[Savannah-help-public] [sr #106304] Bug spam from logged in spammers?
Follow-up Comment #40, sr #106304 (project administration): - looked like the standard sort of savannah spam to me. maybe we've been targeted by only one spam farm so far. - i like the idea of hold-for-moderation. no clue how it can be implemented in savane, though. - i don't see a voting scheme as a requirement. could just hold the junk and let the project admins deal with it. same as we do for mailing lists, basically. - an originality filter sounds like an interesting idea. we reject a ton of spam on mailing lists based on duplicate posts. - i guess this is mostly off-topic for this issue, but ...: sylvain mentioned recently about eventually supporting email for the bug trackers. then some kind of hold-for-moderation seems necessary to me, else the (email-based) spam would be overwhelming. (personally, the only email feature i would really like is to be able to reply in email instead of using these horrible browser textareas to compose text. i'm happy to use the web interface to do other stuff with the trackers, although of course not everyone is happy with that.) best, karl ___ Reply to this item at: http://savannah.gnu.org/support/?106304 ___ Message sent via/by Savannah http://savannah.gnu.org/
[Savannah-help-public] [sr #106304] Bug spam from logged in spammers?
Follow-up Comment #38, sr #106304 (project administration): We just got a great deal of spam. One of the spammers 1) found he needed to type 451 and 2) was greedy enough to spam a lot of items at once. I just changed the question, let's see if this works. At my day job, I recently implemented TextCHA-based solutions for MediaWiki and MoinMoin. On most websites spam stopped (can't tell for those that restricted anonymous edits though). However, one of them continued to receive spam, but much less. AFAICS one spammer is sending a mass-posting from multiple IP sources at once, and succeed depending on which TextCHA is asked. Since the questions were asked in French, I assume that there's one French-speaking human in the spammer's team that answered at least one of the questions I had setup. It still spammed the website after I changed the 2 questions (though most of the posts were blocked). I just switched to an unguessable question (i.e. a password), and the spam stopped, which means it's not a flaw in the MoinMoin antispam. One counter-measure that spammers might use would be to present the questions to normal web users in exchange of porn material (this is not new, that also worked for Captchas). Multiplying the questions, and ask them at random, might help fighting spammers, because they'll have a hard time listing all the possible TextCHA questions (especially if not all of them are asked on any given day). ___ Reply to this item at: http://savannah.gnu.org/support/?106304 ___ Message posté via/par Savannah http://savannah.gnu.org/
[Savannah-help-public] [sr #106304] Bug spam from logged in spammers?
Follow-up Comment #39, sr #106304 (project administration): I haven't run across the new spam yet. Have we attracted more creative spammers or are they still doing many lines of URL GarbageGarbageGarbage? More generally, how difficult would it be to implement a hold-for-moderation mechanism? Something to allow more aggressive content filtering without risking losing legitimate comments? Ideally, it could be configurable per-project or even per-item-that-takes-user-submissions. So a quiet project that isn't getting spammed might be able to just bypass moderation entirely and let any posts not blocked by site filters (like the TextCHA) through, while a heavily attacked, highly-visible project might even be able to make their own filter rules, possibly even on a per-communication-tool basis, while blocking posts that look too much like spam entirely. It could actually be as simple as having means for the system to assign a non-zero spam score to a new post if certain conditions are met and allowing to vote posts as not-spam. To prevent spammers from gaming the system, keep a log of votes (to allow tracing spammer accounts that are used to abuse the voting system) and give each user two votes per time interval (choose day, week, hour, whatever, ideally based from statistics on how often real users vote posts as spam now)--the first vote in an interval counts in full, but each subsequent vote counts half of the previous vote. After an interval, both votes are restored. Project admins would need the ability to zero out a post's spam score (assuming that a project admin can be trusted not to want their own project spammed) and perhaps tracker admins should be given some similar power. Are the spams varying much, or are there correlations between them? If the spammers are just posting the same thing over and over, perhaps a circular buffer (in some sense) of the most recent posts (site-wide) could be kept and incoming posts checked for similarity against other recent posts, with the probability that the new post is spam (and thus its initial spam score?) being proportional to how closely it resembles other recent posts? This would also have the advantage that such pseudo-blacklisting would expire as posts are replaced in the buffer. Essentially, it would be a time-span-limited originality filter. Since legitimate posts to trackers in two different projects (or even two different bugs in the same project) are likely to be fairly different, and rather unlikely to contain the same URLs, this could alternately take the form of a rolling URL blacklist, perhaps with the most likely to be joe-jobbed (but trustworthy) domains (such as debian.org, gnu.org, kernel.org, fsf.org, etc.) whitelisted to prevent spammers from getting (too many) legitimate URLs into the blacklist. This should rate-limit spam to a manageable fraction of posts overall. I like the idea of content-based filters more than CAPTCHAs simply because spammers have found ways to get other people to solve CAPTCHAs for them (I believe this is how Gmail's CAPTCHA was broken), but if spammers can't post their garbage over and over, no matter what it is or how many CAPTCHAs they solve, we can hopefully make spamming Savannah painful enough that the spammers go elsewhere. ___ Reply to this item at: http://savannah.gnu.org/support/?106304 ___ Message sent via/by Savannah http://savannah.gnu.org/
[Savannah-help-public] [sr #106304] Bug spam from logged in spammers?
Follow-up Comment #37, sr #106304 (project administration): Almost no spam is reported these days, so I guess the current simple measures are effective. ___ Reply to this item at: http://savannah.gnu.org/support/?106304 ___ Message posté via/par Savannah http://savannah.gnu.org/
[Savannah-help-public] [sr #106304] Bug spam from logged in spammers?
Follow-up Comment #36, sr #106304 (project administration):
At least from a cursory glance at the spam others have mentioned here, it
looks like most of the spam follows the same format.
Perhaps some means of blocking (or holding for moderation?) comments that
contain many lines that begin with a URL and have following text? In other
words, most of the spam seems to be many lines of:
http://spammerland.example.com/spamspamspam Yet More Junk
Perhaps a filter that rejects or holds for moderation or (anyone else have a
good idea?) comments with more than a certain fraction of lines that match
m{^http://} (Perl regexp notation) might help the spam problem?
___
Reply to this item at:
http://savannah.gnu.org/support/?106304
___
Message sent via/by Savannah
http://savannah.gnu.org/
[Savannah-help-public] [sr #106304] Bug spam from logged in spammers?
Follow-up Comment #36, sr #106304 (project administration): Another thing that I wonder about is running some kind of simple-minded spamassassin-like test on comments before they are posted. The spam that gets posted is completely obvious and I'd expect any program would detect it. Do any other hosting sites do this? Generally speaking mail anti-spam tools aren't much efficient against comments spam. In this case we're willing to block people whose URLs usually aren't in the URL block-lists yet. In addition several spammers do include part of the page content along with their URLs (including legitimate URLs) which means they aren't so easy to block. So if there's a way to detect such spam on the fly, I'm willing to implement it, but I doubt it. ___ Reply to this item at: http://savannah.gnu.org/support/?106304 ___ Message posté via/par Savannah http://savannah.gnu.org/
[Savannah-help-public] [sr #106304] Bug spam from logged in spammers?
Follow-up Comment #37, sr #106304 (project administration): I wonder if http://blogspam.net/code/ could be usefully adapted for savannah. It's for blogs instead of hosting services, but ... (It would be astonishing to me if no other hosting site -- sourceforge, berlios, etc. -- had done anything about comment spam, but I can't go looking right now.) ___ Reply to this item at: http://savannah.gnu.org/support/?106304 ___ Message sent via/by Savannah http://savannah.gnu.org/
[Savannah-help-public] [sr #106304] Bug spam from logged in spammers?
Follow-up Comment #35, sr #106304 (project administration): How sad. We can't defeat the manual setup, but I agree a couple more questions couldn't hurt. A couple more ideas from the overview page: At what institution did Richard Stallman start his career? (MIT) What is GNU's graphical desktop called? (GNOME) Another thing that I wonder about is running some kind of simple-minded spamassassin-like test on comments before they are posted. The spam that gets posted is completely obvious and I'd expect any program would detect it. Do any other hosting sites do this? ___ Reply to this item at: http://savannah.gnu.org/support/?106304 ___ Message sent via/by Savannah http://savannah.gnu.org/
[Savannah-help-public] [sr #106304] Bug spam from logged in spammers?
Follow-up Comment #34, sr #106304 (project administration): From what I remember it was registered 12th january, so it did pass the TextCHA. My understanding of the stats is that spammers combine initial manual setup with later automated spamming. In this case I presume the spammer's cronjob reported a failure to login, triggered manual check (reading the GNU manifesto page), fixing the cronjob and running it again. Not all spammers have error reporting though, as shown by the ridiculously high number of blocked anonymous spam. So I guess we need to implement 10-20 questions instead of one, and also make it less automatable by storing the currently selected question on the server-side rather than in a form field. I'm not sure why spammers insist on posting urls here though, trackers item doesn't get a particularly high google rank in general.. ___ Reply to this item at: http://savannah.gnu.org/support/?106304 ___ Message sent via/by Savannah http://savannah.gnu.org/
[Savannah-help-public] [sr #106304] Bug spam from logged in spammers?
Follow-up Comment #32, sr #106304 (project administration): So at least one spammer took at look at the GNU manifesto publication date (which is the current TextCHA question). I need to add more questions, at once - any suggestions? :) ___ Reply to this item at: http://savannah.gnu.org/support/?106304 ___ Message sent via/by Savannah http://savannah.gnu.org/
[Savannah-help-public] [sr #106304] Bug spam from logged in spammers?
Follow-up Comment #33, sr #106304 (project administration): Could it be the case that the spammer already existed in the system before the textcha? ___ Reply to this item at: http://savannah.gnu.org/support/?106304 ___ Message sent via/by Savannah http://savannah.gnu.org/
[Savannah-help-public] [sr #106304] Bug spam from logged in spammers?
Follow-up Comment #30, sr #106304 (project administration): Well I put the TextCHA 9 days ago and the spamlist.php stayed empty since then - so you should have an idea on whether it works now :) ___ Reply to this item at: http://savannah.gnu.org/support/?106304 ___ Message sent via/by Savannah http://savannah.gnu.org/
[Savannah-help-public] [sr #106304] Bug spam from logged in spammers?
Follow-up Comment #31, sr #106304 (project administration): Re: Well I put the TextCHA 9 days ago and the spamlist.php stayed empty since then - so you should have an idea on whether it works now :) These got through it since then: http://savannah.nongnu.org/task/?4755 But I am sure it is an improvement in spite of that counter example. ___ Reply to this item at: http://savannah.gnu.org/support/?106304 ___ Message sent via/by Savannah http://savannah.gnu.org/
[Savannah-help-public] [sr #106304] Bug spam from logged in spammers?
Follow-up Comment #27, sr #106304 (project administration): I added a basic TextCHA in the registration page. Thank you very much. It'll be interesting to see how much it helps. Meanwhile, do you by any chance know about https://savannah.gnu.org/siteadmin/spamlist.php I did, but deleting spam after the fact is very much suboptimal, because it has already generated mail to the mailing lists (e.g., bug-grep). (Bob, the page probably didn't come up for you because you have to be savannah super-user in the web interface.) Do you get only registered spam or also anonymous spam. In the projects I looked at (grep, texinfo), anonymous comments were (thankfully) disallowed, so it was only registered spam. ___ Reply to this item at: http://savannah.gnu.org/support/?106304 ___ Message sent via/by Savannah http://savannah.gnu.org/
[Savannah-help-public] [sr #106304] Bug spam from logged in spammers?
Follow-up Comment #28, sr #106304 (project administration): I figured the spamlist.php url wasn't available to normal mortals. But since I submitted this bug in the first place *and* that was offered as an option I felt justified in saying that it didn't work for me. ___ Reply to this item at: http://savannah.gnu.org/support/?106304 ___ Message sent via/by Savannah http://savannah.gnu.org/
[Savannah-help-public] [sr #106304] Bug spam from logged in spammers?
Follow-up Comment #29, sr #106304 (project administration): Because of the spam problems I've had to add the savannah sender as a always moderated address to my project mailing lists; for every bug, etc. email that is generated I have to go approve it in case it's spam. Frustrating. I hope the captcha solves this problem. ___ Reply to this item at: http://savannah.gnu.org/support/?106304 ___ Message sent via/by Savannah http://savannah.gnu.org/
[Savannah-help-public] [sr #106304] Bug spam from logged in spammers?
Follow-up Comment #26, sr #106304 (project administration): Well that's an administrator page. ___ Reply to this item at: http://savannah.gnu.org/support/?106304 ___ Message sent via/by Savannah http://savannah.gnu.org/
[Savannah-help-public] [sr #106304] Bug spam from logged in spammers?
Follow-up Comment #23, sr #106304 (project administration): Meanwhile, do you by any chance know about https://savannah.gnu.org/siteadmin/spamlist.php ? Reported spammers can be banned in a single click. It could be improved with a hide all posts from this spammer. Do you get only registered spam or also anonymous spam. It would be amazing to see that spammers prefer registering an account rather than typing 421 in a single field. ___ Reply to this item at: http://savannah.gnu.org/support/?106304 ___ Message posté via/par Savannah http://savannah.gnu.org/
[Savannah-help-public] [sr #106304] Bug spam from logged in spammers?
Follow-up Comment #24, sr #106304 (project administration): I added a basic TextCHA in the registration page. ___ Reply to this item at: http://savannah.gnu.org/support/?106304 ___ Message posté via/par Savannah http://savannah.gnu.org/
[Savannah-help-public] [sr #106304] Bug spam from logged in spammers?
Follow-up Comment #25, sr #106304 (project administration): Meanwhile, do you by any chance know about https://savannah.gnu.org/siteadmin/spamlist.php ? Reported spammers can be banned in a single click. I did not know about that page but that page gives me a permission denied error. ___ Reply to this item at: http://savannah.gnu.org/support/?106304 ___ Message sent via/by Savannah http://savannah.gnu.org/
[Savannah-help-public] [sr #106304] Bug spam from logged in spammers?
Follow-up Comment #21, sr #106304 (project administration): After 8 months... Apparently this is slightly decreasing. -- User was not logged and check_value is wrong 255478 -- Idem, and in addition the posted text contains an HTTP link 245328 -- Validated post (validated captcha or authentified) 17412 -- Posts per suspicious IP Top-10: | 200.63.42.109 | 4689 | | 200.63.42.111 | 4699 | | 78.129.202.7| 4891 | | 194.8.74.43 | 5175 | | 194.8.74.47 | 5674 | | 194.8.75.251| 5775 | | 81.177.22.216 | 8405 | | 216.240.153.114 | 8851 | | 77.91.229.56| 9867 | | 208.70.78.16| 21635 | But there's a total of ~3 IPs. -- Average posts by suspicious IP 6.9553 -- Posts per IP suspicious and per day Lots of 1-2 daily posts per IP + between 2 and 4 big spammers ranging from 10 to 200 daily posts per IP. -- Number of different IP adresses 37444 -- Average number of different apparently-spamming IP adresses per day 203.1569 ___ Reply to this item at: http://savannah.gnu.org/support/?106304 ___ Message posté via/par Savannah http://savannah.gnu.org/
[Savannah-help-public] [sr #106304] Bug spam from logged in spammers?
Follow-up Comment #20, sr #106304 (project administration): http://hotblondesex.pornlivenews.comhot blonde sex http://bignaturalboobs.pornlivenews.com big natural boobs http://freeamateursexmovies.pornlivenews.comfree amateur sex movies http://swingersexvideos.pornlivenews.comswinger sex videos http://freelatinaspornvids.pornlivenews.com free latinas porn vids ___ Reply to this item at: http://savannah.gnu.org/support/?106304 ___ Message sent via/by Savannah http://savannah.gnu.org/
[Savannah-help-public] [sr #106304] Bug spam from logged in spammers?
Follow-up Comment #18, sr #106304 (project administration): a href=http://faves.com/Out.ashx?u=//dating365.co.cc/dating+a+taurus+mandating a taurus man/a We cannot guarantee that these keywords will improve your campaign performance. We reserve the right to disapprove any keywords you add. a href=http://faves.com/Out.ashx?u=//dating365.co.cc/jennifer+freeman+and+omarion+datingjennifer freeman and omarion dating/a We cannot guarantee that these keywords will improve your campaign performance. We reserve the right to disapprove any keywords you add. a href=http://faves.com/Out.ashx?u=//dating365.co.cc/dating+online+lakeland+fldating online lakeland fl/a We cannot guarantee that these keywords will improve your campaign performance. We reserve the right to disapprove any keywords you add. a href=http://faves.com/Out.ashx?u=//dating365.co.cc/free+online+dating+sydneyfree online dating sydney/a We cannot guarantee that these keywords will improve your campaign performance. We reserve the right to disapprove any keywords you add. a href=http://faves.com/Out.ashx?u=//dating365.co.cc/mind+and+soul+dating+love+online+bodymind and soul dating love online body/a We cannot guarantee that these keywords will improve your campaign performance. We reserve the right to disapprove any keywords you add. a href=http://faves.com/Out.ashx?u=//dating365.co.cc/amateur+dating+onlineamateur dating online/a We cannot guarantee that these keywords will improve your campaign performance. We reserve the right to disapprove any keywords you add. a href=http://faves.com/Out.ashx?u=//dating365.co.cc/layer+of+the+skin+dating+online+good+thingslayer of the skin dating online good things/a We cannot guarantee that these keywords will improve your campaign performance. We reserve the right to disapprove any keywords you add. a href=http://faves.com/Out.ashx?u=//dating365.co.cc/free+sex+dating+sites+with+instant+messagingfree sex dating sites with instant messaging/a We cannot guarantee that these keywords will improve your campaign performance. We reserve the right to disapprove any keywords you add. a href=http://faves.com/Out.ashx?u=//dating365.co.cc/wild+public+sex+datingwild public sex dating/a We cannot guarantee that these keywords will improve your campaign performance. We reserve the right to disapprove any keywords you add. a href=http://faves.com/Out.ashx?u=//dating365.co.cc/hot+kinky+sex+slave+datinghot kinky sex slave dating/a We cannot guarantee that these keywords will improve your campaign performance. We reserve the right to disapprove any keywords you add. a href=http://faves.com/Out.ashx?u=//dating365.co.cc/fun+sex+spanking+datingfun sex spanking dating/a We cannot guarantee that these keywords will improve your campaign performance. We reserve the right to disapprove any keywords you add. a href=http://faves.com/Out.ashx?u=//dating365.co.cc/spanking+bondage+kinky+sex+datingspanking bondage kinky sex dating/a We cannot guarantee that these keywords will improve your campaign performance. We reserve the right to disapprove any keywords you add. a href=http://faves.com/Out.ashx?u=//dating365.co.cc/sex+slaves+kinky+coeds+datingsex slaves kinky coeds dating/a We cannot guarantee that these keywords will improve your campaign performance. We reserve the right to disapprove any keywords you add. a href=http://faves.com/Out.ashx?u=//dating365.co.cc/fun+kinky+bondage+slave+sex+datingfun kinky bondage slave sex dating/a We cannot guarantee that these keywords will improve your campaign performance. We reserve the right to disapprove any keywords you add. a href=http://faves.com/Out.ashx?u=//dating365.co.cc/arkansas+free+adult+personalsarkansas free adult personals/a We cannot guarantee that these keywords will improve your campaign performance. We reserve the right to disapprove any keywords you add. a href=http://faves.com/Out.ashx?u=//dating365.co.cc/canada+adult+friend+findercanada adult friend finder/a We cannot guarantee that these keywords will improve your campaign performance. We reserve the right to disapprove any keywords you add. a href=http://faves.com/Out.ashx?u=//dating365.co.cc/birmingham+adult+friend+finderbirmingham adult friend finder/a ___ Reply to this item at: http://savannah.gnu.org/support/?106304 ___ Message sent via/by Savannah http://savannah.gnu.org/
[Savannah-help-public] [sr #106304] Bug spam from logged in spammers?
Follow-up Comment #17, sr #106304 (project administration): Gift Baskets http://giftbasketsblog.net/ Flowers http://flowersdictionary.net/ Spring Flowers http://springflowerslist.net/ Soft Toys http://kidssofttoys.net/ Acne Treatment http://onmytod.net/ Alternative Medicine http://placeronline.net/ Anti Aging http://tushyclean.net/ Health and Beauty http://waveport.net/ Cancer symptoms and risks http://bridgmanfootball.com/ Great Fishing http://mangroveadv.com/ Muscle building http://dreamdogmedia.com/ Fashion world http://wench-wear.com/ Diseases and Conditions http://baninter.com/ Exercise and Meditations http://netmatecentral.com/ blood drug test http://blooddrugtest.net/ employment drug testing http://employmentdrugtesting.net/ hair drug test http://hair-drug-test.com/ pass a drug test http://passing-a-drug-test.com/ random drug testing http://random-drug-testing.net/ saliva drug test http://saliva-drug-test.org/ urine drug test http://urine-drug-test.net/ workplace drug testing http://workplacedrugtesting.net/ employee drug testing http://employee-drug-testing.net/ marijuana drug test http://marijuana-drug-test.org/ home drug test kits http://homedrugtestkits.org/ drug testing kits http://drugtestingkits.org/ mp3 downloads http://mp3audioz.com download mp3 http://mp3worldz.com buy mp3 music http://mp3front.com mp3 music downloads http://mp3location.com music mp3 download http://wintermp3.com mp3 audio download http://mp3loud.com movies dvd dowload http://movieworldz.com pass a drug test http://boxdetox.com gift baskets http://abcbasket.com kazakh xml manual http://kzwebst.net/ xml manual http://xmldoc.org/ ___ Reply to this item at: http://savannah.gnu.org/support/?106304 ___ Message sent via/by Savannah http://savannah.gnu.org/
[Savannah-help-public] [sr #106304] Bug spam from logged in spammers?
Follow-up Comment #15, sr #106304 (project administration): Here's an extremely clever spam that showed up in my bug #17873 a day or two ago: it takes some sentences from OTHER COMMENTS and adds the spam bit in the middle, so the result is somewhat relevant to the bug in question, plus spam. It doesn't really make sense but it's enough to cause you to look twice: Friday 07/11/2008 at 07:59, comment #13: since the dependencies are fake, problems arise easily. http://without-prescription-no.com , and some makefiles may be using it, so we'd have to use some other special target. ___ Reply to this item at: http://savannah.gnu.org/support/?106304 ___ Message sent via/by Savannah http://savannah.gnu.org/
[Savannah-help-public] [sr #106304] Bug spam from logged in spammers?
Follow-up Comment #14, sr #106304 (project administration): Best sites from google.de : 1) http://www.google.de/notebook/public/04608191802079853396/BDShxQwoQqI2u9aMj 2) http://www.google.de/notebook/public/14811194029080121230/BDShxQwoQ-K6u9aMj 3) http://www.google.de/notebook/public/04608191802079853396/BDSIKQgoQwYS79aMj 4) http://www.google.de/notebook/public/04608191802079853396/BDQouQwoQgaq79aMj 5) http://www.google.de/notebook/public/04608191802079853396/BDQcKQgoQ4c679aMj 6) http://www.google.de/notebook/public/04608191802079853396/BDShxQwoQ-fO79aMj 7) http://www.google.de/notebook/public/13061649652563958978/BDSHDQwoQgKq89aMj 8) http://www.google.de/notebook/public/13061649652563958978/BDQcKQgoQhc289aMj 9) http://www.google.de/notebook/public/13061649652563958978/BDSHDQwoQ5fG89aMj 10) http://www.google.de/notebook/public/16826695713444040349/BDQGMQgoQva299aMj 11) http://www.google.de/notebook/public/16826695713444040349/BDQcKQgoQ4dG99aMj 12) http://www.google.de/notebook/public/16826695713444040349/BDQ2NQgoQv_W99aMj 13) http://www.google.de/notebook/public/14811194029080121230/BDShxQwoQsJm-9aMj 14) http://www.google.de/notebook/public/14811194029080121230/BDQGMQgoQ5r2-9aMj 15) http://www.google.de/notebook/public/14811194029080121230/BDSIKQgoQgea-9aMj 16) http://www.google.de/notebook/public/14811194029080121230/BDQaSQgoQo4m_9aMj 17) http://www.google.de/notebook/public/17317152843759546979/BDSMKQgoQuK2_9aMj 18) http://www.google.de/notebook/public/17317152843759546979/BDQcKQgoQyNC_9aMj 19) http://www.google.de/notebook/public/17317152843759546979/BDShxQwoQpfO_9aMj 20) http://www.google.de/notebook/public/17317152843759546979/BDShxQwoQ9JjA9aMj 21) http://www.google.de/notebook/public/03229453723828530204/BDShxQwoQ-LvA9aMj 22 http://www.google.de/notebook/public/03229453723828530204/BDQouQwoQ8N7A9aMj 23) http://www.google.de/notebook/public/03229453723828530204/BDQaSQgoQzITB9aMj 24) http://www.google.de/notebook/public/03229453723828530204/BDShxQwoQw6rB9aMj 25) http://www.google.de/notebook/public/06400866979459256914/BDQ2NQgoQ_dTB9aMj 26) http://www.google.de/notebook/public/06400866979459256914/BDShxQwoQyPjB9aMj 27) http://www.google.de/notebook/public/06400866979459256914/BDQcKQgoQ1JzC9aMj 28) http://www.google.de/notebook/public/06400866979459256914/BDQ2NQgoQ5bvC9aMj 29) http://www.google.de/notebook/public/01766436141041937324/BDShxQwoQ7t_C9aMj 30) http://www.google.de/notebook/public/01766436141041937324/BDSMKQgoQqIrD9aMj 31) http://www.google.de/notebook/public/01766436141041937324/BDSHDQwoQt7DD9aMj 32) http://www.google.de/notebook/public/01766436141041937324/BDSMKQgoQ_dXD9aMj 33) http://www.google.de/notebook/public/03054172070810390609/BDQ2NQgoQ-fvD9aMj 34) http://www.google.de/notebook/public/03054172070810390609/BDSIKQgoQwJjE9aMj 35) http://www.google.de/notebook/public/03054172070810390609/BDQcKQgoQ67zE9aMj 36) http://www.google.de/notebook/public/03054172070810390609/BDQouQwoQkOTE9aMj 37) http://www.google.de/notebook/public/11647051931541063004/BDQ2NQgoQp4rF9aMj 38) http://www.google.de/notebook/public/11647051931541063004/BDQcKQgoQzbTF9aMj 39) http://www.google.de/notebook/public/11647051931541063004/BDSMKQgoQx9vF9aMj 40) http://www.google.de/notebook/public/11647051931541063004/BDSIKQgoQp4LG9aMj 41) http://www.google.de/notebook/public/18236042230916225380/BDQcKQgoQ4J3G9aMj 42) http://www.google.de/notebook/public/18236042230916225380/BDSHDQwoQ68DG9aMj 43) http://www.google.de/notebook/public/18236042230916225380/BDQcKQgoQ8uLG9aMj 44) http://www.google.de/notebook/public/18236042230916225380/BDSMKQgoQ1oXH9aMj 45) http://www.google.de/notebook/public/00355309926142456421/BDSIKQgoQ06nH9aMj 46) http://www.google.de/notebook/public/00355309926142456421/BDQouQwoQqdDH9aMj 47) http://www.google.de/notebook/public/00355309926142456421/BDQaSQgoQ1_TH9aMj 48) http://www.google.de/notebook/public/00355309926142456421/BDSHDQwoQj5nI9aMj 49) http://www.google.de/notebook/public/04608191802079853396/BDSHDQwoQ__LP9aMj 50) http://www.google.de/notebook/public/13061649652563958978/BDShxQwoQn5jQ9aMj ___ Reply to this item at: http://savannah.gnu.org/support/?106304 ___ Message sent via/by Savannah http://savannah.gnu.org/
[Savannah-help-public] [sr #106304] Bug spam from logged in spammers?
Follow-up Comment #13, sr #106304 (project administration): TextChas sounds like something to try out: http://moinmo.in/HelpOnTextChas Examples: Since you are not logged in, please enter the last name (family name) of the founder of the GNU project (http://www.gnu.org/gnu/thegnuproject.html): Since you are not logged in, please enter the date of release of version 3 of the GNU GPL (gplv3.fsf.org): Answers are matches against a set of regexps and languages. The cons is the need for i18n'ing the questions. And change the questions from time to time. This could also be added in the account creation page. ___ Reply to this item at: http://savannah.gnu.org/support/?106304 ___ Message posté via/par Savannah http://savannah.gnu.org/
[Savannah-help-public] [sr #106304] Bug spam from logged in spammers?
Follow-up Comment #11, sr #106304 (project administration): http://searchdvdmovies.com/03/21/highlander-ii-the-quickening/ ___ Reply to this item at: http://savannah.gnu.org/support/?106304 ___ Message sent via/by Savannah http://savannah.gnu.org/
[Savannah-help-public] [sr #106304] Bug spam from logged in spammers?
Follow-up Comment #12, sr #106304 (project administration): It seems poetic to me that this bug reporting a problem with bug spam is also getting bug spam. :-) ___ Reply to this item at: http://savannah.gnu.org/support/?106304 ___ Message sent via/by Savannah http://savannah.gnu.org/
[Savannah-help-public] [sr #106304] Bug spam from logged in spammers?
Follow-up Comment #10, sr #106304 (project administration): We got a series of '//Not Viagra' spam. The logs show that this was done over ~15mn with ~2msg/min. This means filters like MoinMoin's surge protection won't work in such case. surge protection may still be good to implement, in combination with reducing the number of allowed links per posts - to compensate, spammers would need to post more independent posts, in which case surge protection would kick in. After 6 days, let's have some new stats: - posts: 12400 - failed 421 tests: 11903 - valid posts containing 3x http://: 420 - IPs: 2241 - Max posts per IP: 647 - Max posts per IP and day: 150 - Average posts by suspicious IP: 5 I don't have much time for this, so code contributions are needed. ___ Reply to this item at: http://savannah.gnu.org/support/?106304 ___ Message sent via/by Savannah http://savannah.gnu.org/
[Savannah-help-public] [sr #106304] Bug spam from logged in spammers?
Follow-up Comment #9, sr #106304 (project administration): I added a few tracers in the code and build some stats for the past day. I trace all new items and items comments. Total comments received: 1869 Posts that failed the 421 captcha and contain http://: 1808 Validated posts (login or captcha): 36 Captcha-validated (anonymous) posts: 6 = 17% Validated posts that contain http://: 6 Validated posts that contain spam: 2 (1 login + 1 captcha) Number of differents IPs: 468 Number of differents IPs for posts that failed the captcha and contain http://: 436 Max # of posts by IP: 89 Average posts by suspicious IP: 4.18 Median of the above: 1 So we're in front of a distributed comment spamming, coming from numerous origins, each generally posting only a few comments. The wide majority of the posts are sent by very primitive bots and are several orders of magnitude more numerous than legitimate posts. The rest of the spam comes from more intelligent bot, but also from bots who just registered an account (and avoid any captcha). IDS won't be much effective because of the diversity of the attack sources. I portscanned a few spamming IPs. AFAICT they were not open proxies (either completely closed, or classic GNU/Linux setup with no apparent proxy). I only checked a few IPs, so this is not a definite conclusion. The use of a graphical captcha will not stop the clever spammer, not spammers who create accounts. So this solution may not work so well. About reCaptcha in particular: while this is an interesting initiative, we don't have the source code for the server-side of this solution (only for the client plugins). One of Savannah's goal is to showcase a forge running exclusively on free software. Relying on external 3rd-party services which lack source code defeats the point. (same goes for akisnet or something) Possible solutions: I'd suggest testing URL blocklists, escalating based on the presence of external URLs, and also improving post-moderation (fix rather than reject - we'll probably never get rid of 100% spam). The trace is still running so we may get more data later on. Note that this applies to Savannah in general. Savane (and more generally forges) is not widespread. Mediawiki or DotClear installations probably get a different kind of spam, both in quality and quantity ;) Suggestions? ___ Reply to this item at: http://savannah.gnu.org/support/?106304 ___ Message sent via/by Savannah http://savannah.gnu.org/
[Savannah-help-public] [sr #106304] Bug spam from logged in spammers?
Follow-up Comment #7, sr #106304 (project administration): Ditto here; one of my bugs is getting lots of spam, but it's almost all posted by Anonymous. So, I think the captcha we're using must not be strong enough?? See https://savannah.gnu.org/bugs/?17873 There are some real users posting spam there too. It seems like it should be trivial for folks with access to the database to query it and get a list of all the comments marked spam, faster and easier than us posting links to them all. You could even query those that were posted by Anonymous vs. real users. ___ Reply to this item at: http://savannah.gnu.org/support/?106304 ___ Message sent via/by Savannah http://savannah.gnu.org/
[Savannah-help-public] [sr #106304] Bug spam from logged in spammers?
Follow-up Comment #8, sr #106304 (project administration): I agree with Paul, the captcha is only an enter 137 How about implementing some of the modern day Recaptcha systems? ___ Reply to this item at: http://savannah.gnu.org/support/?106304 ___ Message sent via/by Savannah http://savannah.gnu.org/
[Savannah-help-public] [sr #106304] Bug spam from logged in spammers?
Follow-up Comment #3, sr #106304 (project administration): Dennis, Maybe this is an opportunity for you to analyse the spam we receive at Savannah, in preparation of the anti-spam coding tasks? Tony, can you give more details about the spam you received (URLs, patterns...) ? Bob, for your initial question, maybe see https://savannah.gnu.org/maintenance/SavaneTasks ___ Reply to this item at: http://savannah.gnu.org/support/?106304 ___ Message sent via/by Savannah http://savannah.gnu.org/
[Savannah-help-public] [sr #106304] Bug spam from logged in spammers?
Follow-up Comment #4, sr #106304 (project administration): Sure I'd love to get started on this assignment, As Sylvain said it would be great to get some more details first. ___ Reply to this item at: http://savannah.gnu.org/support/?106304 ___ Message sent via/by Savannah http://savannah.gnu.org/
[Savannah-help-public] [sr #106304] Bug spam from logged in spammers?
Follow-up Comment #5, sr #106304 (project administration): Bob, for your initial question, maybe see https://savannah.gnu.org/maintenance/SavaneTasks The SavaneTasks page describes a process to clean spam through direct SQL access. I am happy to do this. Where can I log in to be able to run the SQL commands documented on that page? ___ Reply to this item at: http://savannah.gnu.org/support/?106304 ___ Message sent via/by Savannah http://savannah.gnu.org/
[Savannah-help-public] [sr #106304] Bug spam from logged in spammers?
Follow-up Comment #6, sr #106304 (project administration): Sylvain, There are several (12) spam comments at: https://savannah.gnu.org/bugs/index.php?16179 And a spam bug report at: https://savannah.gnu.org/bugs/?22897 Maybe others, I didn't keep a log. ___ Reply to this item at: http://savannah.gnu.org/support/?106304 ___ Message sent via/by Savannah http://savannah.gnu.org/
[Savannah-help-public] [sr #106304] Bug spam from logged in spammers?
Follow-up Comment #2, sr #106304 (project administration): I continue to receive comment spam in GNU grep's bug tracking from registered users. This is becoming increasing annoying not only for the maintainer, but for all members of bug-grep list that gets notifications of changes to the bug tracking. Any suggestions on how to deal with the situation? ___ Reply to this item at: http://savannah.gnu.org/support/?106304 ___ Message sent via/by Savannah http://savannah.gnu.org/
[Savannah-help-public] [sr #106304] Bug spam from logged in spammers?
Follow-up Comment #1, sr #106304 (project administration): I second this request. I've been getting a lot of spam recently on GNU grep project. We have the bug comments connected to the mailing list, resulting in mailing list spam as well. ___ Reply to this item at: http://savannah.gnu.org/support/?106304 ___ Message sent via/by Savannah http://savannah.gnu.org/
