sorry for my mistakes, i dont speak much english xD
recently I'm learning php and I have chosen as a case study elgg platform, i dont develop much, although I can think of many ideas (does not matter)
I want to ask (I think this would help many users that use elgg) for example I'm using a plugin called "Request account info" developed by cash!
Lately I have seen good progress on elgg to counter attacks from automated bots, but there is a most difficult target "the human spammers"
many times it angers other registered users, I have seen modules created for banner users, suspended for a definite time, appoint editors to moderate ... whatever is missing something very important, I believe no one even had inadvertently said about
is that by making a request for password, no limit on users, for example, someone might abuse the resources sent by mail or just annoy another user to send unlimited fake password requests, just knowing the user name ...
This charge your smtp server, and uses needlessly sending email.
Anyone can develop a solution for this?
as I said I have the idea ... it may limit the number of lost password requests to 3 requests by day at most for each username or registered mail, if you exceed the limit that action is blocked for that user for 24 hours
or something like that, yahoo, google, facebook or twitter
I will try to do it but have not had time lately ....
info@elgg.org
Security issues should be reported to security@elgg.org!
©2014 the Elgg Foundation
Elgg is a registered trademark of Thematic Networks.
Cover image by RaĆ¼l Utrera is used under Creative Commons license.
Icons by Flaticon and FontAwesome.
- Ray J@RayJ
Ray J - 0 likes
- Trajan@Trajan
Trajan - 0 likes
- Cash@costelloc
Cash - 0 likes
- Alexander Kings@bless_hacker
Alexander Kings - 0 likes
You must log in to post replies.Look for spam login filter and spam fighter.
Here: http://community.elgg.org/pg/plugins/project/774755/developer/RayJ/spam-login-filter
and Here: http://community.elgg.org/pg/plugins/project/826577/developer/ihayredinov/hypespamfighter
Good luck.
I have just received this kind of attention from somebody here on the community site. I received 4 fake password reset requests all originating from the same IP address. Not too difficult to track that person down and ban them.
Those requests came from Alexander Kings. If anyone would like to work on adding a limit, we'd definitely accept a patch/pull request.
yes it was me, excuse me Trajan... Cash you're a sentinel xD