From 41f5c81c149dc068ed7b13ee9a3bfaffd3069f8c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?St=C3=A9phane=20Gigandet?= Date: Thu, 14 Apr 2022 11:57:58 +0200 Subject: [PATCH 1/2] fix: check for user creation spam #6615 --- lib/ProductOpener/Users.pm | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/lib/ProductOpener/Users.pm b/lib/ProductOpener/Users.pm index be1ec1397d111..22d5084be4f20 100644 --- a/lib/ProductOpener/Users.pm +++ b/lib/ProductOpener/Users.pm @@ -334,6 +334,20 @@ sub check_user_form($$$) { $user_ref->{display_barcode} = !! remove_tags_and_quote(param("display_barcode")); $user_ref->{edit_link} = !! remove_tags_and_quote(param("edit_link")); + # Check for spam + # e.g. name with "Lydia want to meet you! Click here:" + an url + + foreach my $bad_string ('click here', 'wants to meet you', '://') { + if ($user_ref->{name} =~ /$bad_string/i) { + # log the ip + open(my $log, ">>", "$data_root/logs/user_spam.log"); + print $log remote_addr() . "\t" . time() . "\t" . $user_ref->{name} . "\n"; + close($log); + # bail out, return 200 status code + display_error("", 200); + } + } + # Check input parameters, redisplay if necessary if (length($user_ref->{name}) < 2) { From fb9164301f678d9b22de698966a4a38e0cceb4df Mon Sep 17 00:00:00 2001 From: off Date: Thu, 14 Apr 2022 13:47:20 +0200 Subject: [PATCH 2/2] script to remove spam users #6615 --- scripts/delete_spam_users.pl | 80 ++++++++++++++++++++++++++++++++++++ 1 file changed, 80 insertions(+) create mode 100755 scripts/delete_spam_users.pl diff --git a/scripts/delete_spam_users.pl b/scripts/delete_spam_users.pl new file mode 100755 index 0000000000000..73e68a9e7effd --- /dev/null +++ b/scripts/delete_spam_users.pl @@ -0,0 +1,80 @@ +#!/usr/bin/perl -w + +# This file is part of Product Opener. +# +# Product Opener +# Copyright (C) 2011-2019 Association Open Food Facts +# Contact: contact@openfoodfacts.org +# Address: 21 rue des Iles, 94100 Saint-Maur des Fossés, France +# +# Product Opener is free software: you can redistribute it and/or modify +# it under the terms of the GNU Affero General Public License as +# published by the Free Software Foundation, either version 3 of the +# License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Affero General Public License for more details. +# +# You should have received a copy of the GNU Affero General Public License +# along with this program. If not, see . + +# Script to remove spam users created by a spammer +# https://github.com/openfoodfacts/openfoodfacts-server/pull/6616 + +use CGI::Carp qw(fatalsToBrowser); + +use Modern::Perl '2017'; +use utf8; + +use ProductOpener::Config qw/:all/; +use ProductOpener::Store qw/:all/; + +use File::Copy; + +my @userids; + +if (scalar $#userids < 0) { + opendir DH, "$data_root/users" or die "Couldn't open the current directory: $!"; + @userids = sort(readdir(DH)); + closedir(DH); +} + +my $i = 0; + +my @emails_to_delete = (); + +my $spam_users_dir = "$data_root/spam_users"; + +if (! -e $spam_users_dir) { + mkdir($spam_users_dir, oct(755)) or die("Could not create $spam_users_dir : $!\n"); +} + +foreach my $userid (@userids) { + + next if $userid eq "." or $userid eq ".."; + next if $userid eq 'all'; + + my $user_ref = retrieve("$data_root/users/$userid"); + + if ((defined $user_ref) and ($user_ref->{name} =~ /:\/\//)) { + print $user_ref->{name} . "\n"; + push @emails_to_delete, $user_ref->{email}; + move("$data_root/users/$userid", "$spam_users_dir/$userid"); + $i++; + } +} + +my $emails_ref = retrieve("$data_root/users/users_emails.sto"); + +foreach my $email (@emails_to_delete) { + delete $emails_ref->{$email}; +} + +store("$data_root/users/users_emails.sto", $emails_ref); + +print $i . "\n"; + +exit(0); +