On Wed, May 11, 2016 at 10:56:40PM +0200, Markus Neteler wrote:
In addition;
+('somsnjkeeese'),
+('anonymous'),
Done,
Martin.
--
Unix _IS_ user friendly - it's just selective about who its friends are !
--------------------------------------------------------------------------
Martin.
--
Unix _IS_ user friendly - it's just selective about who its friends are !
--------------------------------------------------------------------------
On Sun, May 15, 2016 at 12:39:34AM +0200, Markus Neteler wrote:
Please delete
meee002
thanks,
According to my mail of yesterday [1] you can perform users
deletion autonomously, being in the "sudo" group on the "web"
host. Let me know how if the script could be improved. Thanks!
On Sun, May 15, 2016 at 10:26 AM, Sandro Santilli <strk@keybit.net> wrote:
On Sun, May 15, 2016 at 12:39:34AM +0200, Markus Neteler wrote:
Please delete
meee002
thanks,
According to my mail of yesterday [1] you can perform users
deletion autonomously, being in the "sudo" group on the "web"
host. Let me know how if the script could be improved. Thanks!
I wonder if we could scan our LDAP DB again their records to identify
more removal candidates.
Sure we can !
for mail in `fetch-that-list`; do
ldapsearch -x "mail=$mail" | grep ^uid | sed 's/uid: //'
done
For just that specific email we have 22 accounts.
Whether or not to _allow_ registering multiple accounts with the
same email would be another question.
Also, I guess we could query that database, if we trust it,
to _prevent_ user registration. The user creation script
currently hard-codes some domains. This list would be more
specific. What to write a script that given an email returns
whether it is a knwon-spammer email or not ?
Please don't rush into removing those 22 accounts before checking
if they sent any content. I'm concerned about removing legit users
(I usually put the names in tracsvn:/osgeo/tools/trac/emergency_clean.sql
and run that script against all trac instances to get a feeling about
what they wrote in there, and also to keep a list of spammer users).
Please don't rush into removing those 22 accounts before checking
if they sent any content. I'm concerned about removing legit users
(I usually put the names in tracsvn:/osgeo/tools/trac/emergency_clean.sql
and run that script against all trac instances to get a feeling about
what they wrote in there, and also to keep a list of spammer users).
I've done that step, found no content in trac instances.
Here's the complete UIDs list, with creation timestamps.
Interesting, all accounts where created in April 30 2016
between 19:33 and 19:55.
The "mani0035" one was found holding authenticated sessions.
I guess the "user deletion" script should be improved to provide
a messa in a non-interactive way (-m, to resemble git commit ?)
Whether or not to _allow_ registering multiple accounts with the
same email would be another question.
Let's also remember that we do NOT verify email on registration,
so spammers could actually enter any email value. This would make
it easy, for example, to start spamming with _your_ email, and
we must not make the mistake of considering _your_ email as the
one of a spammer. Refusing to create two users with the same email
would help reducing this risk.
I guess the "user deletion" script should be improved to provide
a messa in a non-interactive way (-m, to resemble git commit ?)
I've added -r <reason> and --confirm switches, the users in the
list above are being removed as I write this mail. It takes time
because the script still counts till 10 before doing the work.
Details on removal can be found in web:/var/log/messages