Skip to:
Content

BuddyPress.org

Opened 8 years ago

Closed 8 years ago

#6816 closed defect (bug) (worksforme)

Delete records of spam users in not-activated users list on bp-signups

Reported by: slaffik's profile slaFFik Owned by:
Milestone: Priority: normal
Severity: normal Version:
Component: Administration Keywords:
Cc:

Description

When marking user as spammer appropriate record is not deleted from /wp-admin/users.php?page=bp-signups, although all other data (like created spam groups) is deleted.

Change History (16)

#1 @imath
8 years ago

Hi @slaFFik,

Just to make sure i understand this ticket.

A user signs up. He's not listed into the users but in pending accounts. As he's not a user yet you can't spam him.

He activates his account, then he's listed into users, so you can spam him but as he's already no more listed in pending accounts, i don't see why it's necessary to delete the row in $wpdb->signups. Moreover i think it's too bad to do so as we won't be able to rebuild this registration data when you unspam the user.

So i think i'd leave it the way it is, just like WordPress multisite configs are doing by default.

If i didn't understand the ticket, feel free to develop your idea :)

#2 @slaFFik
8 years ago

1) New user X registered
2) X was sent an email to activate his account, he is listed on /wp-admin/users.php?page=bp-signups page
3) X didn't follow the link in email, so the record about him is sill on bp-signups page
4) X can create group (spam content)
5) Admin saw that and wants to mark the user as spammer on wp-admin/users.php page
6) X is marked as spammer (and his spam group and all other content was deleted properly)
7) X is still listed on /wp-admin/users.php?page=bp-signups page, as his account was not activated.

IMO, we should remove users from bp-signups page if they are marked as spammers (as all their content was also removed).
AND we should not allow to create groups until he activates his account :)

All that on ordinary WordPress (not MS) with BuddyPress 2.4.3

Last edited 8 years ago by slaFFik (previous) (diff)

#3 @slaFFik
8 years ago

Also, I even don't think that anyone can unspam user. I'm admin of a social network on BuddyPress, I'm marking users as spammers before removing them in hope that akismet gets that data.

#4 @imath
8 years ago

Is what you described in 1) to 7) still happening if define( 'BP_SIGNUPS_SKIP_USER_CREATION', true ); ?

4) a not activated account on non ms site can create groups ? I'd be interested to have the way to reproduce this.

Are you sure there's not a plugin/custom code that would activate the user forgetting to update the signups table ?

if the action unspam exists, there must be a reason :)

#5 @slaFFik
8 years ago

There is an Unspam link for users that were marked as spam (/wp-admin/users.php?action=ham&user=2738&_wpnonce=c42331c937).

I have Limit Login Attempts, Wordfence Security & Stop Spammers Spam Control plugins activated. I'm not sure that I will be dare enough to try to reproduce on a live site without these plugins.
But I will test with that define (I put it in bp-custom.php).

Last edited 8 years ago by slaFFik (previous) (diff)

#6 @imath
8 years ago

Thanks a lot @slaFFik for your feedbacks.

#7 @slaFFik
8 years ago

Is what you described in 1) to 7) still happening if define( 'BP_SIGNUPS_SKIP_USER_CREATION', true ); ?

Yes, everything seems to be the same (1,2,3,5,6,7; there are not spam groups created from that time, but dunno whether it's related to this define or not).

#8 @imath
8 years ago

config is multisite or not ?

i assumed it wasn't a multisite because the user was created. Using the constant is making sure the user is not created for non multisite configs.

So i'm a bit amazed that you have steps > 3.

#9 @slaFFik
8 years ago

Not multisite.

#10 @imath
8 years ago

Are you sure that having the constant set, you still have :

4) X can create group (spam content)
5) Admin saw that and wants to mark the user as spammer on wp-admin/users.php page
6) X is marked as spammer (and his spam group and all other content was deleted properly)
7) X is still listed on /wp-admin/users.php?page=bp-signups page, as his account was not activated.

Using the constant, as the user is not created unless the account is activated using the activate link, it's very strange to still have 5 to 7.

I would expect that if the user is created, then the account has been activated, then, at least point 7 should disappear.

#11 @slaFFik
8 years ago

Finally got what you mean, sort of.


There was no new spam groups, because I disabled groups creations. Reenabled again. So that's why there was no 4).
5) and 6) are still valid.
7) Not listed.

#12 @DJPaul
8 years ago

  • Milestone changed from Awaiting Review to Under Consideration

#13 @DJPaul
8 years ago

  • Milestone changed from Under Consideration to Awaiting Review

#14 @DJPaul
8 years ago

I can't believe this has basically been in limbo for 7 months.

Someone - not @slaFFik - needs to try to recreate this. If we can't, we'll close the ticket, until we can.

#15 @DJPaul
8 years ago

  • Milestone changed from Awaiting Review to Under Consideration

#16 @DJPaul
8 years ago

  • Milestone Under Consideration deleted
  • Resolution set to worksforme
  • Status changed from new to closed

Going to close this because we've not been able to reproduce the issue. We'll re-open it as soon as another person is able to.

Note: See TracTickets for help on using tickets.