Questions and Answers

How do I collect points?

  • +4
    Chosen as best answer
  • +1
    Posted answer
  • +1
    Posted question
  • +1
    Thumb up
  • -1
    Thumb down
10

by SunFlower in General about August 12, 2011 open - report

Spammers attack

How do you fight with spam bots in SocialEngine? At lot of bots started to bombard my network 2-3 weeks ago.

Answers: 15  •  Score 3  •  Views: 5501

15 Answers
Browse by
  • 263

    by Gaurav Sharma about August 4, 2014

    Hello Guys,

    iPragmatech Socialengine Mobile Verification Plugin allows you to protect your socialengine website by adding SMS verification functionality to User Registration functions . check this link:http://www.ipragmatech.com/socialengine-mobile-verification-plugin.html#.U-BxCB9s_Zs

    Please let me know if you have any question. We are also working on the two way authenication. I think you should not to worry for spammers after insalling this plugin.

    • Score: 0
  • 10

    by John about November 2, 2013

    i ve since installed spam trawler about 2 months ago, and its superb.

    spam is down to next to nothing, should have odne it sooner.

    • Score: 0
  • 26

    by Mike D about March 1, 2013

    Here are my ways to battle this. I disagree with the user posting blogs are overdone as once I installed blogs on my site activity increased greatly and so did spam...So heres what I did...First and foremost use incapsula (http://www.incapsula.com) they have a free account. This is a must for any SE site...Don't question it go get it now....With that being said spam stragglers will still find there way in but only like 1 or 2 a week so what I did first is have an email sent to admin on new signup then I made a new member level named "new signups" and I changed the blogs and forums settings to not allowing this new level to post until I switch their member level. Sure it is an extra step but it helps and with the email you kow right away so if it is a valid user they won't even notice. 

     

    However if you can deal with 1 or 2 spammers a week just using incapsula alone is enough...

    • Score: 0
  • 10

    by John about February 26, 2013

    i user recaptcha and it will cut them down to a small degree.i m looking to install spam trawler which costs 70 USD installed.

    ive also installed younetco's 'advancd blogs', which lets you either use recaptcha again or approve all manually. i use the second option.

    • Score: 0
  • 16

    by Jazz Man about November 2, 2011

    I decided to not have blogs on my site. I personally think blogging is overdone these days and usually the main reason why bots attempt to create accounts on your site is because the want to post splog. So why tease them? I am very familiar with autoblogging, even though I don't practice it. There are valid ways to autoblog but the practice has been abused, trashed, and then over abused again. It's not worth the pain. There are plugins that can provide features similar to blogging, manual blogging, and more, so I just don't bother with the blogs. Same thing goes for the forums, they can be nothing but a bot town. Again, there are better plugins that can be used as a forum. For instance, this very plugin we are using in this community can be tweaked to be used as a forum (think about how you're using this site :).
    • Score: 0
  • 5

    by Fajar Muhammad about October 23, 2011

    Set Re caphtcha on sign up and they will go away ...
    • Score: 0
  • 32

    by Sophy Reid about August 30, 2011

    Has anyone tried to use Spam trawler?
    1 comment
    • Codeman88
      by Codeman88
      January 23, 2013

      I'd use Spam Trawler over anything, will buy It soon cause I read all the positive reviews.

  • 1

    by Demetrios Fotographia about August 28, 2011

    I need help with this, will someone help me set this up. Im not a programmer so dont know how
    • Score: 0
    1 comment
    • Nick
      by Nick
      August 30, 2011

      Contact 3rd party developers. I recommend Webhive webhive.com.ua. It's not a hard work - I'm sure for a minimal fee any developer will gladly help.

  • 6

    by Emad Ahmed about August 27, 2011

    Trick 2 again:

    put anti sql injection code in your htaccess files. In this way you might get away from hackers.

    The anti sql injection code is given below:-


    */code*/

    RewriteEngine On
        Options +Followsymlinks
      # Block out any script trying to base64_encode crap to send via URL
        RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [OR]
        # Block out any script that includes a <script> tag in URL
        RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
        # Block out any script trying to set a PHP GLOBALS variable via URL
        RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
        # Block out any script trying to modify a _REQUEST variable via URL
        RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
        RewriteRule ^(.*)$ /index.php [F,L]
    RewriteCond %{QUERY_STRING}

    [^a-z](declare|char|set|cast|convert|delete|drop|exec|insert|meta|script|select|truncate|upd

    ate)[^a-z] [NC]
    RewriteRule (.*) - [F]  


    /*code end*/

    • Score: 0
    6 comments
    • Emad Ahmed
      by Emad Ahmed
      August 27, 2011

      Part1:
      RewriteEngine On
      Options +Followsymlinks
      # Block out any script trying to base64_encode crap to send via URL...  more

    • Emad Ahmed
      by Emad Ahmed
      August 27, 2011

      Part2: RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
      # Block out any script trying to set a PHP GLOBALS variable via URL
      RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
      # Block out any script trying to mo...  more

    • Emad Ahmed
      by Emad Ahmed
      August 27, 2011

      Part3: RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
      RewriteRule ^(.*)$ /index.php [F,L]
      RewriteCond %{QUERY_STRING}
      [^a-z](declare|char|set|cast|convert|delete|drop|exec|insert|meta|script|select|truncate|upd...  more

    • Sophy Reid
      by Sophy Reid
      August 30, 2011

      Do you have to put all the three tricks you provided above or just one? And where exactly in the htaccess?

  • 6

    by Emad Ahmed about August 27, 2011

    There are a lot of ways to protect your SE site, especially that there are a group of hackers attach SE sites now. I will give you some tricks one by one. First trick: The below .htaccess code to ban visits originating from certain domains. For example, if an undesirable domain is showing up a lot in your web site referrer logs, you can ban that domain so any traffic coming from it- human or otherwise- is blocked. Separate each domain with a line break, so each domain occupies its own line. Enter list of domains to ban. Do NOT include the "http://www." portion! Add the below code to your .htaccess file (blank or existing), and upload to your root web directory: */code*/ ## SITE REFERRER BANNING RewriteEngine on # Options +FollowSymlinks RewriteCond %{HTTP_REFERER} badsite\.com [NC,OR] RewriteCond %{HTTP_REFERER} badsite\. [NC,OR] RewriteCond %{HTTP_REFERER} sub\.badsite\.com [NC] RewriteRule .* - [F] /*code end*/ Use the same format, example if you want to ban yahoo.com referer, it will be RewriteCond %{HTTP_REFERER} yahoo\.com [NC,OR] badsite.com,badsite.,sub.badsite.com are some example, you can replace it by the domain that you want to ban. Examples of valid entries: * badsite.com (Blocks traffic coming from badsite.com) * badsite. (Blocks traffic coming from all varieties of badsite.xxx, such as badsite.com, badsite.net etc) * subdomain.badsite.com(Blocks traffic coming from subdomain.badsite.com * 32.173.21.187 (Blocks traffic coming from a particular site IP) You can check the Referring Url In: Admin Panel > Stats > Referring Urls
    • Score: 0
  • 34

    by The Meister Glenn about August 22, 2011

    I recently locked down my site to FB connect/Twitter connect only but it required some modification. No spammers as well, unless they could get into FB first.
    3 comments
    • Nick
      by Nick
      August 23, 2011

      This is really good idea. Let Facebook handle spammers.

    • The Meister Glenn
      by The Meister Glenn
      September 8, 2011

      This one will require some modifications though, making it exclusive for FB/Twitter connect you must disable the login/signup links, remove to login widget and create your own custom login widget with only the Facebook and Twitter connect buttons present....  more

    • The Meister Glenn
      by The Meister Glenn
      October 15, 2011

      Now it looks like SE 4.1.8 will have us the ability to change the layout of the login and login pages - which is great. Hiding the login and links to the signup section will force all users to login via FB or Twitter to authenticate them instead.

  • 10

    by SunFlower about August 14, 2011

    Back when se4.me worked I had a list of banned IP. Not sure how to do update it now. New spammers appear all the time.
    • Score: 0
    1 comment
    • Eugene
      by Eugene
      August 16, 2011

      I had a situation when I was not able to visit client’s website (we have static IP). Small mistake in your IP list will definitely reduce number of users in your community.

  • 30

    by Jeff Pearson about August 12, 2011

    We had setup ReCaptcha and problem disappeared. I’m sure it’s not an option for human spammers, but the major idea is to beat automated mass spam. Human spammers can’t post much. It just does not worth their efforts. Here is a link how to install ReCaptcha on SocialEngine http://www.socialenginemods.net/social-engine/tutorials/6/recaptcha-se-v4
    4 comments
    • Ricky Waldron
      by Ricky Waldron
      August 17, 2011

      We had a few spammers last week and set up ReCaptcha as well. We also route our site through CloudFlare and they identify a lot of known threats that you can ban by IP, or even entire countries.

    • SunFlower
      by SunFlower
      August 19, 2011

      Asked our programmer to install ReCaptcha. No spam registration during last 2 days. But still few spam posts in blogs. Most likely from previously registered spammers.

    • Sophy Reid
      by Sophy Reid
      September 12, 2011

      Installed ReCapcha and seems to be working. Will give it a time to see how it goes.

    • Jazz Man
      by Jazz Man
      November 2, 2011

      ReCaptcha will do the trick for a while but not always, I know of bots that can easily bypass it.
      I have an idea for a plugin that would make it almost 100% bot and hacker proof (almost because nothing is 100% secured these days). It's similar to what my ...  more

  • 12

    by Gabriel Gonzalez about August 12, 2011

    Two weeks ago we have started to receive a lot of spam post on our community (SE4). For some reason all spam accounts had “Pairs” (not Paris) set as a city. Our programmer was able to ban most of them by that field. Also now every new user with from Pairs is banned automatically :)
    2 comments
    • Jeff Pearson
      by Jeff Pearson
      August 15, 2011

      This is rather a workaround. It will work until somebody will modify the bot or fix the typo in it :)

    • Jan Bosman
      by Jan Bosman
      August 19, 2011

      I have the same bot attempting to register new accounts every day. I've had to moderate new memberships and approve them manually, keep an extensive IP address ban list in my .htaccess file, etc.
      How did your programmer manage to automatically ban users ...  more

  • 11

    by Danny G about August 12, 2011

    I had a lot of spam in blog, but on some forum I've found an advice to rename blogs to notes. This way I don't get any spam blogs anymore. Hope this will help!
You must login to post an answer.