[SAC] more spammer accounts
Alex M
tech_dev at wildintellect.com
Wed May 11 11:40:52 PDT 2016
On 05/11/2016 10:56 AM, Sandro Santilli wrote:
> On Wed, May 11, 2016 at 07:39:44PM +0200, Martin Spott wrote:
>> Moggeeen !
>>
>> On Wed, May 11, 2016 at 07:20:49PM +0200, Markus Neteler wrote:
>>
>>> (it would be great to enable a second person to quickly remove
>>> spammers,
>>
>> Every primary admin can do.
>
> I just found out anyone with sudo powers on the "web" host can also do it.
>
> Markus, are you in that team ? Instructions to delete a user:
> https://wiki.osgeo.org/wiki/SAC:LDAP#Editing_the_LDAP_database
>
>> BTW, there are still 20175 user accounts on OSGeo LDAP and I'd guess
>> that approx. 95 % are dummy/spam accounts. By removing accouns ins
>> small chunks of 5 to 20 I doubt that we'll be able to silence this
>> spamming within a reasonable time frame.
>
> Agreed.
>
>> Instead I'd recommend to announce setting random passwords onto *all*
>> OSGeo LDAP accounts - except those whose owners explicitly ask for an
>> exception. And those who don't within 9 months will get removed
>> entirely.
>
> Sending the new password to the registered email ?
> Were those email addresses ever confirmed at registration time ?
> If they weren't, I guess we should be asking for confirmation
> shall we contact them all. Something like: click on this link
> within X days or your accout will get blocked. Could something like
> this be set in place ?
>
> --strk;
They were never confirmed, but once we create an email confirmation
flow, yes we could ask all existing users to confirm their accounts. I
do not want to bulk reset everyone before that mechanism exists
(hesitant to do so anyways).
Was the user registration re-enabled?
Thanks,
Alex
More information about the Sac
mailing list