Removal of users by spam should not hard delete
A few bugs listed in here:
GitLab: we removed all my personal projects because we received a spam report from a user that was created 10 minutes before the spam report was made. A human error was made and all my projects were deleted. No hard feelings. One aftereffect is I cannot create any new projects. Any new projects I create are deleted immediately or within the next 30 minutes.
In my opinion, I understand that we get massive amounts of spam. Deleting the wrong user should be a big no no. It was human error, which is real and no one's fault. Let's prevent the human error by soft deleting users accounts and their projects.
In other-words: have a column in the DB for users and their projects like
soft_delete which is a
timestamp which marks when the delete occurred. The user sees his stuff deleted because from the outside it looks deleted. But internally we can just remove the timestamp and everything goes back to normal. We have a job that runs every day, every few hours, or how ever much it needs to be run, and deletes all those users, projects etc., (because by that time we would be absolutely sure) when the timestamp older than say 48 hours. At least give the user some time to realize a possible mistake has been made.
This would save a lot of debugging time from the team. Also these deletes should have their own database mark on them that says they were deleted because of spam. So there would be no question later. Instead of it looking like it was a user who performed the action. Which made the team think I deleted it purposefully. The only thing that tells you it was not purposeful is the fact that the user who did it is @MrChrisW. It would be better if it said the reason for delete was spam.
This isn't the spam removers fault. Human error is natural. Deleting the wrong users permanently should not be possible.
Bugs in this issue:
- After spam deleting me (not removing my user account but deleting all projects), I cannot create new projects without them getting deleted.
- Add a soft delete when deleting users for spam.
- Add something to the record that says this user was deleted because of spam.
I'm moving this to Gitlab CE since it's related to CE code, not our infrastructure in general.
@jschatz1 I'm going to try and treat this like a meta issue for the incident.
I wanted to throw some UX Frontend feedback in here, the abuse reports section is a little neglected https://gitlab.com/gitlab-org/gitlab-ce/commits/master/app/views/admin/abuse_reports/index.html.haml and it becomes unwieldy when dealing with a large number of reports. Specifically the column titles do not follow on scroll, so it's hard to keep track of who is the "spam" user vs "reported" user. We also use an
alert()before removing a user (what year is this?).
...timestamp older than say 48 hours...
48 hours are very less, what if the user is on vacation, on flying, or away from network. Can it be like two weeks, with email notifications sent to user multiple times? Like you have been reported for Spam, please justify to restore your data (from soft delete).
Would this kind of issue (deletion wait) be possible to expand to project deletion as well? Could be a decent feature to add some safety to project deletion.