We are now required captchas on new account registration as well as edition/work edits.. Hopefully this will help until we can come put with a more permanent solution.
-raj On Nov 26, 2012, at 10:32 AM, Karen Coyle <[email protected]> wrote: > We're now running at about 2 spam edits per second. Would it simply make > sense to stop all edits until something is done to fix this? I estimate > the number of spam edits, based on the front page stats, to be about > 100K, and the number of spam users to be around 2-3K. > > kc > > On 11/26/12 9:22 AM, Anand Chitipothu wrote: >> >> On 26-Nov-2012, at 10:39 PM, Tom Morris wrote: >> >>> On Mon, Nov 26, 2012 at 11:15 AM, Karen Coyle <[email protected] >>> <mailto:[email protected]>> wrote: >>> >>> The spammers spent a couple of days adding new accounts (undoubtedly >>> thousands) and are now using those accounts to spam the site, at the >>> rate of about 30 or more per minute. You can watch it happening in the >>> "recently" page. Every spam is adding this: >>> >>> <p><a >>> href="http://download.clubfreebooks/qwert.php?sid=1&tds-key=book >>> <http://download.clubfreebooks.org/qwert.php?sid=1&tds-key=book>"><img >>> src="http://s017.radikal.ru/i400/1211/e7/458f4b34ab21.gif"; alt="" >>> /></a></p> >>> >>> Which is a blinking .gif for an ebook download. Here's the result >>> (obviously, don't click on it) >>> >>> http://openlibrary.org/works/OL98200W/Studies_in_critical_philosophy >>> >>> They are also continuing to add new accounts. >>> >>> I have no idea what the spam does, but suspect it's gathering data >>> for, >>> or creating, zombies for later use. Anyone know how to stop this? >>> >>> >>> That's crazy. What web site in 2012 accepts and displays unsanitized >>> HTML? >>> >>> OpenLibrary is an attractive nuisance and as long as it's such a >>> tempting target, you won't be able to stem the tide. Stop allowing >>> raw HTML and this will go away. >> >> We allow markdown in some fields. HTML is valid markdown. We sanitize >> the input to remove css and javascript. We also add rel="nofollow" to >> all external links to remove the incentive to add spam the site. >> >> Looks like we need to handle images as well. Or a way to blacklist >> some URL patterns and prevent edits containing them. >> >> Anand >> >> >> _______________________________________________ >> Ol-tech mailing list >> [email protected] >> http://mail.archive.org/cgi-bin/mailman/listinfo/ol-tech >> To unsubscribe from this mailing list, send email to >> [email protected] >> > > -- > Karen Coyle > [email protected] http://kcoyle.net > ph: 1-510-540-7596 > m: 1-510-435-8234 > skype: kcoylenet > _______________________________________________ > Ol-tech mailing list > [email protected] > http://mail.archive.org/cgi-bin/mailman/listinfo/ol-tech > To unsubscribe from this mailing list, send email to > [email protected] _______________________________________________ Ol-tech mailing list [email protected] http://mail.archive.org/cgi-bin/mailman/listinfo/ol-tech To unsubscribe from this mailing list, send email to [email protected]
![http://s017.radikal.ru/i400/1211/e7/458f4b34ab21.gif"](http://s017.radikal.ru/i400/1211/e7/458f4b34ab21.gif"){kind=link}