Hi there,
Just a small annoyance when a user gets reported for spamming, when agreeing with the flag and suspending the user there should be a “spammer” option pre-selected in the list of reasons so we don’t have to type it each time.
Also when flagging a user as a spammer I can’t think of a reason to ever want to restore the account, so it should auto-select the suspension period until “forever” by default.
I’m curious – you don’t just delete and block spammers via the spam post? I’m interested to hear your process.
Hi @HAWK , this is when users flag a post as spam and I handle it in the Review interface. It asks me something like “Is this post spam?” and I reply with the Yes > Delete post and suspend user option (the strings are approximate from my memory), which then brings up the popup from my screenshot.
But even if I notice a spam post myself as moderator/administrator I wouldn’t just delete the post, I would also suspend the account so they don’t keep spamming. To do that I would open the user’s account settings under /admin/users/.../... and hit the the Suspend button there, which brings up the same popup that requires entering a reason and a duration.
Another option would be to simply delete spammer account, which also gives an option to block their e-mail/IP address from signing up for a new account, seems like this would be better option instead of permanent suspension.
Being suspended is traditionally a temporary thing, as in if a student is causing a lot of problems for a school they may be suspended for a week or month, but that is completely different from being expelled and not given a second chance to try to do better and be able to graduate.
In case you don’t know the option to delete a user is at the bottom of the user admin page, right next to option to anonymize. Option to anonymize would be to keep a user’s posts but still terminate their account.
Hi @anon65426961 , that is an option, but it’s not integrated with the Reports review workflow. Also I personally prefer to keep the suspended accounts in the database and not block their IP, 1) to possibly increase the effort barrier for spammers that use registration emails like Gmail that require a fair bit of work to sign up and so they don’t just re-use the same email to sign up again after I delete their account, and 2) because the IPs are often in large shared IP blocks that may later be assigned to a legitimate user and I prefer not to block them.
Oh interesting, I don’t know anything about the reports review workflow.
This seems like that might be a better idea to keep accounts as being suspended in the database instead of deleting them. There is an option to delete account only and not block email/IP, but no option to block only email it is to block both IP and email (as you already know, and had requested feature to block only email in that other thread), maybe that is an option they can add in down the road.
There’s another thread with some talk about this here:
@jordan-vidrine it sounds like a pretty easy fix to just add Spammer to this dropdown. Any objection?
I agree with this very much. In some cases, everyone in a large area appears to be the same ip. And if you don’t pay for the professional version, the service under the protection of Cloudflare will not expose the real ip. Therefore, I dare not use the function of banning ip, it will seriously injure our excellent users by mistake.
I believe Cloudflare sends real IPs in the Cf-Connecting-IP header, did that change recently?
Yeah? I’m not very good at this. This is what the server maintainer I work with told me. I remember she told me that there is an extra charge for passing the real ip
Was this missing from the sites you’re referring to?
All CloudFlare accounts can see the connecting IP assuming the discourse instance is configured correctly to use the provided template.
We’ve recently made it easier for moderators to do the right thing with posts flagged by Akismet.
Copy/pasting what was done from github for visibility:
What is this change?
Several pieces of feedback suggests that the review actions for posts flagged by Akismet are confusing. Since there is conceptually little difference between a post marked as spam by a human and a computer, this PR brings the options more in line with what we have for posts marked as spam in core.
Before
After
I know this is old, but I am not sure anyone else has provided this context yet…
I keep them suspended (permanently) to keep all the records of their actions easily available to identify sock puppet spammers. I have identified close to 10 accounts as clearly being the same actor and used that to help me block new spam as it arrived. If I just (say) blocked IP they would switch IP and I wouldn’t have that as one of the many signals that I use to identify spammers. This has been a hugely useful tool for keeping my site free of new spam in practice.
Good point! It’s not a simple problem to tackle.
Personally I’d very much want to distinguish organised drive-by spam from other kinds of individual misbehaviour. I’d also want to be very careful about the possibility of compromised accounts: I’ve seen it happen that an account was deleted after making several spam posts, losing very many earlier substantive posts. It was the same account, but obviously (to me) not the same person. A suspension or anonymisation would have been far preferable.
In a nearby thread there’s the hint of a suggestion that it’s not wise to delete TL2 or higher accounts without some reflection. Of course, TL0 accounts which post spam should have a much lower threshold.
It might be good for guidance and the user interface to reflect the possibilities: what might be happening, and what might be a good response.
I’ve seen people (perhaps traumatised people) express that they hate spammers and want to act with extreme prejudice. What they miss is that they mean people, whereas they act on accounts, and accounts have histories.
Thanks for the heads-up. Has any consideration been given to these features for regular “spam” report handling?
