TurnKey Linux Virtual Appliance Library

Headless PHP Drupal script deletes spam zombie user accounts

For for the last few months automatic bots have been creating hundreds of zombie accounts per day on the TurnKey web site. I'm not sure why they bother. I assume it has something to do with spamming, but they never log in. Besides, spam almost never gets past our content filter (Mollom) and when it does we always nuke it. Zero tolerance.

Brains...

Meanwhile these zombie accounts are polluting my precious database, and that bothers me. Besides, call me prejudiced, but I just hate zombies. You're either alive or you're dead. Pick a side!

We could enable CAPTCHA but we'd rather make user registration more complicated only as a last resort.

So I wrote a quick and dirty script to delete all 38489 zombie accounts on the TurnKey Linux web site. As you can see below my definition of a zombie user is one that has never logged in or accessed the site, and is over a week old.

<?php

   error_reporting(E_ALL);
   require_once './includes/bootstrap.inc';
   drupal_bootstrap(DRUPAL_BOOTSTRAP_FULL);

   print "<pre>";

   $results = db_query("select uid, name, mail, access, created, login
                        FROM users WHERE created != 0 AND login=0 AND access=0");

   $i = 0;
   while ($result = db_fetch_object($results)) {
       print_r($result);
       $daysago = ((time() - $result->created) / (24 * 60 * 60));
       printf("created = %s, days ago = %d\n",
              date("Y-m-d", $result->created), $daysago);

       print "n";
       if($daysago < 7)
           continue;

       user_delete(NULL, $result->uid);
       $i += 1;
   }

   print "COUNT: $in";
   print "</pre>";
   ?>

Hope somebody else finds this useful!

You can get future posts delivered by email or good old-fashioned RSS.
TurnKey also has a presence on Google+, Twitter and Facebook.

Comments

Small correction to the script

I noticed two things in the script which probably were intended slightly different. Even though it wouldn't affect the workings, it affects the clarity of the output - which goes to how we manually confirm that it actually does work:

  • Just below the while loop, there's a print_r call. My best guess is that that should not be there - as it confuses output. It's very useful for debugging though ;)
  • Just above the if ($daysago < 7) it says: print "n";, I guess this should have been
  • 		print "\n";
  • to create a new line in the output rather than print an n.
Liraz Siri's picture

Weird quoting issue

Thanks for pointing that out. I'll fix it in the post above. The line is correct in the original script so this must be a weird quoting issue.

Where would you place this

Would you place this is the Drupal root directory?

I too have had this problem and periodically deleted them by hand!

Perfect

It worked perfectly, I just changed a little the search query "select users.uid, name, mail, access, created, login, rid FROM users, users_roles WHERE users.uid = users_roles.uid and created != 0 and rid = 5" in order to remove all accounts that were created for a specific role and were older than 7 days no matter if there is any content associated or if was accesed or not. Thank you very much!

Post new comment

The content of this field is kept private and will not be shown publicly. If you have a Gravatar account, used to display your avatar.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <p> <span> <div> <h1> <h2> <h3> <h4> <h5> <h6> <img> <map> <area> <hr> <br> <br /> <ul> <ol> <li> <dl> <dt> <dd> <table> <tr> <td> <em> <b> <u> <i> <strong> <font> <del> <ins> <sub> <sup> <quote> <blockquote> <pre> <address> <code> <cite> <strike> <caption>

More information about formatting options

Leave this field empty. It's part of a security mechanism.
(Dear spammers: moderators are notified of all new posts. Spam is deleted immediately)