Looks like we have a live one:

http://drupal.org/user/355147

Good luck!

--Tom

Comments

tgeller’s picture

I should have been paying more attention: Almost all users who with the terms "Dutch" or "French" listed in their "Interest" fields are spammers.

http://drupal.org/profile/interest/Dutch
http://drupal.org/profile/interest/French

Fortunately, they all seem to overlap, and will only have to be removed once. I'll do the task if I'm given the access level.

tgeller’s picture

Moreso: To catch virtually all profile spammers, check http://drupal.org/profile/interest/Sex .

bonobo’s picture

There's a LOT of spam related with these folks -- just clicking on any link at random from the profile linked to in this issue brings up a slew of other spam users -- for example: http://drupal.org/profile/interest/porn+actress

swentel’s picture

Wow, it's a mess indeed, blocked a few allready, I'll do more later.

killes@www.drop.org’s picture

Status: Active » Postponed (maintainer needs more info)

I think I got most of them.

swentel’s picture

Status: Postponed (maintainer needs more info) » Fixed

List in #6 all blocked, thx.

nancydru’s picture

Status: Fixed » Active

I see lots more.

oadaeh’s picture

Every profile in http://drupal.org/profile/interest/porn is spam.
Many of them listed in http://drupal.org/profile/interest/mp3 are, as well.

swentel’s picture

Everyone interested in p*rn is blocked

oadaeh’s picture

There's another one. There has to be a better way to keep this from happening, than to manually delete them everytime they show up.

gerhard killesreiter’s picture

lyricnz did start a module to help against this problem:

http://drupal.org/project/check_profile

Thee are two issues inthe queue that need fixing....

tgeller’s picture

Could Mollom be of some help? Considering the connection between drupal.org and mollom.com, this would be an ideal testbed for them.

http://www.mollom.com
http://drupal.org/project/mollom

Is there anyone here who could comment officially, or bring this to their attention?

BioALIEN’s picture

@tgeller, mollom is still a pile of mess at this stage. The issue queue is growing and a lot of problems need to be ironed out before it should be considered ready.

check_profile looks like a good solution in our never ending combat against spam.

Everyone interested in p*rn is blocked (again). Should we be banning such users or deleting them in this case?

dman’s picture

This is funny. In a sad way. http://drupal.org/profile/interest/mp3 is filling up again.
Don't we have captcha on the sign-up? Surely that is well-tested enough?

second-guessing them is interesting...
Ringtones ? http://drupal.org/user/341809
Viagra? http://drupal.org/user/350807
... but I never knew dww was interested in Cialis! ;-)

oadaeh’s picture

@dman: no, there is no captcha setup for account creation. Get on the Check Profile band wagon, as that is the path Gerhard is persuing.

dman’s picture

Hm. I think it addresses a different problem.
Canning 'bad words' is a really outdated way of fighting spam. I even listed a false positive above!

And the real problem is preventing bogus registrations, which is why I thought captcha would be more appropriate.
So I'm not on that wagon.

tgeller’s picture

"Canning 'bad words' is a really outdated way of fighting spam."

Agreed, although it works for the current situation until something better occurs.

An insight: The point of this particular sort of spam is to create links back to the original page, thereby showing it as "popular" in search engines in relation to the words given. So there are two factors the spammer is counting on: (a) the ability to link back to the original page, and (b) the ability to associate that page with the words given. This approach attacks (b).

dman’s picture

I really can't see which badwords filter would have prevented
http://drupal.org/user/359895
from doing his thing.

I found him thorough a random search for 'ringtones' - but not all ringtones folk are spammers, so avoid the false positives...

re #18 tgeller :
attacking factor B can't be made practical by blacklisting all words that anyone would possibly want to search... It's about more than porn.
I say raise the barrier for entry, not just try to clean up after them or moderate their behavior after letting them in.

someone plz del
transs-1
http://drupal.org/user/359895
and his brother
http://drupal.org/user/359902
and * sigh * the rest of the transs-* family
http://drupal.org/user/359901
http://drupal.org/user/359898

... these guys had different keyword lists, so I don't even know what search would have found the last two - I backtracked on userid instead after seeing transs-1 and transs-4 :-)

nancydru’s picture

Isn't it amazing that they can come up with those long lists without duplicating each other?

BioALIEN’s picture

Users in #19 all blocked.

dman’s picture

Thanks :-/
But it seems like any time any admin needs a bit of creative genocide they can lookup http://drupal.org/profile/interest/mp3 and go vigilante on their ass. There's gotta be hundreds out there. one in three d.o profiles I found was fake.

I think it's may be more effective to go after the pushers in their dens than chase footsoldiers around corners. By which I mean : bust the URLs being advertised rather than playing whack-a-mole with the users.

Considering the "Check Profile" suggestions, I'd be in favor of it if
- it (also) scanned on linked URLs, not (just) a few dictionary words.
- maybe participated in a realtime blackhole list (not sure about the big picture issues there)
- Instead of challenging the spammers to find ways through the bouncers at the door, we just nodded them through and then quietly herded them towards the "egress"
- it could run retroactively to clean up the existing mess.
some safeguards - like "older than a month and with zero actual posts" may be needed before the pogrom though.

... yes, I've posted those ideas directly against the check_profile queue.

killes@www.drop.org’s picture

dman: It is exactly my plan to scan for forbidden URLs not for just some random words. I actually have a patch for check_profile that I'll upload now.

gerhard killesreiter’s picture

Status: Active » Fixed

certain URLs are now forbidden to be used as homepage.

Anonymous’s picture

Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for two weeks with no activity.