chx suggested on IRC that I file an issue requesting a new admin role that can block users but not have access to PHP. This role would be a step up from maintainer, with the ability to block spammers but doesn't need any other extra powers. This would be handy for people that spend a lot of time cleaning up spam and then have to go find someone or file an issue for the blocking, which gives the spammer time to spam some more before being blocked.

Thanks,

Michelle

Comments

Amazon’s picture

Amazon commented
Assigned: Unassigned » Amazon

We just ran into similar problems with og forums on CSL.org. People were livid they were getting porn spam from CSL.org from their groups subscriptions.

Ultimately, we ended up going back to moderating all content.

What I might suggest is that you trap the problem earlier in the process. If several hundred people get spam emails due to their group subscriptions groups.drupal.org might start getting blocked by ISPs.

Perhaps new comments can be moderated until authenticated users have been promoted to trusted authenticated users. This will prevent the comment spam from being sent by email.

michelle’s picture

michelle
she/her
Primary language English
Location Wisconsin, USA
commented

Sorry if I'm missing something, but I don't see how your response relates... This issue is asking for a new role to be added to Drupal.org to fit between maintainer and full on admin with php rights. I don't think you're suggesting moderating all posts and comments on drupal.org, are you? That would be far more work than deleting spam.

Michelle

Amazon’s picture

Amazon commented

Yeah, your are correct. My comments only apply to groups.drupal.org, due to subscriptions. I thought you were addressing the G.D.O spam you deleted for me.

michelle’s picture

michelle
she/her
Primary language English
Location Wisconsin, USA
commented

Ah, ok. No, this was from a conversation with chx much earlier in the day. There was a spammer that I deleted the junk from but no one was around to block. By the time someone was, he had spammed again. We've run into this a lot with maintainers able to clean up but not able to block and various solutions have been proposed. Making another role is something pretty simple to do that would help until a code solution gets on d.o.

Michelle

dww’s picture

dww
we/he/they
commented

only minor problem here is that there's no core permission for just blocking users. so, this new role would need full-blown "administer users" permission. certainly with regular contributors such as michelle, i'd have no problem granting them full administer users permission, but we should be clear this isn't just a role for blocking users.

that said, +1 from me. i like the "delete and block the author" stuff already discussed. i'd be just as happy to see that patched onto d.o, but if people would rather do this new role, i'm ok with that.

cheers,
-derek

michelle’s picture

michelle
she/her
Primary language English
Location Wisconsin, USA
commented

Yeah, that's true that it does give total user access. I think the point was that this is for someone that you trust enough to do the user stuff but don't want to give things like PHP access and administrating access control, etc. Personally, I don't even _want_ access to PHP. If the vote goes against the new role and I ever got to be a regular admin, I'd never ever touch it. The thought of my weak PHP on a site like this gives me the heebie jeebies. LOL

BTW, it's not so much a "rather do this" as "let's do this so we can at least do something because getting the code patched is taking so long".

Michelle

add1sun’s picture

add1sun commented

I'm with Michelle on this that a patch may be ideal but in the meantime it would be very helpful to have at least a few more people that can ban users so we can stop the spam mushroom (heh, that is kind of a gross mental image ;)) as soon as possible. So +1 to a role for now, even if it is eventually "replaced" by a patch for "delete and ban".

dww’s picture

dww
we/he/they
commented
Assigned: Amazon » dww

- created a "user administrator" role.
- gave it "Administer users" and "Access administration pages" perms.
- added Michelle, add1sun and AjK to the role.

if any other responsible site maintainers want to be able to block spammers, just reply here (or make a new infra issue) requesting that you're added to the role...

cheers,
-derek

dww’s picture

dww
we/he/they
commented
Status: Active » Fixed

actually, let's call this fixed. anyone else who wants in can find a full admin on IRC or file an infra issue.

Anonymous’s picture

(not verified) commented
Status: Fixed » Closed (fixed)