Howto to a delete lot of Zope/Plone/CPS User account ?

Posted on by

In a previous post, I study the way some spammers use plone user folder to spam my blog. But this time, it’s my turn. I host since a little time right now, a small CPS
website for my work. And I discovered a lot of spammer user account on it.

The main issue, is that I haven’t unset the “joinable” flag, so everybody can create a account. By the way password are sent, spammers doesn’t manage to post stuff in the personnal area.

With 300 users, and only 4 valids, I need to find a way to clean the acl_user folder. Last time I used twill, this works really great, so I decided to use the same stuff for Zope.

Here my little script:

#!/usr/bin/python

LOGIN='foo'
PASSWORD='far'

LOGIN_URL='http://your_server/manage_main'
USER_URL='http://your_server/acl_users/manage_users'
GOOD_USERS = ['jkx','foobar']

import twill

def delUsers():
   twill.commands.go(USER_URL)
   form = twill.commands.showforms()[0]

   usernames = form.possible_items('names:list')
   for u in usernames:
      if u not in GOOD_USERS:
         twill.commands.formvalue(1,'names:list',u)

      twill.commands.showforms()
      twill.commands.submit(3)

def doLogin():
   twill.commands.go(LOGIN_URL)
   forms = twill.commands.showforms()

   twill.commands.formvalue(2,'__ac_name',LOGIN)
   twill.commands.formvalue(2,'__ac_password',PASSWORD)
   twill.commands.submit()

if __name__ =='__main__':
  doLogin()
  delUsers()

This will drop all user account (not the ones in GOOD_USERS) ..



Related Posts

One thought on “Howto to a delete lot of Zope/Plone/CPS User account ?

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>