User change logs should provide an easy revert button

Fullmental

Active member
We've been fighting spam accounts that hijack existing user accounts with likely compromised passwords, and every time we have to manually copy and paste profile values to restore the accounts, signatures, and profile values. The user change log is right there, why can't we have a button to just undo the changes with one click?
 
Upvote 9
It would be really interesting to have an Undo and Redo function in the logs. If someone makes a mistake or the account is compromised, the Administrator can easily reverse recent account changes through the Log with a few clicks. The same applies in case a moderator takes any action, which can be reversed. Even Administrator actions (with the correct permissions)
 
We've been fighting spam accounts that hijack existing user accounts with likely compromised passwords, and every time we have to manually copy and paste profile values to restore the accounts, signatures, and profile values. The user change log is right there, why can't we have a button to just undo the changes with one click?
Unfortunately I have the same issue which I described it here:

Post in thread 'Old users are becoming SPAM everyday !'
https://xenforo.com/community/threads/old-users-are-becoming-spam-everyday.219393/post-1679396
 
Unfortunately I have the same issue which I described it here:

Post in thread 'Old users are becoming SPAM everyday !'
https://xenforo.com/community/threads/old-users-are-becoming-spam-everyday.219393/post-1679396
Looks like we're getting hit with the same bots, yes. They have been getting steadily more frequent over the past several weeks to months, we're getting very concerned over the amount of time our staff has to spend reconciling this as it takes away from time we should be spending on our regular duties.

We have so many bot protections enabled too, from captchas to akismet, project Honeypot, dns/sfs checks, a ton of filtering for common spam phrases, and at least a dozen additional protections through our cloudflare proxy including very aggressive ip filtering that sometimes impacts legitimate users. We're at the limit of what we can do to stop these bots from getting in, but they just keep getting through with increasing frequency.

And when they do get through - even if our system flags the messages they try to send - it's always a manual process to roll back the profile details and initiate security locks, etc. The mod tools MUST adapt to changing times and make things easier to help us combat them!
 
I wouldn’t worry about reversing any changes, I’d stop it before it happens.
This doesn't work if the user is relatively active and just uses a password that was cracked elsewhere. A large chunk of these users were active in the past week or month, they just have poor password management skills. We can't force unique passwords - there's no way to know if a password entered by a user was previously used by them on another site. So while it might cut down a little bit in the volume, it doesn't solve the underlying problem.

Now, if there was an addon to identify emails/passwords found in recent data breaches and you could lock them that way, it might have a greater effect.
 
Back
Top Bottom