Commit Graph

13 Commits

Author SHA1 Message Date
pmb 0356fe7997 Replace RDAP/ipwhois signup-IP classifier with ipapi.is
Flags datacenter, vpn, proxy, tor, and independently-scored abuser
signals instead of regex-matching RDAP org names; anonymous tier
covers 1000 req/day, well above signup volume.
2026-07-06 08:57:55 -07:00
pmb e62e3330e4 Only log suspicious-sweep actions, not routine no-op skips/clears
With the sweep now running every 10 minutes, the per-run 'N due' summary
and per-account skip/clear log lines (already-limited, staff, cleared by
activity, not found) were mostly noise drowning out the actual suspend/
silence actions. Those states are still recorded in suspicious_watch.status
for anyone querying the DB directly; only the taken action, dry-run
simulation, and error paths still log.
2026-07-06 07:11:23 -07:00
pmb 8b0e1eb5ab Lower suspicious-sweep grace window from 24h to 1h, tighten sweep cadence to 10min
Datacenter/hosting-IP-flagged signups are a strong enough spam signal on
their own that a full day of grace was mostly just delaying an inevitable
suspend. Cron cadence tightened from hourly to every 10 minutes so real
latency stays close to the new 1h window.
2026-07-06 07:07:43 -07:00
pmb 9924e06b5a Add suspicious-signup sweep: suspend flagged signups with no activity
Watches every account flagged by IP-scrutiny or email-domain scrutiny at
signup and, once it goes live, records a baseline post/follow count. A
scheduled sweep (app/suspicious_sweep.py, run via cron on admin.yttrx.com)
suspends any watch past SUSPICIOUS_GRACE_HOURS with zero new posts and
zero new follows since that baseline; any activity clears the watch.

Works whether yttrx is open-registration or requires moderator approval,
since the watch starts at whichever event actually makes the account live
(account.created vs account.approved), same dual handling the welcome flow
already uses. Needs ABUSE_BOT_TOKEN re-minted with admin:read:accounts.
2026-07-05 10:22:39 -07:00
waffle2k 656eec09c0 Add disposable/high-risk email signup scrutiny via check-mail.org
Classifies each signup's email domain (domain-only, GDPR-friendly) alongside
the existing IP scrutiny signal, with matching held-welcome and auto
email_domain_block behavior. A report against an account with a flagged
domain suspends immediately (no reporter-count threshold) and blocks the
domain, classified live from the report payload rather than any signup-time
record so it also covers pre-existing accounts. Ships CHECK_MAIL_DRY_RUN=true
by default, independent of ABUSE_DRY_RUN, so the new report-triggered suspend
path stays inert until watched.
2026-07-03 09:08:30 -07:00
pmb 6ad9a93f38 Document /root/bin as the real install location (symlinked from /usr/local/bin) 2026-07-02 16:57:03 -07:00
pmb 0fd6f1c142 Fix welcomebot-signups: heredoc instead of -c string to avoid bash/python quote clash 2026-07-02 16:56:21 -07:00
pmb 00dec0266c Fix f-string quote escaping bug in welcomebot-signups 2026-07-02 16:54:14 -07:00
pmb 37577fbb56 Add welcomebot-signups CLI to inspect signup-IP classification history 2026-07-02 16:53:36 -07:00
pmb 0a196c3788 Add --ip filter to welcomebot-logs for signup-scrutiny decisions 2026-07-02 16:51:24 -07:00
pmb 0c51b186ac Note pre-git backup removal 2026-07-02 16:42:25 -07:00
pmb 78d4f7961f Document git-checkout deploy workflow (replaces rsync) 2026-07-02 16:35:43 -07:00
pmb c0e5df3cc4 Initial commit: welcome-bot, abuse-bot, dormant-sweep, IP signup scrutiny 2026-07-02 16:22:30 -07:00