Project

General

Profile

Support #2965

Spammers on commonsinabox.org

Added by scott voth over 8 years ago. Updated over 8 years ago.

Status:
Resolved
Priority name:
High
Assignee:
Category name:
commonsinabox.org
Target version:
-
Start date:
2014-01-18
Due date:
% Done:

0%

Estimated time:

Description

Hi - I am trying to figure out the best way to shut down the spammers on commonsinabox.org. Somehow they have figured out that they can go to http://commonsinabox.org/docs and there create buddypress docs filled with spam. The BP docs are not related to groups - I checked and even though members of groups can create BP Docs, the spam is not coming through there. (Maybe we should disable Docs for the groups before they exploit this avenue.) But is seems that the spam is coming through some part of the site wide wiki - that while officially turned off, has some residual vulnerability.

Not sure how to proceed. Should I go to the activity stream in the dashboard and mark each one as spam? Should we ban these spammers from the site? Shut down the BP Docs vulnerability? All the above? Thanks.

History

#1 Updated by Matt Gold over 8 years ago

  • Status changed from New to Assigned
  • Assignee set to Boone Gorges
  • Priority name changed from Normal to High

Thanks for catching this, Scott. Boone, please let us know your thoughts.

#2 Updated by Boone Gorges over 8 years ago

  • Status changed from Assigned to Reporter Feedback

Thanks for the report, Scott.

But is seems that the spam is coming through some part of the site wide wiki - that while officially turned off, has some residual vulnerability.

I'm not totally sure what you mean by this. In what sense is this "officially turned off"? I guess just that we don't have it linked in the navigation?

I don't think this is a vulnerability. It's a case where spammers have successfully created accounts, and then knew enough about BuddyPress to go to /docs/.

Do we have any legitimate use for Docs on commonsinabox.org? Glancing over the Docs directory, there are no non-spam Docs on the site. So I'm going to ahead and turn it off.

Let me know if this is enough to solve the problem.

#3 Updated by Matt Gold over 8 years ago

sounds like a good solution -- thank you. Can you please make a note of the spam accounts, too, so that we can delete them? Maybe you've already done that. Thanks for taking a look at this on a Saturday, and again, thanks for catching this, Scott.

#4 Updated by scott voth over 8 years ago

Thanks Boone. That did the trick. Yeah, what I meant was that the wiki wasn't on the menu, but it was still turned on. I made a list of the spammers:
marklee
tonychen
services
vijay
jackkronisusa

Also, I have marked as spam the recently created docs in the activity list.

#5 Updated by Matt Gold over 8 years ago

Thank you, Scott.

Boone, would you agree that the thing to do now is to delete the accounts in question? I think that marking them as spam accounts is possible in WP multisite, but not on a single site.

#6 Updated by Boone Gorges over 8 years ago

I've marked the users as spam. (profile > Settings > Capabilities)

#7 Updated by Matt Gold over 8 years ago

  • Status changed from Reporter Feedback to Resolved

Okay -- thanks, Boone. Confusing that most other admin controls of user accounts are on the dashboard while this is on the frontend, but I appreciate your help with this. Marking as resolved since all spam is gone and users have been marked accordingly. Thanks to you all for your help.

Also available in: Atom PDF