Ban spammers that attempt to delete their accounts (!120901) · Merge requests · GitLab.org / GitLab

Ian Anderson requested to merge spammer-account-deletion into master May 16, 2023

What does this MR do and why?

Changes merged in !118887 (merged) add a 7-day cool off period for account deletion to ensure that content generated by spammers can be caught before it is migrated to the ghost user.

This MR expands that functionality by automatically banning spammers (identified by their spam score) who attempt to delete their accounts within 7 days of creation. Banning will immediately hide the user's content.

Screenshots or screen recordings

Screenshots are required for UI changes, and strongly recommended for all other merge requests.

How to set up and validate locally

Numbered steps to set up and validate the change are strongly suggested.

In rails console enable the delay_delete_own_user feature
```
Feature.enable(:delay_delete_own_user)
```
Create a new user to be used as a spammer

Add a spam score for the new user that is > 0.5

Abuse::TrustScore.create!(user_id: <SPAM USER ID>, source: :spamcheck, score: 0.9)

As the spam user log in and attempt to delete your account
Log back in as and admin user and verify that an abuse report is created and that the spam user is banned.

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

I have evaluated the MR acceptance checklist for this MR.

Edited May 19, 2023 by Eugie Limpin

Ban spammers that attempt to delete their accounts

What does this MR do and why?

Screenshots or screen recordings

How to set up and validate locally

MR acceptance checklist

Merge request reports