Fake users registration attack

Hello everybody,

Since yesterday I have been under a spam attack. I disabled "Allow new users to register" option from Settings > Advanced Settings admin panel and I still have got attacks because new fake users have been registered.

Additionaly I have this plugins installed and enabled: uservalidationbyemail, recaptcha, iptracker, spam_login_filter, spam_throttle, honeypot and akismet.  

What can I do? Thank you very much.

Replies

  • By Matt Beckett

    you're getting registration even though the setting is turned off?
    Are you using any social login integration - Facebook/Twitter etc?  They may be registering through a plugin like that.

  • By Paweł Sroka

    Make sure your installation is up to date. What version are you using now?

  • By RJ (Arvixe)

    That's strange. Are spammers still registering after turning off registration?

    Are the current registered fake spammers attacking your site?

    Rodolfo Hernandez

    Arvixe/Elgg Community Liaison

  • By Ron Wallace

    We get exactly the same thing. No matter how we try to stop them (including disabled "Allow new users to register"), they still register. We have Spam Login Filter installed too. We get emails saying that we've blocked hundreds of registrations, but when we look at the sites for the same period, we see 30-40 actual fake registrations that made it through. We've tried every spam plugin, but nothing works. They still are registering. We have had to turn off our sites to stop them. We are using HybrideAuth Client for Elgg for Elgg 1.8 for Facebook login - so maybe that's it. I'm going to turn it off and see if that helps. Othewise, I don't have a hint how to stop them. - FYI we're using 1.8.16 - same probelm on 3 different sites.

     

  • By David Romaní

    I'm using Elgg 1.8.16, since yesterday, it seems that no more fake users registered. It's true, if I disable the users registration setting, then I don't have the problem. Sorry for my mistake.

    But, If I turn on the setting then I have the same problem again.

  • By Michele

    Same as Ron here.

    No social login/registration. Elgg 1.8.16

    Many are blocked by spam login filter but around 70-80 since almost a week ago succeed in registering daily anyways. I didn't turn off the allow new user registration option but I did turn on (which I recommend) User Validation by Admin by Webgalli which is annoying to use because you have to check those who register but at least your users do not suffer any spamming.

    I also noticed that lately stopforumspam is sometimes down so that could explain at least part of the problem

    Cheers

  • By Aaron W

    I have also had lots of fake users signing up - l have uservalidation by email and captcha 1.8.1 installed. This only started happening about a week for me - I googled the problem and came to this page - Looks to me like they is some kind of "attack" that is causing this to happen to elgg sites. I dont really want to turn off new user creation. The users that had validated their email seamed to be selling baby clothes, but they is probably a darker story to it. I think that a human must be doing something to get past the captcha systems - I doubt that someone has created a system to do this.

    I am using 1.8.16 - Aaron

  • By Ron Wallace

    David said, <if I disable the users registration setting, then I don't have the problem>. You are lucky David, cause when we disable registration, it makes no difference, they still register the fake users. But, I'm going to try again, - although - we won't like to have to have that as our only option to stop this.

    Michele said, <No social login/registration.> Darn, I was hoping that was our problem.

    And <but around 70-80 since almost a week ago succeed in registering daily anyways> That's about the same number for us. But, as soon as we delete them, another batch arrives.

    And, <also noticed that lately stopforumspam is sometimes down> I noticed the same, but it only lasts for a few seconds, and another thing I  noticed is that sometimes the IP addresses that are submitted are weird.

    Aaron said, <I think that a human must be doing something to get past the captcha systems - I doubt that someone has created a system to do this.>  I think differently. I've tried all kinds of captcha's, and just about everything else. The fakes keep coming. And the numbers started small but are increasing. I doubt very much that any human is doing this - to me, you, and Michele, and David and everyone else that's going to get bombed eventually.

    So far we've found no solution, we've had to turn all of our sites off. It's too timecoming having to clean all these fake users all day long.

    Next, just to be sure, we are turnining off the Facebook login and we're going to try the Profile Manager plugin and require an image and a new field and accetance of our terms upon registration. And see if they get by that.

  • By Michele

    @Ron, if you have like me only max100 spammers and few new real users per day isn't it better to check and approve/delete them manually (uservalidation by admin) than switch off sites?

  • By Michele

    PS any of you guys knows if Fassim service is now more reliable? I did get the api key but many months ago had to turn it off on spam login filter because of so many complaints on false positives.

You must log in to post replies.