Quantcast

Fwd: Cleaning up bogus user accounts

classic Classic list List threaded Threaded
11 messages Options
JonStahl JonStahl
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Fwd: Cleaning up bogus user accounts

Since I've gotten zero response in nearly two weeks on the
plone-website list, I thought I'd forward this along here.

cheers,
jon



---------- Forwarded message ----------
From: Jon Stahl <[hidden email]>
Date: Fri, Mar 9, 2012 at 3:02 PM
Subject: Cleaning up bogus user accounts
To: [hidden email]


Hi all-

Sean Kelly and I have been investigating the state of the plone.org
LDAP database, and we have some recommendations to bounce off of the
larger community.

We have about 58k accounts in the plone.org LDAP system, which
backends authentication for plone.org, dev.plone.org (trac) and is
synced to github.  The vast, vast majority of these accounts (all but
about 2000) are pretty obviously bogus/spam accounts, and most of
these (but not all) were created back in the days when we had a
vulnerability (now closed) related to member portraits, which made it
worthwhile to try to create bogus user accounts for SEO spamming.

Sean and I believe we can easily nuke all of these accounts with
minimal collateral damage to legit accounts by removing all accounts
that are NOT members of a plone.org LDAP group (e.g. committers,
collective committers, etc.) AND also have not ever created a record
in the Trac database (e.g. a bug report or a comment) AND don't own an
item in http://plone.org/support/sites or
http://plone.org/support/providers.

Can anybody think of a class of legitimate accounts that would be
excluded by the above logic?


---
Jon Stahl
MPA Candidate, Evans School of Public Affairs
University of Washington
http://jstahl.org
206.226.0818

------------------------------------------------------------------------------
This SF email is sponsosred by:
Try Windows Azure free for 90 days Click Here
http://p.sf.net/sfu/sfd2d-msazure
_______________________________________________
Plone-developers mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/plone-developers
William Deegan William Deegan
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Cleaning up bogus user accounts

Jon,

Perhaps generate the list of accounts and let people raise their hands if any should be kept?

-Bill
On Mar 21, 2012, at 2:57 PM, Jon Stahl wrote:

> Since I've gotten zero response in nearly two weeks on the
> plone-website list, I thought I'd forward this along here.
>
> cheers,
> jon
>
>
>
> ---------- Forwarded message ----------
> From: Jon Stahl <[hidden email]>
> Date: Fri, Mar 9, 2012 at 3:02 PM
> Subject: Cleaning up bogus user accounts
> To: [hidden email]
>
>
> Hi all-
>
> Sean Kelly and I have been investigating the state of the plone.org
> LDAP database, and we have some recommendations to bounce off of the
> larger community.
>
> We have about 58k accounts in the plone.org LDAP system, which
> backends authentication for plone.org, dev.plone.org (trac) and is
> synced to github.  The vast, vast majority of these accounts (all but
> about 2000) are pretty obviously bogus/spam accounts, and most of
> these (but not all) were created back in the days when we had a
> vulnerability (now closed) related to member portraits, which made it
> worthwhile to try to create bogus user accounts for SEO spamming.
>
> Sean and I believe we can easily nuke all of these accounts with
> minimal collateral damage to legit accounts by removing all accounts
> that are NOT members of a plone.org LDAP group (e.g. committers,
> collective committers, etc.) AND also have not ever created a record
> in the Trac database (e.g. a bug report or a comment) AND don't own an
> item in http://plone.org/support/sites or
> http://plone.org/support/providers.
>
> Can anybody think of a class of legitimate accounts that would be
> excluded by the above logic?
>
>
> ---
> Jon Stahl
> MPA Candidate, Evans School of Public Affairs
> University of Washington
> http://jstahl.org
> 206.226.0818
>
> ------------------------------------------------------------------------------
> This SF email is sponsosred by:
> Try Windows Azure free for 90 days Click Here
> http://p.sf.net/sfu/sfd2d-msazure
> _______________________________________________
> Plone-developers mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/plone-developers


------------------------------------------------------------------------------
This SF email is sponsosred by:
Try Windows Azure free for 90 days Click Here
http://p.sf.net/sfu/sfd2d-msazure
_______________________________________________
Plone-developers mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/plone-developers
JonStahl JonStahl
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Cleaning up bogus user accounts

Hmm, good suggestion, we'll consider that.   It will be quite long,
but people can search it, I suppose.


On Wed, Mar 21, 2012 at 3:20 PM, William Deegan
<[hidden email]> wrote:

> Jon,
>
> Perhaps generate the list of accounts and let people raise their hands if any should be kept?
>
> -Bill
> On Mar 21, 2012, at 2:57 PM, Jon Stahl wrote:
>
>> Since I've gotten zero response in nearly two weeks on the
>> plone-website list, I thought I'd forward this along here.
>>
>> cheers,
>> jon
>>
>>
>>
>> ---------- Forwarded message ----------
>> From: Jon Stahl <[hidden email]>
>> Date: Fri, Mar 9, 2012 at 3:02 PM
>> Subject: Cleaning up bogus user accounts
>> To: [hidden email]
>>
>>
>> Hi all-
>>
>> Sean Kelly and I have been investigating the state of the plone.org
>> LDAP database, and we have some recommendations to bounce off of the
>> larger community.
>>
>> We have about 58k accounts in the plone.org LDAP system, which
>> backends authentication for plone.org, dev.plone.org (trac) and is
>> synced to github.  The vast, vast majority of these accounts (all but
>> about 2000) are pretty obviously bogus/spam accounts, and most of
>> these (but not all) were created back in the days when we had a
>> vulnerability (now closed) related to member portraits, which made it
>> worthwhile to try to create bogus user accounts for SEO spamming.
>>
>> Sean and I believe we can easily nuke all of these accounts with
>> minimal collateral damage to legit accounts by removing all accounts
>> that are NOT members of a plone.org LDAP group (e.g. committers,
>> collective committers, etc.) AND also have not ever created a record
>> in the Trac database (e.g. a bug report or a comment) AND don't own an
>> item in http://plone.org/support/sites or
>> http://plone.org/support/providers.
>>
>> Can anybody think of a class of legitimate accounts that would be
>> excluded by the above logic?
>>
>>
>> ---
>> Jon Stahl
>> MPA Candidate, Evans School of Public Affairs
>> University of Washington
>> http://jstahl.org
>> 206.226.0818
>>
>> ------------------------------------------------------------------------------
>> This SF email is sponsosred by:
>> Try Windows Azure free for 90 days Click Here
>> http://p.sf.net/sfu/sfd2d-msazure
>> _______________________________________________
>> Plone-developers mailing list
>> [hidden email]
>> https://lists.sourceforge.net/lists/listinfo/plone-developers
>

------------------------------------------------------------------------------
This SF email is sponsosred by:
Try Windows Azure free for 90 days Click Here
http://p.sf.net/sfu/sfd2d-msazure
_______________________________________________
Plone-developers mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/plone-developers
Laurence Rowe Laurence Rowe
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Cleaning up bogus user accounts

To be completely sure you might need to look at all local role
assignments as well, if a user has none then they can just recreate
their account if needs be.

Another way might be to cross-check against login_time /
last_login_time (I forget which is updated)? And decide that any
account that has not logged in recently but would otherwise be removed
would become fair game. If people want to keep their accounts they can
just log in to plone.org. (This info is in portal_memberdata rather
than in ldap.)

Laurence

On 21 March 2012 22:23, Jon Stahl <[hidden email]> wrote:

> Hmm, good suggestion, we'll consider that.   It will be quite long,
> but people can search it, I suppose.
>
>
> On Wed, Mar 21, 2012 at 3:20 PM, William Deegan
> <[hidden email]> wrote:
>> Jon,
>>
>> Perhaps generate the list of accounts and let people raise their hands if any should be kept?
>>
>> -Bill
>> On Mar 21, 2012, at 2:57 PM, Jon Stahl wrote:
>>
>>> Since I've gotten zero response in nearly two weeks on the
>>> plone-website list, I thought I'd forward this along here.
>>>
>>> cheers,
>>> jon
>>>
>>>
>>>
>>> ---------- Forwarded message ----------
>>> From: Jon Stahl <[hidden email]>
>>> Date: Fri, Mar 9, 2012 at 3:02 PM
>>> Subject: Cleaning up bogus user accounts
>>> To: [hidden email]
>>>
>>>
>>> Hi all-
>>>
>>> Sean Kelly and I have been investigating the state of the plone.org
>>> LDAP database, and we have some recommendations to bounce off of the
>>> larger community.
>>>
>>> We have about 58k accounts in the plone.org LDAP system, which
>>> backends authentication for plone.org, dev.plone.org (trac) and is
>>> synced to github.  The vast, vast majority of these accounts (all but
>>> about 2000) are pretty obviously bogus/spam accounts, and most of
>>> these (but not all) were created back in the days when we had a
>>> vulnerability (now closed) related to member portraits, which made it
>>> worthwhile to try to create bogus user accounts for SEO spamming.
>>>
>>> Sean and I believe we can easily nuke all of these accounts with
>>> minimal collateral damage to legit accounts by removing all accounts
>>> that are NOT members of a plone.org LDAP group (e.g. committers,
>>> collective committers, etc.) AND also have not ever created a record
>>> in the Trac database (e.g. a bug report or a comment) AND don't own an
>>> item in http://plone.org/support/sites or
>>> http://plone.org/support/providers.
>>>
>>> Can anybody think of a class of legitimate accounts that would be
>>> excluded by the above logic?
>>>
>>>
>>> ---
>>> Jon Stahl
>>> MPA Candidate, Evans School of Public Affairs
>>> University of Washington
>>> http://jstahl.org
>>> 206.226.0818
>>>
>>> ------------------------------------------------------------------------------
>>> This SF email is sponsosred by:
>>> Try Windows Azure free for 90 days Click Here
>>> http://p.sf.net/sfu/sfd2d-msazure
>>> _______________________________________________
>>> Plone-developers mailing list
>>> [hidden email]
>>> https://lists.sourceforge.net/lists/listinfo/plone-developers
>>
>
> ------------------------------------------------------------------------------
> This SF email is sponsosred by:
> Try Windows Azure free for 90 days Click Here
> http://p.sf.net/sfu/sfd2d-msazure
> _______________________________________________
> Plone-developers mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/plone-developers

------------------------------------------------------------------------------
This SF email is sponsosred by:
Try Windows Azure free for 90 days Click Here
http://p.sf.net/sfu/sfd2d-msazure
_______________________________________________
Plone-developers mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/plone-developers
AnthonyG AnthonyG
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Cleaning up bogus user accounts

I'm sure we have but just in case please ensure you have a tested
backup / restore procedure in place.

http://blog.jquery.com/2011/12/08/what-is-happening-to-the-jquery-plugins-site/

On 21 March 2012 22:44, Laurence Rowe <[hidden email]> wrote:

> To be completely sure you might need to look at all local role
> assignments as well, if a user has none then they can just recreate
> their account if needs be.
>
> Another way might be to cross-check against login_time /
> last_login_time (I forget which is updated)? And decide that any
> account that has not logged in recently but would otherwise be removed
> would become fair game. If people want to keep their accounts they can
> just log in to plone.org. (This info is in portal_memberdata rather
> than in ldap.)
>
> Laurence
>
> On 21 March 2012 22:23, Jon Stahl <[hidden email]> wrote:
>> Hmm, good suggestion, we'll consider that.   It will be quite long,
>> but people can search it, I suppose.
>>
>>
>> On Wed, Mar 21, 2012 at 3:20 PM, William Deegan
>> <[hidden email]> wrote:
>>> Jon,
>>>
>>> Perhaps generate the list of accounts and let people raise their hands if any should be kept?
>>>
>>> -Bill
>>> On Mar 21, 2012, at 2:57 PM, Jon Stahl wrote:
>>>
>>>> Since I've gotten zero response in nearly two weeks on the
>>>> plone-website list, I thought I'd forward this along here.
>>>>
>>>> cheers,
>>>> jon
>>>>
>>>>
>>>>
>>>> ---------- Forwarded message ----------
>>>> From: Jon Stahl <[hidden email]>
>>>> Date: Fri, Mar 9, 2012 at 3:02 PM
>>>> Subject: Cleaning up bogus user accounts
>>>> To: [hidden email]
>>>>
>>>>
>>>> Hi all-
>>>>
>>>> Sean Kelly and I have been investigating the state of the plone.org
>>>> LDAP database, and we have some recommendations to bounce off of the
>>>> larger community.
>>>>
>>>> We have about 58k accounts in the plone.org LDAP system, which
>>>> backends authentication for plone.org, dev.plone.org (trac) and is
>>>> synced to github.  The vast, vast majority of these accounts (all but
>>>> about 2000) are pretty obviously bogus/spam accounts, and most of
>>>> these (but not all) were created back in the days when we had a
>>>> vulnerability (now closed) related to member portraits, which made it
>>>> worthwhile to try to create bogus user accounts for SEO spamming.
>>>>
>>>> Sean and I believe we can easily nuke all of these accounts with
>>>> minimal collateral damage to legit accounts by removing all accounts
>>>> that are NOT members of a plone.org LDAP group (e.g. committers,
>>>> collective committers, etc.) AND also have not ever created a record
>>>> in the Trac database (e.g. a bug report or a comment) AND don't own an
>>>> item in http://plone.org/support/sites or
>>>> http://plone.org/support/providers.
>>>>
>>>> Can anybody think of a class of legitimate accounts that would be
>>>> excluded by the above logic?
>>>>
>>>>
>>>> ---
>>>> Jon Stahl
>>>> MPA Candidate, Evans School of Public Affairs
>>>> University of Washington
>>>> http://jstahl.org
>>>> 206.226.0818
>>>>
>>>> ------------------------------------------------------------------------------
>>>> This SF email is sponsosred by:
>>>> Try Windows Azure free for 90 days Click Here
>>>> http://p.sf.net/sfu/sfd2d-msazure
>>>> _______________________________________________
>>>> Plone-developers mailing list
>>>> [hidden email]
>>>> https://lists.sourceforge.net/lists/listinfo/plone-developers
>>>
>>
>> ------------------------------------------------------------------------------
>> This SF email is sponsosred by:
>> Try Windows Azure free for 90 days Click Here
>> http://p.sf.net/sfu/sfd2d-msazure
>> _______________________________________________
>> Plone-developers mailing list
>> [hidden email]
>> https://lists.sourceforge.net/lists/listinfo/plone-developers
>
> ------------------------------------------------------------------------------
> This SF email is sponsosred by:
> Try Windows Azure free for 90 days Click Here
> http://p.sf.net/sfu/sfd2d-msazure
> _______________________________________________
> Plone-developers mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/plone-developers

------------------------------------------------------------------------------
This SF email is sponsosred by:
Try Windows Azure free for 90 days Click Here
http://p.sf.net/sfu/sfd2d-msazure
_______________________________________________
Plone-developers mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/plone-developers
JonStahl JonStahl
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Cleaning up bogus user accounts

We'll make sure we have a backup of the LDAP files before we do this.

:jon


On Thu, Mar 22, 2012 at 12:32 AM, Anthony Gerrard
<[hidden email]> wrote:

> I'm sure we have but just in case please ensure you have a tested
> backup / restore procedure in place.
>
> http://blog.jquery.com/2011/12/08/what-is-happening-to-the-jquery-plugins-site/
>
> On 21 March 2012 22:44, Laurence Rowe <[hidden email]> wrote:
>> To be completely sure you might need to look at all local role
>> assignments as well, if a user has none then they can just recreate
>> their account if needs be.
>>
>> Another way might be to cross-check against login_time /
>> last_login_time (I forget which is updated)? And decide that any
>> account that has not logged in recently but would otherwise be removed
>> would become fair game. If people want to keep their accounts they can
>> just log in to plone.org. (This info is in portal_memberdata rather
>> than in ldap.)
>>
>> Laurence
>>
>> On 21 March 2012 22:23, Jon Stahl <[hidden email]> wrote:
>>> Hmm, good suggestion, we'll consider that.   It will be quite long,
>>> but people can search it, I suppose.
>>>
>>>
>>> On Wed, Mar 21, 2012 at 3:20 PM, William Deegan
>>> <[hidden email]> wrote:
>>>> Jon,
>>>>
>>>> Perhaps generate the list of accounts and let people raise their hands if any should be kept?
>>>>
>>>> -Bill
>>>> On Mar 21, 2012, at 2:57 PM, Jon Stahl wrote:
>>>>
>>>>> Since I've gotten zero response in nearly two weeks on the
>>>>> plone-website list, I thought I'd forward this along here.
>>>>>
>>>>> cheers,
>>>>> jon
>>>>>
>>>>>
>>>>>
>>>>> ---------- Forwarded message ----------
>>>>> From: Jon Stahl <[hidden email]>
>>>>> Date: Fri, Mar 9, 2012 at 3:02 PM
>>>>> Subject: Cleaning up bogus user accounts
>>>>> To: [hidden email]
>>>>>
>>>>>
>>>>> Hi all-
>>>>>
>>>>> Sean Kelly and I have been investigating the state of the plone.org
>>>>> LDAP database, and we have some recommendations to bounce off of the
>>>>> larger community.
>>>>>
>>>>> We have about 58k accounts in the plone.org LDAP system, which
>>>>> backends authentication for plone.org, dev.plone.org (trac) and is
>>>>> synced to github.  The vast, vast majority of these accounts (all but
>>>>> about 2000) are pretty obviously bogus/spam accounts, and most of
>>>>> these (but not all) were created back in the days when we had a
>>>>> vulnerability (now closed) related to member portraits, which made it
>>>>> worthwhile to try to create bogus user accounts for SEO spamming.
>>>>>
>>>>> Sean and I believe we can easily nuke all of these accounts with
>>>>> minimal collateral damage to legit accounts by removing all accounts
>>>>> that are NOT members of a plone.org LDAP group (e.g. committers,
>>>>> collective committers, etc.) AND also have not ever created a record
>>>>> in the Trac database (e.g. a bug report or a comment) AND don't own an
>>>>> item in http://plone.org/support/sites or
>>>>> http://plone.org/support/providers.
>>>>>
>>>>> Can anybody think of a class of legitimate accounts that would be
>>>>> excluded by the above logic?
>>>>>
>>>>>
>>>>> ---
>>>>> Jon Stahl
>>>>> MPA Candidate, Evans School of Public Affairs
>>>>> University of Washington
>>>>> http://jstahl.org
>>>>> 206.226.0818
>>>>>
>>>>> ------------------------------------------------------------------------------
>>>>> This SF email is sponsosred by:
>>>>> Try Windows Azure free for 90 days Click Here
>>>>> http://p.sf.net/sfu/sfd2d-msazure
>>>>> _______________________________________________
>>>>> Plone-developers mailing list
>>>>> [hidden email]
>>>>> https://lists.sourceforge.net/lists/listinfo/plone-developers
>>>>
>>>
>>> ------------------------------------------------------------------------------
>>> This SF email is sponsosred by:
>>> Try Windows Azure free for 90 days Click Here
>>> http://p.sf.net/sfu/sfd2d-msazure
>>> _______________________________________________
>>> Plone-developers mailing list
>>> [hidden email]
>>> https://lists.sourceforge.net/lists/listinfo/plone-developers
>>
>> ------------------------------------------------------------------------------
>> This SF email is sponsosred by:
>> Try Windows Azure free for 90 days Click Here
>> http://p.sf.net/sfu/sfd2d-msazure
>> _______________________________________________
>> Plone-developers mailing list
>> [hidden email]
>> https://lists.sourceforge.net/lists/listinfo/plone-developers

------------------------------------------------------------------------------
This SF email is sponsosred by:
Try Windows Azure free for 90 days Click Here
http://p.sf.net/sfu/sfd2d-msazure
_______________________________________________
Plone-developers mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/plone-developers
Luca Fabbri Luca Fabbri
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Fwd: Cleaning up bogus user accounts

In reply to this post by JonStahl
On Wed, Mar 21, 2012 at 10:57 PM, Jon Stahl <[hidden email]> wrote:
> Since I've gotten zero response in nearly two weeks on the
> plone-website list, I thought I'd forward this along here.
>

Just for know: is this task still in progress? Today I get a spam
message on a Poi issue tracker, I think from an authenticated user

--
-- luca

twitter: http://twitter.com/keul
linkedin: http://linkedin.com/in/lucafbb
blog: http://blog.keul.it/

------------------------------------------------------------------------------
For Developers, A Lot Can Happen In A Second.
Boundary is the first to Know...and Tell You.
Monitor Your Applications in Ultra-Fine Resolution. Try it FREE!
http://p.sf.net/sfu/Boundary-d2dvs2
_______________________________________________
Plone-developers mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/plone-developers
JonStahl JonStahl
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Fwd: Cleaning up bogus user accounts


On Thu, Apr 12, 2012 at 11:53 PM, Luca Fabbri <[hidden email]> wrote:
On Wed, Mar 21, 2012 at 10:57 PM, Jon Stahl <[hidden email]> wrote:
> Since I've gotten zero response in nearly two weeks on the
> plone-website list, I thought I'd forward this along here.
>

Just for know: is this task still in progress? Today I get a spam
message on a Poi issue tracker, I think from an authenticated user

It hasn't happened yet, but it will.  In the meantime, send me the username and I will nuke it.

:jon

------------------------------------------------------------------------------
For Developers, A Lot Can Happen In A Second.
Boundary is the first to Know...and Tell You.
Monitor Your Applications in Ultra-Fine Resolution. Try it FREE!
http://p.sf.net/sfu/Boundary-d2dvs2
_______________________________________________
Plone-developers mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/plone-developers
Maurits van Rees-3 Maurits van Rees-3
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Fwd: Cleaning up bogus user accounts

Op 13-04-12 16:33, Jon Stahl schreef:

>
> On Thu, Apr 12, 2012 at 11:53 PM, Luca Fabbri
> <[hidden email]
> <mailto:[hidden email]>> wrote:
>
>     On Wed, Mar 21, 2012 at 10:57 PM, Jon Stahl
>     <[hidden email]
>     <mailto:[hidden email]>> wrote:
>      > Since I've gotten zero response in nearly two weeks on the
>      > plone-website list, I thought I'd forward this along here.
>      >
>
>     Just for know: is this task still in progress? Today I get a spam
>     message on a Poi issue tracker, I think from an authenticated user
>
>
> It hasn't happened yet, but it will.  In the meantime, send me the
> username and I will nuke it.

I had one in the issue tracker of Poi itself today, with fullname 'Coach
Outlet'; don't know what the exact user id is.  I have removed the spam
message.


--
Maurits van Rees: http://maurits.vanrees.org/
Zest Software: http://zestsoftware.nl


------------------------------------------------------------------------------
For Developers, A Lot Can Happen In A Second.
Boundary is the first to Know...and Tell You.
Monitor Your Applications in Ultra-Fine Resolution. Try it FREE!
http://p.sf.net/sfu/Boundary-d2dvs2
_______________________________________________
Plone-developers mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/plone-developers
JonStahl JonStahl
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Fwd: Cleaning up bogus user accounts



On Fri, Apr 13, 2012 at 9:07 AM, Maurits van Rees <[hidden email]> wrote:
Op 13-04-12 16:33, Jon Stahl schreef:
>
> On Thu, Apr 12, 2012 at 11:53 PM, Luca Fabbri
> <[hidden email]
> <mailto:[hidden email]>> wrote:
>
>     On Wed, Mar 21, 2012 at 10:57 PM, Jon Stahl
>     <[hidden email]
>     <mailto:[hidden email]>> wrote:
>      > Since I've gotten zero response in nearly two weeks on the
>      > plone-website list, I thought I'd forward this along here.
>      >
>
>     Just for know: is this task still in progress? Today I get a spam
>     message on a Poi issue tracker, I think from an authenticated user
>
>
> It hasn't happened yet, but it will.  In the meantime, send me the
> username and I will nuke it.

I had one in the issue tracker of Poi itself today, with fullname 'Coach
Outlet'; don't know what the exact user id is.  I have removed the spam
message.

User deleted.

:jon

------------------------------------------------------------------------------
For Developers, A Lot Can Happen In A Second.
Boundary is the first to Know...and Tell You.
Monitor Your Applications in Ultra-Fine Resolution. Try it FREE!
http://p.sf.net/sfu/Boundary-d2dvs2
_______________________________________________
Plone-developers mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/plone-developers
Luca Fabbri Luca Fabbri
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Fwd: Cleaning up bogus user accounts

On Fri, Apr 13, 2012 at 6:14 PM, Jon Stahl <[hidden email]> wrote:

>
>
> On Fri, Apr 13, 2012 at 9:07 AM, Maurits van Rees
> <[hidden email]> wrote:
>>
>> Op 13-04-12 16:33, Jon Stahl schreef:
>> >
>> > On Thu, Apr 12, 2012 at 11:53 PM, Luca Fabbri
>> > <[hidden email]
>> > <mailto:[hidden email]>> wrote:
>> >
>> >     On Wed, Mar 21, 2012 at 10:57 PM, Jon Stahl
>> >     <[hidden email]
>> >     <mailto:[hidden email]>> wrote:
>> >      > Since I've gotten zero response in nearly two weeks on the
>> >      > plone-website list, I thought I'd forward this along here.
>> >      >
>> >
>> >     Just for know: is this task still in progress? Today I get a spam
>> >     message on a Poi issue tracker, I think from an authenticated user
>> >
>> >
>> > It hasn't happened yet, but it will.  In the meantime, send me the
>> > username and I will nuke it.
>>
>> I had one in the issue tracker of Poi itself today, with fullname 'Coach
>> Outlet'; don't know what the exact user id is.  I have removed the spam
>> message.
>
>
> User deleted.
>

Another user to be deleted: "oakleysung"

It also added a spam comment to one of my products but I've no power
to delete the commenti itself:
http://plone.org/products/ploneboardnotify


--
-- luca

twitter: http://twitter.com/keul
linkedin: http://linkedin.com/in/lucafbb
blog: http://blog.keul.it/

------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Plone-developers mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/plone-developers
Loading...