Jump to content

Hide 'Flag as Spammer' option for users with a minimum of x posts + soft delete?


ogbrandon

Recommended Posts

I think the 'Flag As Spammer' feature is a little dangerous for forums as moderators could easily flag any member as spammer. Even those with lots of posts (for example 1000).

And I'm sure many people have configured this feature so it will automatically delete all of the users posts and empty their profile.

My suggestion: Give us a setting in the ACP where we can specify the maximum amount of posts a user may have in order to make the 'Flag as spammer' option available for them.

On another note: I would love to see a soft-delete option for the "Action to take when a member is flagged for spamming" checkbox instead of the current hard-delete option.

Link to comment
Share on other sites

When setting up Moderators, there is an option to allow or deny them access to the 'Flag as Spammer' feature.

Personally, if you've got moderators that are abusing this, they need demoted or fired. If you don't want to give them the temptation, don't allow 'Flag as Spammer' to delete content.

One of my favorite sayings:

A feature can be idiot proofed only so much before you find a bigger idiot..

Link to comment
Share on other sites

I'm not really talking about abuse. I believe it should simply not be possible for a moderator to delete thousands of posts with a single click. Considering this content cannot be restored without a sql backup.

Things can happen on accident sometimes.

Link to comment
Share on other sites

Back in 3.3, it did only unapprove posts. However, now that you've flagged the member as spam you have dozens of posts that you now have to manually clean up with no tools to mass manage them.

What's your post cutoff as a recommendation? I've seen spam bots create hundreds of topics and posts in a matter of minutes... So it's not outside the realm of possibility to have A LOT of content that would be really nice to remove in one click.

Link to comment
Share on other sites

  • 3 weeks later...

When setting up Moderators, there is an option to allow or deny them access to the 'Flag as Spammer' feature.

Personally, if you've got moderators that are abusing this, they need demoted or fired. If you don't want to give them the temptation, don't allow 'Flag as Spammer' to delete content.

One of my favorite sayings:

I see his point and it's something that I think about often.

What if someone get ahold of a moderator's password and goes on a member by member deleting spree?

Link to comment
Share on other sites

You can set the number of days of post to delete, if this is an issue, set it to 1-3 days etc.. then you would never get thousands of post deleted by accident. You can also set it to not delete any if you wish and only ban the user etc.

Link to comment
Share on other sites

I see his point and it's something that I think about often.

What if someone get ahold of a moderator's password and goes on a member by member deleting spree?

What happens if the admin's account password is compromised? They can go into the AdminCP and do even more damage.

You should ensure your moderators and admins have adequate security on their accounts. That should be a given, though.

Link to comment
Share on other sites

You can set the number of days of post to delete, if this is an issue, set it to 1-3 days etc.. then you would never get thousands of post deleted by accident. You can also set it to not delete any if you wish and only ban the user etc.

I have set all of mine to 3 days worth of posts to delete. A better solution would be to hide the posts though. Than, at a later time, admins could delete all of their topics through the CP.

What happens if the admin's account password is compromised? They can go into the AdminCP and do even more damage.

You should ensure your moderators and admins have adequate security on their accounts. That should be a given, though.

This topic isn't in regard to the Admin CP though - it's about flagging members throught the front end of the site. If they gain admin access, that's a different worry.

Agreed on having the moderators have a strong password.

There should be an option to hide posts when flagging a member for spam though rather than deleting them.

Link to comment
Share on other sites

Let me provide another example...

Super Moderators, visit a forum index and click 'Forum Management'. There is an option there to prune / mass move topics. If your moderator account is compromised, they can delete ALL content in an entire forum from the front end as that appears to be your concern.

I don't disagree with more options for administrators, however the ultimate issue you have with this feature is you don't trust your moderators. If you don't trust them, they shouldn't have this ability. Force them to report the content so someone you do trust can handle it.

Link to comment
Share on other sites

If you have moderators that are abusing this feature then this is a problem with your community, not the "flag as spammer" tool and your members should not be moderators anyway. I disagree that this feature should be restricted. Not all of us have this issue and it just represents the idea that you chose the wrong members to be moderators.

Perhaps you need to develop rules for your moderators that if they abuse their powers as moderators, that they will be banned from your forums permanently. I have never had a problem with moderators on my forums abusing this feature. Matter of fact, they rarely use it, because we don't have a problem with members of my community acting out of sort. From time to time, I do do trolls who register for an account, post soomething slanderous and then leavre, but that I ban those members on the spot when I discover them.

If you don't have a handle on your community, then that goes to your administration of your community, not the feature. Used correctly, it's an effective tool. But, it just sounds to me that soome IPS clients are more concerned with actual posting numbers rather than properly managing their community.

Link to comment
Share on other sites

We have 5 dozen forums and while I've never had the system abused by a moderator on any site, I have to agree with the topic started that the very essence of not have an option of hiding posts, etc. is a security risk to any forum.

It's not totally about trusting a moderator - it's about if a moderator's account is comprimised, etc.

Link to comment
Share on other sites

I don't think it should be disabled but what I'm saying is that if you have a suspicion about a moderator, then that member should not be a moderator in the first place. Also, you said that someone would be worried about a moderator's account getting compromised. Well, if someone is so paranoid of that happening, then that administrator should just shut down their site.

I'm simply saying that it doesnt do any good to worry about "what ifs". if you're that worried, then just shut down your site. I don't let things like that bother me too much because I keep my site under the radar and I always recommend that my registered members change their forum display name after they register so that their login username is different from their forum username.

Link to comment
Share on other sites

  • 1 month later...

The main problem with the 'flag as spammer' feature is that it's too easy to hit it and cause catastrophic data loss especially when using the mobile template, where an errant touch is all it takes to wipe out potentially thousands of posts. As far as I'm concerned, this is less an issue of trust and more one of how easy it should be to cause unrecoverable damage. Hopefully version 4 will add at the very least a confirmation prompt.

As for the current version, I found it to be quite simple to hide the button/link based on user posts. Do a search for authorspammer in your templates, and it should bring up a result in two files: profileModern and showCard. For each one there should be an <if> like this:

<if test="authorspammer:|:$member['spamStatus'] !== NULL && $member['member_id'] != $this->memberData['member_id']">

We want to add && $member['posts'] <= 10 to the end of that, so it becomes:

<if test="authorspammer:|:$member['spamStatus'] !== NULL && $member['member_id'] != $this->memberData['member_id'] && $member['posts'] <= 10">

Do this in both files and the 'flag as spammer' button/link will no longer appear for any users with more than 10 posts (you can set whatever limit you feel comfortable with of course).

This isn't bulletproof as any moderator with access could theoretically directly go to the URL if they can guess it, but they'd have to be pretty damn determined to cause trouble.

In the likely event that you're also using the mobile theme (where it's even easier to accidentally click 'flag as spammer'), you need to do exactly the same thing for that theme's templates too.
Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...