Closed (fixed)
Project:
Drupal.org site moderators
Component:
Spam
Priority:
Normal
Category:
Task
Assigned:
Unassigned
Reporter:
Created:
12 Aug 2015 at 15:03 UTC
Updated:
31 Aug 2015 at 15:44 UTC
Jump to comment: Most recent
I received a fairly commercial mail this morning inviting me to use a Drupal extension that is not hosted on Drupal.org. I noticed that the "Hi ," username token was broken, so I assumed this person was doing it a lot and went looking in the db and found:
mysql> select count(1), from_unixtime(max(timestamp)), from_unixtime(min(timestamp)) from watchdog where type = 'mail' and location like 'https://www.drupal.org/user/%/contact' and uid = REDACTED;
+----------+-------------------------------+-------------------------------+
| count(1) | from_unixtime(max(timestamp)) | from_unixtime(min(timestamp)) |
+----------+-------------------------------+-------------------------------+
| 40 | 2015-08-12 14:05:07 | 2015-08-12 09:13:32 |
+----------+-------------------------------+-------------------------------+
1 row in set (0.00 sec)
mysql>
I think 40 contact form messages is the max possible.
Looking at the full watchdog for this individual the events follow a similar pattern of 10 contact form submissions, getting a 403 while trying to send another mail, pausing for a little over an hour, and then hitting 10 more pages.
I've removed the UID of the account doing this. Not sure what the appropriate way to handle this is.
Comments
Comment #2
gregglesComment #3
dddave commentedHow many? How about 1? Block the user asap.
Comment #4
gregglesSpam is more clear cut - this message was vaguely commercial by promoting a plugin and offering free access to a paid service.
Comment #5
dddave commentedWe are quite strict with unsolicited/unwarranted usage of the contact form. If it is automated I'd say block outright, spam or not. Otherwise contact the user and explain what the contact form is for and for what is it not.
Comment #6
gregglesAlso, I mailed the person back saying their mail seemed inappropriate to me and they've accepted that and stopped.
So...I think this is OK for now.
I mostly wanted to try to get an answer to the question if a mildly spammy message sent 40 times in 4 hours crossed the line.
Comment #7
dddave commentedMy opinion: unequivocally yes.
Comment #8
WorldFallz commentedI would also make a request for transparency.
In all the other issues we've had for similar contact form infractions (it's happened quite a few times over the years), we linked the user in question as well as included a copy of the content of the email. We also invited the user to participate in the issue and go on the record as stating they understand the rules and won't do it again.
Aside from being uncomfortable that this case is being treated differently, it will be impossible for anyone else to know if this user starts up again if they don't who the user is or what the email said.
Comment #9
gregglesHi WorldFallz, I appreciate the request.
I don't think it would be appropriate to name the individual in this thread since I've released information from the db that would not normally be available to the public.
I apologize for not following the standard of asking them to reply on a public thread stating they'll follow rules - that's a new process to me, but if I get involved in questionable-post issues again I'll do my best to follow it.
Comment #10
gregglesForgot to do this status change back in #6.