Blocked Users and Unexpectedly Hidden Posts


(Mittineague) #30

Hmmm, OK, thanks.

I’ll try to replicate on my localhost.

Got a rough idea as to how long after the block / unblock it happened?


(Bill) #31

Sorry for the late reply. It happened at the moment when he was blocked.


(Mittineague) #32

Hmmm.

My localhost is on Discourse 1.7.0.beta9
I Blocked a TL2 account the other day, and so far the members 3 posts have not become hidden.

I’m guessing that the act of Blocking in and of itself is not causing the problem, but that other factors are involved in some way.

eg. site settings, member profile settings, datetimes, screened email addresses, imported vs. newly registered account, etc.

This one won’t be so easy to troubleshoot.


(Bill) #33

Thanks for helping. We blocked this user because he started behaving inappropriately and many people flagged a number of his posts right before he got blocked. Could it have something to do with that?


(Mittineague) #34

I have a strong feeling it does even if it doesn’t make sense as far as my understanding of how things are meant to work.

The test account I Blocked the other day had received “notify moderator” flags on two of the three posts, both were deferred.
The posts have not become hidden.

There are some settings you may want to take a look at

Settings->Users

delete user max post age [default: 60]
Don’t allow deleting users whose first post is older than (x) days.

delete all posts max [default: 15]
The maximum number of posts that can be deleted at once with the Delete All Posts button. If a user has more than this many posts, the posts cannot all be deleted at once and the user can’t be deleted.

Settings->Posting

delete old hidden posts [default: checked]
Auto-delete any hidden posts that stay hidden for more than 30 days.

Settings->Spam

flags required to hide post [default: 3]
Number of flags that cause a post to be automatically hidden and message sent to the user (0 for never)

num spam flags to block new user [default: 3]
If a new user’s posts get this many spam flags from num_users_to_block_new_user different users, hide all their posts and prevent future posting. 0 to disable.

num users to block new user [default: 3]
If a new user’s posts get num_spam_flags_to_block_new_user spam flags from this many different users, hide all their posts and prevent future posting. 0 to disable.

num tl3 flags to block new user [default: 6]
If a new user’s posts get this many flags from num_tl3_users_to_block_new_user different trust level 3 users, hide all their posts and prevent future posting. 0 to disable.

num tl3 users to block new user [default: 4]
If a new user’s posts get num_tl3_flags_to_block_new_user flags from this many different trust level 3 users, hide all their posts and prevent future posting. 0 to disable.

I don’t think the “Users” settings are involved, AFAIK they are more for when an Admin wants to delete an account.

You may want to uncheck the “Posting” setting. Even if you have a recent backup, it seems like hidden would be better than deleted.

The “Spam” settings all say new user, which a TL2 should not be unless you also demoted the members trust level when you Blocked the account.

Otherwise AFAIK Flagged posts will become hidden if a Moderator Agrees - but only the Flagged post, not all of the member’s posts.


(Bill) #35

We’re using Discourse v1.6.8. I have checked those settings, nothing out of the ordinary. Just to be sure, I unchecked the “Posting” setting as you suggested.

It seems I have not been precise enough. The posts are “unlisted” and “invisible”, but not completely “hidden” (that only happens when I delete a post directly). Publicly, the posts show this:

"This post was flagged by the community and is temporarily hidden.
View hidden content."

The posts are still visible, but (1) they can’t be found using the search engine anymore, (2) their statistics don’t count for the user summary, (3) when the “view hidden content” button is pressed, the posts are shown in a few shades lighter, see example below (with user info blotted out). Note the difference in shade between the top text (other user) and the part that has become invisible to everybody else:


(Mittineague) #36

I’ve done some testing but have not reproduced the problem, even when giving sidekiq time to run jobs.

I started with a fresh account - HideGuy1
He made several posts, both gave and received Likes and visited every day. So he made it to Trust Level 2.
His account was Blocked.
His earlier posts did not become hidden.
He was unBlocked.

He then made 3 Spam posts that were Flagged by other members and became hidden.
No Staff took any action (Agree, Disagree, Defer, Delete) on the Flags.
His earlier posts did not become hidden.
His account was Blocked.
His earlier posts did not become hidden.
He was unBlocked and demoted to Trust Level 0.

As of yet, his earlier posts have not become hidden. But that may be because I haven’t waited for sidekiq to run again yet.

I did dig around the Core code a bit to see if I might notice anything in regards to what conditions might be involved.

I did not see anything obvious, however, this looks off to me (the >= instead of <=)


(Jeff Atwood) #37

It is not a great way to write code but it is correct. 24 hours ago is a negative time.


(Mittineague) #38

Thanks, I grok it now.

I got a bit lost in the “old time is less time than current time” logic. :blush:
That and being subconsciously biased in wanting to find a possible cause.


(Mittineague) #39

Well, I was able to replicate. But it took a lot of “not normal” to force it to happen.

  • Jan 3 - 3 of HideGuy1’s posts Flagged as Spam by various non-Staff members and hidden - no Moderator action taken
  • Jan 4 - HideGuy1 demoted to TL0
  • Jan 4 - HideGuy1 Blocked
  • Jan 12 - Moderator Agreed with Flags
    { interim of forum inactivity }
  • Jan 16 - sidekiq runs - System hides / deletes all of HideGuy1’s posts

(Jeff Atwood) #40

What do you think of the above @neil?


(Neil Lalonde) #41

Thanks for the detailed steps @Mittineague. I’m trying to repro and looking through the code for how those events could lead to all posts being deleted.

Sidekiq is obviously always running, so it’s weird that 4 days later a job got queued in sidekiq that caused all posts to be deleted.

“hides / deletes” means that some posts were hidden and some were deleted? I don’t follow.

EDIT: I can see that after demoting to TL0, agreeing with flags causes other posts to be hidden (which is the behaviour described earlier). That must be the cause.


(Mittineague) #42

Not in my case. I was running the test in my “discourse” VM install, so sidekiq only runs when I start up the VM guest.
I did so for a few days to see if it was the act of Blocking that did the deed.

Then I got busy testing a plugin I’m working on in my “discourse-test” VM install for a few days - hence the inactivity.

I tried sending you a copy of a db backup here, but only image files are allowed. But if you think it might help I can try sending it in a message at SitePoint.


(Neil Lalonde) #43

I might have a repro too, so no need for a db backup.


(Neil Lalonde) #44

To summarize the problem:

  1. Manually block a user from admin: this bypasses all other checks (num_spam_flags_to_block_new_user, num_users_to_block_new_user, etc.) to determine if the user deserves to be blocked. You’re telling the system that this person really needs to be blocked no matter what other protections exist.
  2. User is/becomes TL0: they’re new or don’t deserve any trust.
  3. Agree with a spam flag on a post belonging to the user: Combined with the above two strikes against the user, this is strike three: they’re posting spam!

It probably makes sense to limit what the punishment is:

  • Only hide posts that were made in the past 24 hours.
  • Check if trust level was locked at 0 (ie, they had earned trust in the past) and don’t hide other posts.
  • Only hide other posts if user is less than 24 hours old. (The “delete all posts” button exists if you need it.)
  • Something else?

(Jeff Atwood) #45

Additional protection checks here would be good, whatever is easiest @neil. This has been reported a few times.


(Mittineague) #46

I was looking for ways to do damage control.

The first thing I did was go to Admin -> Settings -> Posting and uncheck

delete old hidden posts [default: checked]
Auto-delete any hidden posts that stay hidden for more than 30 days.

HideGuy1 was reinstated to TL2 and unBlocked

HideGuy1 was able to edit the posts that had been Flagged and they again displayed. His editing other posts created a revision, but did not unhide them.

I can think of 2 ways to salvage the older posts.

  • craft a query something like "update posts set hidden = false where user_id = ## and hidden = true (untested)
  • use the admin wrench post by post (works)

The query approach would have the con of unhiding posts that might be better left hidden.
The wrench approach might be very time consuming.

I also noticed there was no differentiation between “regular” and “message” posts, nor when the post was an OP (i.e. the topic). All were hidden.


How to craft a query that unhides all hidden posts of a particular user
(Neil Lalonde) #47

The ones that you wouldn’t want to unhide should be the ones with the spam flags, so it should be easy to find them. There’s a spam_count column on the posts table.

That’s how we treat TL0 confirmed spammers.


No one is giving opinions about what change is needed here, so I’ll make the executive decision to choose this option:

  • Only hide posts that were made in the past 24 hours.

I changed my mind about checking if trust level was locked. It doesn’t mean that the user ever earned TL1. Also looking at age of the user doesn’t mean much. Scoping to last 24 hours handles the case that a quality user’s account was hacked, so keep their older posts and hide anything new.


(Neil Lalonde) #48

The fix was committed today.


(Jeff Atwood) closed #49