On 26-Nov-2012, at 10:39 PM, Tom Morris wrote:
> On Mon, Nov 26, 2012 at 11:15 AM, Karen Coyle <[email protected]> wrote:
> The spammers spent a couple of days adding new accounts (undoubtedly
> thousands) and are now using those accounts to spam the site, at the
> rate of about 30 or more per minute. You can watch it happening in the
> "recently" page. Every spam is adding this:
>
> <p><a
> href="http://download.clubfreebooks/qwert.php?sid=1&tds-key=book";><img
> src="http://s017.radikal.ru/i400/1211/e7/458f4b34ab21.gif"; alt="" /></a></p>
>
> Which is a blinking .gif for an ebook download. Here's the result
> (obviously, don't click on it)
>
> http://openlibrary.org/works/OL98200W/Studies_in_critical_philosophy
>
> They are also continuing to add new accounts.
>
> I have no idea what the spam does, but suspect it's gathering data for,
> or creating, zombies for later use. Anyone know how to stop this?
>
> That's crazy. What web site in 2012 accepts and displays unsanitized HTML?
>
> OpenLibrary is an attractive nuisance and as long as it's such a tempting
> target, you won't be able to stem the tide. Stop allowing raw HTML and this
> will go away.
We allow markdown in some fields. HTML is valid markdown. We sanitize the input
to remove css and javascript. We also add rel="nofollow" to all external links
to remove the incentive to add spam the site.
Looks like we need to handle images as well. Or a way to blacklist some URL
patterns and prevent edits containing them.
Anand
_______________________________________________
Ol-tech mailing list
[email protected]
http://mail.archive.org/cgi-bin/mailman/listinfo/ol-tech
To unsubscribe from this mailing list, send email to
[email protected]
![http://s017.radikal.ru/i400/1211/e7/458f4b34ab21.gif"](http://s017.radikal.ru/i400/1211/e7/458f4b34ab21.gif"){kind=link}