Wishlist: Prevent new users from taking spammy actions

I implemented the following additional features:

1. Probationary users can't create public pages or public profiles.
2. Probationary users can't post links in wall posts, feedback, or private messages.

Some of the existing spam pages and wall posts are just messages with obfuscated links, or an email address or domain name, and the only way to catch those is with a Bayesian filter. However, I'm hoping that by restricting the ability to create public-facing spam content with direct links in it, it will lower the site's value enough to prevent them from spamming it. This was only deployed a couple of days ago, and our spam tends to come and go in waves, so we'll have to wait and see whether it works.

Seems like it's working. Haven't seen any spammers over the last few days (except one who didn't post links). :-)

Since deploying this to Mahara.org on Nov 18, we've seen only one spam forum post (which as Kristina mentioned, didn't include any links).

And since deploying the expansion on Nov 21, I've seen only one spam Page. It was shared with Logged-In users, but not with Public, because the user was still probationary. I suspect that it's a spammer who created the page and then realized only afterwards that they couldn't make it visible to the outside world.

At some point we should set someone looking through all the user accounts to delete the spam ones, though. I went and looked through all the wall posts created in November 2013 and found that there were 42 accounts created during that month whose sole content consisted of a spam wall post on their own profile page's wall. This was all before Nov 21 when I blocked external links in wall posts, so that's about 2 accounts per day.

Overall in November 2013 there were 970 user accounts created, of which we suspended 94 for being spammers (nearly all of them before Nov 21).

The new measures you put into place are great, Aaron, and we should put them into core with a view for the admin to configure the settings.

Yes, we should try to upstream this stuff for 1.9. It still needs some cleanup. For now I've pushed it into the "newuserprobation" branch in my gitorious repo: https://gitorious.org/mahara/agwells-mahara/source/d73b9ccd528739fcf37eebb376e1733cf9efa9f4:

If you need to remove a user from probation you currently will need to go and manually update the db, eg:

UPDATE usr SET newuserpoints = 0 WHERE username = 'newly_joined';

It would be a useful feature to have if one could remove probation via the admin interface.
- Possibly on the bulk actions page one could have a button 'Remove probation' and so could update a bunch of users at once.
- possibly as a select box on the admin user edit page where an admin can select probation = 0

Patch for "master" branch: https://reviews.mahara.org/3065

Patch for "master" branch: https://reviews.mahara.org/3068

Patch for "master" branch: https://reviews.mahara.org/3069

I've pushed a couple of additional patches to let admins see and edit user probation points, individually or in bulk.

Reviewed: https://reviews.mahara.org/3069
Committed: http://gitorious.org/mahara/mahara/commit/4bc3364abf595dfffe02016c70cd6d66f141cb3c
Submitter: Aaron Wells (<email address hidden>)
Branch: master

commit 4bc3364abf595dfffe02016c70cd6d66f141cb3c
Author: Aaron Wells <email address hidden>
Date: Wed Mar 5 17:44:57 2014 +1300

Let admins bulk-edit users' spam probation status

Bug 1252101

Change-Id: Id576efdb352156a5e70a03c319e47f23cfdbc558