Permanently deleting spam users

4 views
Skip to first unread message

Ben Fairless

unread,
May 28, 2024, 1:28:45 AMMay 28
to alavet...@googlegroups.com
Hi all,

We've had an explosion of spam users recently - almost all of which create an account to update their profile with whatever spammy content they see fit.

I'm wondering if there's a way to purge these users from Alaveteli at all? If possible, something that meets the below criteria:
1. User is Banned
2. No Requests have been made
3. No comments have been left
4. No tracks have been created

Keen to hear your ideas!

Thanks,
Ben

Gareth Rees

unread,
May 28, 2024, 7:34:31 AMMay 28
to Alaveteli Dev
We don't have a script exactly like the above – you'd need to write one. Should be pretty easy, along the lines of:

User.banned.find_each do |user|
  user.destroy! if user.info_requests.none? && user.comments.none? && user.track_things.none?
end

n.b. I haven't checked this _at all_ – its just an off the cuff gist of the kind of code you'd need to write. You can then run through rails console or rails runner.

We've faced similar in the past (and still get spam signups, though these days the impact is much lower since user profiles/pictures aren't as indexable by search engines) so we wrote https://github.com/mysociety/alaveteli/blob/develop/lib/tasks/cleanup.rake#L16-L54 which might be of interest.

Laurent Savaëte

unread,
May 28, 2024, 7:54:45 AMMay 28
to alavet...@googlegroups.com

Hi Ben,

Only tangentially answering your question, this is more about preventing spam account creation than removing them.

We had issues with spam accounts for a while as well, until I realised they all used a url in their account names, so I added a spam scoring rule to block such account names at creation, and the problem stopped. I don't know if it is the case for you, but just in case:

patch https://github.com/mysociety/alaveteli/blob/develop/config/initializers/user_spam_scorer.rb#L7 to replace its content with

settings = YAML.load(File.read(path), permitted_classes: [Regexp])['user_spam_scorer']

This allows defining regexps in the following config file, otherwise ruby will crash.

Then update config/user_spam_scorer.yml with something like what we have here: https://gitlab.com/madada-team/dada-core/-/blob/master/ansible/roles/alaveteli/templates/config_user_spam_scorer.yml#L63

In our case, we just added the last line to the default values alaveteli defines to prevent urls like https:// which does not seem like a useful account name anyway.

Good luck!

Laurent

--
You received this message because you are subscribed to the Google Groups "Alaveteli Dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to alaveteli-de...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/alaveteli-dev/64104a4b-f3b6-47b6-9864-ae2e834a6d31n%40googlegroups.com.
Reply all
Reply to author
Forward
0 new messages