  But I still get the error "Access denied due to spam issues (IP blacklisted). Please contact the site administrator." 

    Any ideas? 

    I am running 1.8.16 version of elgg.

  • i want to use this plugin but it seems to stop normal users signing upto the site or signing in sing facebook etc : ( inbox me if these issues are fixed please asap got alot of porn spammers at the moment it is getting out of hand! i am using

  • i just noticed that the stopforumspam featuresa appear to have been removed from this version of the plugin. previously i had stopforumspam enabled and fassim disabled.

    now i can only see how to configure the plugin with most features if i have fassim enabled.. which is a problem since i am seeing that fassim is not as reliable as stopforumspam.

    today i was blocked from my own site by fassim for an unknown reason (except that the plugin says that my email is blacklisted). fassim is not providing a way to resolve this or to find the cause (or even to login to their site!).

    so i will disable this plugin until this is fixed.

  • The features were and are only available for fassim, just the old settings page layout didn't make that clear.  No features have been removed.

  • oh ok.. i will look at this again then.

    do you know of any way to use the fassim site to unblock email adresses / ip addresses etc?
    the fassim site is devoid of features and functions.

  • I don't know, it does seem like the majority of false-positives are from fassim though.

  • here's a case for improvement to this plugin:

    when a spammer adds an item to a group, the members may receive notification of this via their inbox. these notifications are not being removed when spammers are removed using this plugin.

  • The plugin is a "first barrier" against spammers, blocking him in user registration. After this, the plugin doesnt act anymore.

    To filter spam content, you need a plugin like akismet or spam throtle, from Matt Becket. Thery are "second barrier" plugins, fighting spammers after the registration.

  • i thought this plugin is the one that adds the option to 'delete and report as spammer' via the avatar hover menu.. or is that another plugin?

  • If you delete the user, the content should be removed. Strange...

  • perhaps the delete function does not currently extend to received messages within the elgg inbox.

  • Messages delete on user deletion was added as a bugfix in a recent release, make sure you're using the most recent version of elgg

  • i am running 1.8.16, version - 2013051700 here.

  • i just received a spam email here in the elgg community and the user had been deleted by the admins and yet the spam inbox message remains.

  • Messages have two copies, one is owned by sender, second by receiver, so you can delete them independently.

  • ok yes, so the deletion process being used here is omitting one of them.

  • Hello, blacked out and denounced a user. I have to undo it? Has somehow gave retrieve user data in the bank or in some other way?

  • is it possible to block ip with a wildcard like 24* and it will block all 24.xx.xx.xx domains?

  • @whitetornado No. (Right now at least...) you can't block an IP directly at all. The IP addresses are checked against the Spammers databases of StopForumSpam and/or Fassim. But this is done for each single IP specifically. For Fassim you can define countries to be blocked (by their IPs). But I can't tell you how good or bad this works as I've not managed to get any Fassim API key so far...

  • I am very happy with this plugin. Works like a charm! Unfortunately, we currently have a lot of spam from bots using email subdomains. E.g., "all @" or "all @". They are currently not all caught by the IP blacklist, so I added the domain to the email domain blacklist. Though, just adding the email domain "" isn't helping much, since the subdomain always varies...

    Since we still need to use elgg version 1.8 and so I am also using the corresponding plugin-version. I have not tried the most current version of the plugin, since I don't believe it will work with elgg 1.8.

    Is there a fix for this? Any suggestions?

  • If you're still using 1.8 then you have to use the 1.8 version of this plugin.  It won't stop *all* spam, just the ones in the stop forum spam database.

Matt Beckett

I'm a self-employed web developer, family man, nerd, scuba diver. Manager/maintainer of this elgg community site, and core Elgg development team member.

Project Info


  • Category: Spam
  • License: GNU General Public License (GPL) version 2
  • Updated: 2015-12-18
  • Downloads: 13665
  • Recommendations: 75

Other Projects

View Matt Beckett's plugins