How to Remove Spam Bug reports, Comments, and Attachments From Bugzilla (requires administrator access)
Our Bugzilla instance does not enable a feature to allow one to delete a bug that has been submitted. However there is an indirect way for someone with Administrator access to delete bugs, by 1) creating a new Component for the Spamassassin project; 2) changing the component of the bugs to be deleted; 3) deleting the component, which will also delete all bugs that are set to be in that component.
Bugzilla provides a method to hide spam comments, but not to edit or delete them. An attachment can have its description edited and the entry hidden but not deleted, however the uploaded file it is attached to can be deleted.
Step 0: Disable the spammer's account first so they don't receive email notification of all the next steps.
- In the Administration page, click on Users
- Search using "login name" matching the login email address of the user.
- Click on the found user to edit their account.
- There, type some brief explanation such as "spammer" in the Disabled Text box. Any text in the box will disable their login. Also make sure the checkbox to disable Bugzilla mail is selected.
- Save the changes, then proceed with deleting the bugs, comments, and attachments they have entered.
- Find all the bugs with activity by the spammer:
- Alternate procedure 1 (easier): Click the Delete User button at the bottom of the edit user page for that user. This will bring up a page saying that the user cannot be deleted because of existing bugs, attachments, and comments. The messages will have links to search results of those bugs. Open those links in other tabs to go through deleting each bug report they created, delete the contents of each attachment and then hide the empty attachment, and hide each comment, using the procedures described below.
- Alternate procedure 2: Do a search for the email address that submitted the spam bug. Click on Search, then Advanced Search. Deselect everything under Status. In Search By People set all of the option boxes (Assignee, Reporter, Cc, Commenter) is the email address.
Steps to delete spam bug reports (don't do this of course to real bug reports that the spammer only added comments or attachments to):
- Prepare to delete spam bug reports:
- Click on the Administration menu item, then the components link under Products, then select the spamassassin product.
- On the resulting components page add a new component with a name such as Trash, anything in the Description field, and your email address as the default assignee.
- Find all bugs reported by the spammer (do not include other bugs spammer merely commented on or added attachments to, this procedure will delete the entire bug report), as described in Step 0, which of course you have completed first.
- If there is only one such bug you can click on it to edit it, otherwise near the bottom search results page click on the Change Several Bugs at Once button.
- If changing several bugs at once, select all of the spam bugs, and make the following changes near the bottom of the page. If editing a single bug, the fields are near the top.
- Change the Component to the new one you created, e.g., Trash
- Change the assignee to your email address.
- If editing a single bug, In the CC list to the right, click on "edit", select all the existing addresses and select the checkbox "Remove selected CCs".
- If it was a security bug be sure to unselect the Security Team checkbox near the bottom of the page (editing a single bug), or if changing several bugs at once select the checkbox "Remove bugs from this group" for Security Team.
- Submit (Save) the changes.
- Perform the actual deletion: Back at the Components administration page, delete the Trash component you just made, which after confirmation will also delete the bugs you just moved to it.
Steps to hide spam comments and attachments from that spammer in non-spam bug reports:
- If there are any attachments to delete, first enable deletion of attachment contents, which for security should normally be left disabled:
- In the Administration page, click on Parameters, then in the left sidebar Attachments, then under allow_attachment_deletion select On, then click the Save Changes button.
- Find all bugs with comments posted by the spammer, as described in Step 0, which of course you have completed first.
- Go to each such bug report and select the checkbox "private" on each spam comment. This will hide the comment from non-Administrators.
- If the spammer added any attachments, for each attachment
- In the comment that notifies the attachment, click on the Details link to edit the attachment details. If for some reason that comment does not appear, you can copy the attachment link and change the end of the URL from "view" to "edit" to get to an edit page for the attachment, clicking on Edit Details there if it shows you only a short-form edit page.
- Click on the Delete button that is below the comment box, enter something like "spam" in the reason box if you want to and confirm the deletion. This should also mark the now empty attachment as "obsolete" and "private" so it will not show up. If you don't see a Delete button you forgot to enable the feature in the first step.
- Back in the bug report page, edit the Cc list to select the spammer's email address, click the checkbox for Remove selected from Cc list, and uncheck the box to add yourself to Cc list if you have no reason to add yourself to it.
- Click on Save to submit all the changes you have made to this bug report
- After all that is done for all bug reports, remember to revert the setting back to Off that you set in the first step.