grin
(grin)
July 23, 2019, 11:35am
1
I have tried to search for a place which actually summarize what antispam possibilities a podmin have .
So, I have seen several threads, most of them from many years ago, mentioning various spam problems:
how to control spammy registrations on the pod
how to control fake email for the spammy accounts (how not to send email with unverified addresses)
how to control connections and content of spammy pods
how a podmin can destroy a spammy acocunts’ contributions (posts, comments, likes, whatever) apart from closing the spammy account
is there any way to control actual spam by registered accounts (eg. rate limiting, watched keywords, etc.)
(This question was partially arisen by spammy local registrations, and partly due to public post relays.)
1 Like
grin
(grin)
July 9, 2021, 2:07pm
2
No? No. I thought so.
Anyway. Here are my assorted ideas and tools.
Admin interface
There should be a time range by registrations list of users , just like “weekly users stats”, since that’s the way I could review recent registrations (spambots).
This list, as well as “Weekly user stats” should be in table form . The table would contain the most relevant data helping the admin make the distinction between spambot and user :
username - register time - sign in times - last seen - email - last ip
Hopefully sortable on the fields.
All rows shall contain small buttons for close , lock or wipe (this one would delete all the posts of the spammer), and a checkbox. Also a link to view the account and its posts (no javascript so it can be opened in background tabs).
By the way following and followers would be useful as well.
At the bottom there would be close all checked etc. buttons.
Admin shall have a “delete current user ” button in the header to quickly able to lock/close/wipe the user s/he is observing. Or a button on the side. Wherever.
grin
(grin)
July 9, 2021, 2:12pm
3
Automated means
Right now I use two scripts to clean up the trash.
One gets the subnets of known spambots and removes all account registered from those subnets.
The main script collects accounts where there was only one login and it’s older than a few days or weeks. I close and wipe these.
…also collects accounts where there were a few logins only within a short timeframe and it’s been a longer time ago (for me it’s 3 months). I usually close these.
Both scripts work from the postgres directly.
I would be glad if these could be automatised, maybe if I had a framework which only needed to have a few specific lines of code inserted. A working example for these…
2 Likes
tclaus
(Thorsten Claus)
September 11, 2021, 6:54am
4
You see the Anwesens - diaspora lacks a full set of spam controls:
on registration emails are not checked
Pods can not be blocked
users can not be closed
But there is hope:
Community woke up (“woke”… uh…) and has made some contributions:
Still not finally reviewed but a valid pull request to to core code:
block a pod
diaspora:develop
← tclaus:disable_pods
opened 11:29AM - 04 Apr 21 UTC
It uses the already existing 'blocked' information of Pods.
On Adminview a '… blocked/unblock' UI element is added.
A blocked pod is then filtered out in any stream views. No Database element is deleted or changed.
This Feature was requested in Issue #6640 and also discussed/requested in https://discourse.diasporafoundation.org/t/add-better-spam-controls/296
Is this a viable approach?
On https://societas.online this is already rolled out and ready to test.
Block / Unblock
<img width="884" alt="Bildschirmfoto 2021-04-04 um 13 32 20" src="https://user-images.githubusercontent.com/501326/113507388-63d5b300-954a-11eb-846c-12f0b995d01d.png">
Added blocked pod count in pod list - header
<img width="680" alt="Bildschirmfoto 2021-04-04 um 13 31 56" src="https://user-images.githubusercontent.com/501326/113507405-718b3880-954a-11eb-976b-da59145790cb.png">
Any remarks / ideas or help is appreciated.
Enhance reports
diaspora:develop
← tclaus:enhance_reports
opened 06:27AM - 28 Apr 21 UTC
This PR enhances Reports by
- adding a view that shows recent reports and the… action done (Item Deleted or not)
- adding a statistics view (Who reports and who is the originator of a reported item)
- a once 'reviewed report can be deleted retrospectively
- let podsmins show the originator even /after/ a reported item was deleted
- links to the originator profile directly (and not to the Search view)
**Heads up!**
It needs a migration!
Two fields are added: a 'action' textfield that is used to describe what happened to the report. Its free text, but filled based on the action.
The second fields holds the diaspora_handel for the originator. This is needed because after deleting a report this information is gone.
**What is the outcome?**
A Podmin now has more insights in old reports and in most reporter and most originators. A valuable base for more decisions what to do.
**Future**
List of reports grows without limits - a paginated view would be nice, but that was currently above my skill level.
Screenshots
(Added date time)
<img width="910" alt="Bildschirmfoto 2021-04-28 um 08 11 07" src="https://user-images.githubusercontent.com/501326/116355491-3652f100-a7fa-11eb-88b1-9bea3bd9eb44.png">
( deleted or reviewed reports)
<img width="898" alt="Bildschirmfoto 2021-04-28 um 08 10 56" src="https://user-images.githubusercontent.com/501326/116355311-f55adc80-a7f9-11eb-96d8-0c73e0c21640.png">
(statistics with links to the authors / originators)
<img width="939" alt="Bildschirmfoto 2021-04-28 um 08 11 17" src="https://user-images.githubusercontent.com/501326/116355560-4e2a7500-a7fa-11eb-8be9-31a3f9a730c2.png">
Comments, Ideas, critics... welcome!
#Block / Close an account
diaspora:develop
← tclaus:7464_7463_close_remote_accounts
opened 06:37PM - 07 Jun 21 UTC
It solves #7464 and #7463
- It adds the SuperTux88 / JHass' script to close… and wipe an account - even remote ones.
For this function you now can search through all persons on your pod, not only the local user.
- No external ruby code to remove spammers!
- It changes the order of the lock/close buttons in Admin view by its severity.
- It has some code refinements (Fixed Close / Lock/Unlock on Person and User classes)
- It prevents an admin to remove its own admin status accidently.
Remote / Local user in users' search view
<img width="860" alt="125693555-80872d90-6811-424b-9fbe-ed96cbb640d2" src="https://user-images.githubusercontent.com/501326/125694268-4384b0a1-b290-47b0-ba22-d0c9ad251252.png">
You might easily merge this branches to your code - but without any warranty.
Share your experience!
1 Like