New user deleted for "spam" posts


(mbajur) #1

I have just encountered a weird behaviour of my discourse instance.

User has registered to post a topic about selling few things in his shop and he linked his product in two posts in that topic (but that’s ok - i have a special category for such announcements). Discourse decided this user is a spammer, removed his posts and topic and REMOVED him from the database. Isn’t that too much? Wouldn’t it be enough to just block/ban him instead?

Is there any way to disable this behaviour? I can’f find any setting for this.

Thanks!


(Neil Lalonde) #2

I don’t know of a way for Discourse to do this in a fully automated way. When an admin flags a post as spam, they’re given the option of nuking them immediately. What you’re describing sounds like this is what happened.

You can look in Admin > Logs > Staff Actions to see if someone did that.


(mbajur) #3

I can confirm that it was not done by any staff member - i’m mostly the only admin on my forum. Also, i can see in the logs that system user deleted the account and posts


(Jeff Atwood) #4

I’m not aware of any code path where system would ever delete users, except in the case of unverified users – people who sign up and never confirm their email address so they have never really logged in.


(mbajur) #5

Is there any way I can prove it really happen to you guys? Or help you somehow debug that?

I can give one of stuff members admin access to my Discourse if needed. Anyway, if you guys don’t know any possible scenario and it really happened - that sounds like a really ugly bug


#6

You use the word “mostly” here.

What does that truly imply in your situation?

My intuition (for what it may be worth to you) says that “mostly” you say may indicate some one who has some sorta access to the system account.


(mbajur) #7

Ok i used wrong naming in here, I am the only admin on it :slight_smile: I used that word cause there were other admins few years ago (my forum is migrated from old phpbb) but they are not using the forum anymore. Even if they would (they wouldn’t), I can be sure they would not do such thing

I can assure you that it was not a human factor involved in here.


#8

Haha, that I do agree.

I would not be so sure about that.

I suggest checking the IP addresses related to the system account just to be absolutely sure your faith of your previous admins is sound.


(Mittineague) #9

Are you certain Discourse did this?

My guess is the member deleted their own account,


#10

Would it be marked as spam in the logs if a user deleted their own?


(Mittineague) #11

I don’t think self-deleting would mark a post as spam.

What I’m thinking the steps might have been.

  • account created
  • post made
  • post in one way or another identified as spam (entered into logs)
  • member got some type of “your post” message
  • member deleted account
  • (almost) all trace of the account ever having existed removed

(Jeff Atwood) #12

Self delete is possible if the user has 1 post or less.


#13

That sounds highly plausible. My only concern (which is based on intuition, so aye, take it for what you will) regards the OP’s text here:

User has registered to post a topic about selling few things in his shop and he linked his product in two posts in that topic (but that’s ok - i have a special category for such announcements). Discourse decided this user is a spammer, removed his posts and topic and REMOVED him from the database. Isn’t that too much? Wouldn’t it be enough to just block/ban him instead?

Logically, this sounds like @mbajur set the bar low on what is considered spam so this does not happen to all topics which have this same behavior.

Be why he is posting this as a bug, I presume. It worked before, now not.

He could have deleted himself, aye.

But the question is, would a self-deleted user’s account and topic/post be entered and classified as spam in the logs?


(cpradio) #14

I just looked through our logs, in the past 23 days system has never deleted a user.

Here is a fun way to figure it out though

As an Admin/Moderator, visit the following URL
https://example.com/admin/logs/staff_action_logs.json?acting_user=system&action_name=delete_user&action_id=1

That will give you a json output for the system user where the action was delete user. What I found was of the 200 entries returned 191 of them were system deleting abandoned accounts (accounts that never verified via email). 8 of the remaining were the user deleting their own account. The last is unknown…

Here is the oddball out of the entire list

    "action_name": "delete_user",
    "details": "id: 245486\nusername: arhankhan\nname: \ncreated_at: 2016-09-11 13:47:06 UTC\ntrust_level: 0\nlast_seen_at: 2016-09-11 14:18:47 UTC\nlast_emailed_at: 2016-09-11 13:48:09 UTC",
    "context": "/",
    "ip_address": "*************",
    "email": "****************@gmail.com",
    "created_at": "2016-09-11T14:19:19.711Z",
    "subject": null,
    "previous_value": null,
    "new_value": null,
    "topic_id": null,
    "post_id": null,
    "category_id": null,
    "action": 1,
    "custom_type": null,
    "acting_user": {
      "id": -1,
      "username": "system",
      "avatar_template": "************************"
    },
    "target_user": null

What is interesting is it all happened within 30-40 minutes from joining. Those that self-delete have the following context value "context": "/users/username/preferences",, those that were deleted due to being abandoned have "context": "Automatically deleted as abandoned, deactivated account",

This oddball has neither. :confused:, though with it happening within 30-40 minutes, obviously the user likely didn’t have a bunch of posts/topics either.


(Erlend Sogge Heggen) #15

Sounds like another one of those issues which prompted me to make this request: