Fake users registration attack

Hello everybody,

Since yesterday I have been under a spam attack. I disabled "Allow new users to register" option from Settings > Advanced Settings admin panel and I still have got attacks because new fake users have been registered.

Additionaly I have this plugins installed and enabled: uservalidationbyemail, recaptcha, iptracker, spam_login_filter, spam_throttle, honeypot and akismet.  

What can I do? Thank you very much.

  • @Gerard The Required Avatar is a good way to stop spammers. Also a passphrase captcha is another good idea. Also we need to check if third party plugins are not sending data to somewhere else.

    Rodolfo Hernandez

    Arvixe/Elgg Community Liaison

  • How to make an Required Avatar.Thanks(google translation)

  • @ISTRA: the Profile Manager plugin has a plugin setting that makes uploading an avatar image mandatory when registering an account.

    ----------

    When shutting down registering of new accounts there might still be unactivated account of spam bots remaining that are activated afterwards. This might explain why it seems that new accounts are still registered even with account registration disabled - which would then not actually happen.

    The Spam Filter plugin most likely is quite useless when the spam attack is done with a very large pool of (unique) IP addresses and login credentials. In this case the account creation fails to get blocked as they have not yet been used before. Still it might at least slow down the attacks in the long run when many sites use the Spam Filter plugin and the credentials used on one site get blocked as this will make re-using them impossible.

    A strategy that surely is not useful in any case but maybe at least in some cases and especially for test sites: if you don't need your site to be publically available then make it a walled-garden site and add a robots.txt to deny search engines crawling your site. Spammers want their spam to be indexed by search engines. If you don't allow search engines to index the content the spammers will most likely find your site not too attractive anymore.

    When using no generic captchas but rather some unique validation question you will most likely also be more successful in keeping spammers out. A generic captcha algorithm must only get cracked once and is then no problem anymore on any site it's used (most likely the common captcha cracking algorithms are included in the spam bot software already). If you use a specific question one for your single site then the effort necessary to crack it is more likely too much to be included in the commonly used spam bot tools.

  • Once we installed Profile Manager and required the profile image, we have gotten NO fake users. We continue to get hundreds upon hundreds of spams that are rejected by spam filter, but No fake users.

  • Great idea, I along with my friends I do not know more about how to fight spam. We opened the network for us and classic cars and to unite clubs in Croatia and we are always on the attack spam from around the world.

    Overnight we have 400-600 new users and no one has edited the profile and avatar. In life selling some flashy products and games in a casino. Before you install Elgg we tried other platforms but the problems are the same.

    Other platforms do not have this open community and support and leads to collapse.

    google translation

  • Personally, I don't mind making the avatar a requirment, it means the user is serious. They can always look around to see if it's something they might like, and if so, then a simple requirement like this, is a small price to pay for a professional community. If they want to just goof around, they've always got facebook. And, most everyone on facebook has an profile image, so requiring it is nothing new. Since we started using it, we have not gotten one fake registration. We continue to get a boatload of spammers that are rejected

    I would participate in a group for fighting spam, but best I can offer is beta testing and such since I'm not a developer. I would donate financially.

    My favorite idea so far is some way to easily and quickly change the registration page.

  • Spammers are targeting Elgg because it's inherently a social network, where the point is to allow users to create content instead of just consume it.  This makes all social networks a prime target, regardless of the underlying archetecture.  I've also had custom sites and drupal sites get spammed, it has more to do with allowing visitors to create content than what the site is built on.

    Some good ideas here, I don't like forcing an avatar as a rule though

  • Other scripts get hit just as hard. There's a team of hackers that specialise in destroying ZenCart stores and even have (had) a web site where they bragged about it. Oxwall is being hit very hard and many users including myself are unhappy. Oxwall has a plugin that let's you choose what countries your users can come from and it blocks others. I need something like that because my site is for Australia and New Zealand only.

    A two part registration seems the way to go. That way you can send a few arrows back. Have them fill out part one of the registration which contains a lot of mandantory data, then have a script email them with a code which they must enter before filling out part two. If every social site had s similar script, several million emails would be returned to their source, thus clogging their system and not ours. The code which should be a graphic question that requres a human answer, whould stop most false registrations in their tracks.

    Most forum programs that require email validation do this, but none seem to ask for an answer to a graphic validation question. They usually just ask you to confirm your email address.

    I'm not sure such a script would be that difficult to write.

  • Hello guys,

    We redirected the address of the registration page via cPanel to the homepage, since we have the registration form available at the frontpage via javascript. No more automated bots. Also we have Spam Login Filter. No more spammers, not even human spammers.

    If you really want a solution for this issue, I strongly recommend to try this solution, and put the registration form on frontpage using jQuery or Javascript.

    Rodolfo Hernandez

    Arvixe/Elgg Community Liaison

  • Regarding these spam attacks, may I ask a question of all you folks that are more wise about elgg than myself.

    1) Assume we want to upgrade from 1.8.16 to 1.8.17

    2) Assume it is proper policy to deactivate all noncore plugins, which means deativating all spam protection.

    3) Assume we  copy over all core files as is proper for the upgrade.

    4) Assume our site is under spam attack and we are now getting 1-3 attacks per minute.

    WHAT IS GOING TO HAPPEN?

    a) since the core files are being replaced, and especially since we can't run upgrade.php until all the files are completely replaced, will these frequent attacks harm the upgrade?

    b) since the spam plugins are all off, will we then be bombarded with new user fake registrations that we will have to delete after the upgrade?

    c) should we hope for the best and leave at least a bear minimum spam plugin, like spam filter, activated during the updgrade?

    d) or should we turn off registration completely before the upgrade.?

    This is our first upgrade, since elgg ver .9, that we have had to deal with a spam attack while doing the upgrade. We have 3 sites, so we want to do everything we can to make sure the upgrade goes smoothly and does not harm our installations.

    Your professional advice is requested. What shall we do. Please? Thank you.