Hello,
Seems like bots are registering on and on..
What could be the best way deter bot registration. Double opt in ie. email verification is already active and so do recaptcha !
It is funny how you asked this question over a month ago and no response is given to the most persistent Pligg problem. Fact is, Pligg is apparently a target for spammers and spamming pligg sites a cottage industry onto itself. You bring the spam issue up and you will hear make sure you turn on email validation. Well there is a bug in the pligg application because I get at least 5 spammers a day who are able to register to my site with emails that are clearly invalid (for example I frequently get spam registration emails like... tomdyce1967@mysace.com or bobhope1922@mexicanemail.com). The spammers have gotten a little more sophisticated now so they try to register with what appear to be valid emails. But often times I check the email at yahoo or gmail if they give a yahoo or gmail address and it tells me the email address is available...which of course means that they were able to bypass the email validation step with an invalid email address. In the early days I tried using IP Deny to deny IP addresses and that worked for a while but now I'm getting spammers from all across the globe so denying a range of IPs is not a successful approach.Originally Posted by Jaffery
The fix would be to allow the pligg admin to approve new users first before they are granted access and/or to fix this auto registration spam bug where it seems spammers are easily able to bypass the email validation step. But around here the spam issue has almost become an elephant in the room so I labor on trying to fix the problem myself or maybe at some point I'll just migrate to some other CMS system. Oh and a word of caution I am pretty confident some of the spammers read these boards too so if anyone cares to share any solutions to this problem make sure it is a good one and hack proof.
The Facebook Module for Pligg CMS!
Register, Login, and Submit Stories with Facebook. An absolute MUST HAVE for all Pligg sites!
I know Pligg is open source and people do this for free but why not work on a fix to prevent people from registering to the site with invalid emails(this is with the email validation feature turned on)? 99 percent of the spam I get is from the invalid email spammers so that seems like a good fix for the problem. The built in IP Blacklist feature would be useful...I have hundreds that I have blocked using my host's IP deny feature that I am willing to share but it seems to me the priorities here are a little mixed up.The next best feature would be the ability to do account moderation where the account does not get created unless approved by the admin. If the admin approves then the validation email gets sent to the user allowing the user to complete the registration. That seems like a real solution to me.
Pligg is made for spammers!!!
Its very interesting that some people online can make a script, tool to post, register, SPAM!!! Automatically.
Why cant Pligg developers make spam free engine?
Its not rocket science if you look at it logical, go to wordpress and ask them how they fight spam, go to digg, check they system and see.
IP Blacklisting is worst method to ban anyone, it will only make tons of IP adresses blacklisted and our spammers are already 5 steps infront pligg since they already have proxy in they tools.
Please pligg owners get serious against anti spam fight or in worst case scenario FBI could deal with your system. ( so much spam i have never see in my whole life online)
Why i complain or comment?
Because every day i delete over 400 posts on my 3 low visited websites(ofcourse i need to do it manually).
I didnt check my spam for last 7 days since i had some job to do and please try to guess how much posts i have delete?
Its very interesting that every day i delete posts and there are no single spam on my website, but spammers keep comming, reason why they come is that they just push one button and they are sending posts to tons of pligg websites.
P.S. i have all anti spam modules, by all i mean ALL and still i get this amount of spam.
Now im waiting for new version but as i see there are not much changes for anti spam so probably wont update to it since is waste of time to update to soemthign that will not change MAJOR pligg problem.
P.S.S. try to think what will happen to your website if you dont delete spam for 1 year? I m pretty sure that you could get called by your country spam abuse service team.
Digg doesn't have spam figured out. Not even close. Have a quick look at the first few upcoming pages and I think you'll see what I mean. Their upcoming pages are easily 75% spam.
I also don't think it's fair to compare Pligg (or any social bookmarking system) to Wordpress. They are very different systems, and used for different purposes. Social bookmarking is inherently geared towards spammers as the main purpose of the site is to submit links. Unfortunately for any admins out there, that means a huge part of their job is going to be deleting spam and poor sites.
I agree that IP banning is the worst method out there - Proxy lists are insanely easy to use and any true spammer has been using them for years. You won't get anywhere doing this.
I've found the askimet module to be quite helpful. It's definitely far from perfect, but that's because it was created to fight comment spam, which is a totally different phenomenon.
Apart from that, I suggest you think about the submit anti-spam module that comes with Pligg by default. Instead of allowing any user to submit, they first need to be approved. This will allow you to keep a tight grip on who is using on your site.
What if there was a tool to prevent certain domains for registering accounts?
At my site accounts with those domains:
usmails.info
eusermail.com
emailfile.info
mexicanemail.info
emaildesechable.info
freeeeemail.com
mailnum.info
foryouremail.info
thmail.info
privateemail.info
are always spammers, so this tool could block those accounts automatically, or even better, the spammer receive the notice that's everything is ok, but in fact the registration is never recorded on the database.
I think that could be another tool against the spammers, also this tool could create a database of those domains and made available for other pligg members.
There is, it comes with the default installation of Pligg - you just need to enable it. Go to Admin Panel -> Configure -> AntiSpam -> Enable spam checking.
This is referred to as a "Ghost Ban" and famously used by Reddit. I've actually implemented it on soLinkable (read my blog entry here). I can highly recommend this method - It seems extreme and a little mean, but it works wonders.
If you outright ban someone, they'll just create a new account. However, a "ghost ban" keeps the guilty party thinking they're still submitting content, while in reality all of it is just automatically moved to "discard" and I never see it.
1. We are improving the Akismet module right now for the next release. There are some bugs that have been caused by it being activated that need to be sorted out. We are also thinking about integrating other spam blacklists like StopForumSpam.com.
2. In the past 24 hours I have probably received a dozen Wordpress comment spam messages on the Pligg blog. All comments on the Wordpress blog must be manually approved by a moderator before being published, and this is the only thing keeping spam off of WP. I'm not saying that Wordpress' anti-spam capabilities are inferior to Pligg's. I am only reminding everyone that there is no perfect one-click solution to block all forms of spam. The only way to really keep spam off your site is to have someone who regularly checks new submissions.
3. I had an idea for a Pligg anti-spam module a while ago that we might start working on soon. There are so many items that we need to take care of and we only have so many people able to work on these additions. If anyone would like to donate some of their spare time and create some useful anti-spam code we would be happy to look it over and perhaps add it to Pligg CMS. Pligg has a limited number development resources and unless someone wants to put their skills or money where their mouth is we can't address these issues any faster.
4. I think that baboo was saying that certain email domains are frequently spamming him. We've added in a new module hook to the register process so that we can eventually make a module to easily block these types of domains. Here's an example of a core hack that will let you block an email domain. The added code will need to be repeated for each additional domain that you want to block.
Open register.php and find:
Replace with:Code:if($password !== $password2) { // if both passwords do not match $form_password_error[] = $main_smarty->get_config_vars('PLIGG_Visual_Register_Error_NoPassMatch'); $error = true; }
Code:if($password !== $password2) { // if both passwords do not match $form_password_error[] = $main_smarty->get_config_vars('PLIGG_Visual_Register_Error_NoPassMatch'); $error = true; } if(strpos($email, 'exampledomain.com')) { // if email is not valid $form_email_error[] = $main_smarty->get_config_vars('PLIGG_Visual_Register_Error_BadE mail'); $error = true; }
The Facebook Module for Pligg CMS!
Register, Login, and Submit Stories with Facebook. An absolute MUST HAVE for all Pligg sites!
Posting Permissions
Reply With Quote