Spammers on commonsinabox.org
Hi - I am trying to figure out the best way to shut down the spammers on commonsinabox.org. Somehow they have figured out that they can go to http://commonsinabox.org/docs and there create buddypress docs filled with spam. The BP docs are not related to groups - I checked and even though members of groups can create BP Docs, the spam is not coming through there. (Maybe we should disable Docs for the groups before they exploit this avenue.) But is seems that the spam is coming through some part of the site wide wiki - that while officially turned off, has some residual vulnerability.
Not sure how to proceed. Should I go to the activity stream in the dashboard and mark each one as spam? Should we ban these spammers from the site? Shut down the BP Docs vulnerability? All the above? Thanks.
#2 Updated by Boone Gorges over 8 years ago
- Status changed from Assigned to Reporter Feedback
Thanks for the report, Scott.
But is seems that the spam is coming through some part of the site wide wiki - that while officially turned off, has some residual vulnerability.
I'm not totally sure what you mean by this. In what sense is this "officially turned off"? I guess just that we don't have it linked in the navigation?
I don't think this is a vulnerability. It's a case where spammers have successfully created accounts, and then knew enough about BuddyPress to go to /docs/.
Do we have any legitimate use for Docs on commonsinabox.org? Glancing over the Docs directory, there are no non-spam Docs on the site. So I'm going to ahead and turn it off.
Let me know if this is enough to solve the problem.
#4 Updated by scott voth over 8 years ago
Thanks Boone. That did the trick. Yeah, what I meant was that the wiki wasn't on the menu, but it was still turned on. I made a list of the spammers:
Also, I have marked as spam the recently created docs in the activity list.
#7 Updated by Matt Gold over 8 years ago
- Status changed from Reporter Feedback to Resolved
Okay -- thanks, Boone. Confusing that most other admin controls of user accounts are on the dashboard while this is on the frontend, but I appreciate your help with this. Marking as resolved since all spam is gone and users have been marked accordingly. Thanks to you all for your help.