We're now running at about 2 spam edits per second. Would it simply make sense to stop all edits until something is done to fix this? I estimate the number of spam edits, based on the front page stats, to be about 100K, and the number of spam users to be around 2-3K.
kc On 11/26/12 9:22 AM, Anand Chitipothu wrote: > > On 26-Nov-2012, at 10:39 PM, Tom Morris wrote: > >> On Mon, Nov 26, 2012 at 11:15 AM, Karen Coyle <[email protected] >> <mailto:[email protected]>> wrote: >> >> The spammers spent a couple of days adding new accounts (undoubtedly >> thousands) and are now using those accounts to spam the site, at the >> rate of about 30 or more per minute. You can watch it happening in the >> "recently" page. Every spam is adding this: >> >> <p><a >> href="http://download.clubfreebooks/qwert.php?sid=1&tds-key=book >> <http://download.clubfreebooks.org/qwert.php?sid=1&tds-key=book>"><img >> src="http://s017.radikal.ru/i400/1211/e7/458f4b34ab21.gif"; alt="" >> /></a></p> >> >> Which is a blinking .gif for an ebook download. Here's the result >> (obviously, don't click on it) >> >> http://openlibrary.org/works/OL98200W/Studies_in_critical_philosophy >> >> They are also continuing to add new accounts. >> >> I have no idea what the spam does, but suspect it's gathering data >> for, >> or creating, zombies for later use. Anyone know how to stop this? >> >> >> That's crazy. What web site in 2012 accepts and displays unsanitized >> HTML? >> >> OpenLibrary is an attractive nuisance and as long as it's such a >> tempting target, you won't be able to stem the tide. Stop allowing >> raw HTML and this will go away. > > We allow markdown in some fields. HTML is valid markdown. We sanitize > the input to remove css and javascript. We also add rel="nofollow" to > all external links to remove the incentive to add spam the site. > > Looks like we need to handle images as well. Or a way to blacklist > some URL patterns and prevent edits containing them. > > Anand > > > _______________________________________________ > Ol-tech mailing list > [email protected] > http://mail.archive.org/cgi-bin/mailman/listinfo/ol-tech > To unsubscribe from this mailing list, send email to > [email protected] > -- Karen Coyle [email protected] http://kcoyle.net ph: 1-510-540-7596 m: 1-510-435-8234 skype: kcoylenet _______________________________________________ Ol-tech mailing list [email protected] http://mail.archive.org/cgi-bin/mailman/listinfo/ol-tech To unsubscribe from this mailing list, send email to [email protected]
![http://s017.radikal.ru/i400/1211/e7/458f4b34ab21.gif"](http://s017.radikal.ru/i400/1211/e7/458f4b34ab21.gif"){kind=link}