Support #2965
closedSpammers on commonsinabox.org
0%
Description
Hi - I am trying to figure out the best way to shut down the spammers on commonsinabox.org. Somehow they have figured out that they can go to http://commonsinabox.org/docs and there create buddypress docs filled with spam. The BP docs are not related to groups - I checked and even though members of groups can create BP Docs, the spam is not coming through there. (Maybe we should disable Docs for the groups before they exploit this avenue.) But is seems that the spam is coming through some part of the site wide wiki - that while officially turned off, has some residual vulnerability.
Not sure how to proceed. Should I go to the activity stream in the dashboard and mark each one as spam? Should we ban these spammers from the site? Shut down the BP Docs vulnerability? All the above? Thanks.
Updated by Matt Gold about 10 years ago
- Status changed from New to Assigned
- Assignee set to Boone Gorges
- Priority name changed from Normal to High
Thanks for catching this, Scott. Boone, please let us know your thoughts.
Updated by Boone Gorges about 10 years ago
- Status changed from Assigned to Reporter Feedback
Thanks for the report, Scott.
But is seems that the spam is coming through some part of the site wide wiki - that while officially turned off, has some residual vulnerability.
I'm not totally sure what you mean by this. In what sense is this "officially turned off"? I guess just that we don't have it linked in the navigation?
I don't think this is a vulnerability. It's a case where spammers have successfully created accounts, and then knew enough about BuddyPress to go to /docs/.
Do we have any legitimate use for Docs on commonsinabox.org? Glancing over the Docs directory, there are no non-spam Docs on the site. So I'm going to ahead and turn it off.
Let me know if this is enough to solve the problem.
Updated by Matt Gold about 10 years ago
sounds like a good solution -- thank you. Can you please make a note of the spam accounts, too, so that we can delete them? Maybe you've already done that. Thanks for taking a look at this on a Saturday, and again, thanks for catching this, Scott.
Updated by scott voth about 10 years ago
Thanks Boone. That did the trick. Yeah, what I meant was that the wiki wasn't on the menu, but it was still turned on. I made a list of the spammers:
marklee
tonychen
services
vijay
jackkronisusa
Also, I have marked as spam the recently created docs in the activity list.
Updated by Matt Gold about 10 years ago
Thank you, Scott.
Boone, would you agree that the thing to do now is to delete the accounts in question? I think that marking them as spam accounts is possible in WP multisite, but not on a single site.
Updated by Boone Gorges about 10 years ago
I've marked the users as spam. (profile > Settings > Capabilities)
Updated by Matt Gold about 10 years ago
- Status changed from Reporter Feedback to Resolved
Okay -- thanks, Boone. Confusing that most other admin controls of user accounts are on the dashboard while this is on the frontend, but I appreciate your help with this. Marking as resolved since all spam is gone and users have been marked accordingly. Thanks to you all for your help.