There's a LOT of spam related with these folks -- just clicking on any link at random from the profile linked to in this issue brings up a slew of other spam users -- for example: http://drupal.org/profile/interest/porn+actress
@tgeller, mollom is still a pile of mess at this stage. The issue queue is growing and a lot of problems need to be ironed out before it should be considered ready.
check_profile looks like a good solution in our never ending combat against spam.
Everyone interested in p*rn is blocked (again). Should we be banning such users or deleting them in this case?
This is funny. In a sad way. http://drupal.org/profile/interest/mp3 is filling up again.
Don't we have captcha on the sign-up? Surely that is well-tested enough?
"Canning 'bad words' is a really outdated way of fighting spam."
Agreed, although it works for the current situation until something better occurs.
An insight: The point of this particular sort of spam is to create links back to the original page, thereby showing it as "popular" in search engines in relation to the words given. So there are two factors the spammer is counting on: (a) the ability to link back to the original page, and (b) the ability to associate that page with the words given. This approach attacks (b).
I found him thorough a random search for 'ringtones' - but not all ringtones folk are spammers, so avoid the false positives...
re #18 tgeller :
attacking factor B can't be made practical by blacklisting all words that anyone would possibly want to search... It's about more than porn.
I say raise the barrier for entry, not just try to clean up after them or moderate their behavior after letting them in.
... these guys had different keyword lists, so I don't even know what search would have found the last two - I backtracked on userid instead after seeing transs-1 and transs-4 :-)
Thanks :-/
But it seems like any time any admin needs a bit of creative genocide they can lookup http://drupal.org/profile/interest/mp3 and go vigilante on their ass. There's gotta be hundreds out there. one in three d.o profiles I found was fake.
I think it's may be more effective to go after the pushers in their dens than chase footsoldiers around corners. By which I mean : bust the URLs being advertised rather than playing whack-a-mole with the users.
Considering the "Check Profile" suggestions, I'd be in favor of it if
- it (also) scanned on linked URLs, not (just) a few dictionary words.
- maybe participated in a realtime blackhole list (not sure about the big picture issues there)
- Instead of challenging the spammers to find ways through the bouncers at the door, we just nodded them through and then quietly herded them towards the "egress"
- it could run retroactively to clean up the existing mess.
some safeguards - like "older than a month and with zero actual posts" may be needed before the pogrom though.
... yes, I've posted those ideas directly against the check_profile queue.
Comments
Comment #1
tgeller commentedI should have been paying more attention: Almost all users who with the terms "Dutch" or "French" listed in their "Interest" fields are spammers.
http://drupal.org/profile/interest/Dutch
http://drupal.org/profile/interest/French
Fortunately, they all seem to overlap, and will only have to be removed once. I'll do the task if I'm given the access level.
Comment #2
tgeller commentedMoreso: To catch virtually all profile spammers, check http://drupal.org/profile/interest/Sex .
Comment #3
bonobo commentedThere's a LOT of spam related with these folks -- just clicking on any link at random from the profile linked to in this issue brings up a slew of other spam users -- for example: http://drupal.org/profile/interest/porn+actress
Comment #4
swentel commentedWow, it's a mess indeed, blocked a few allready, I'll do more later.
Comment #5
killes@www.drop.org commentedI think I got most of them.
Comment #6
oadaeh commentedLooks like there are more:
http://drupal.org/user/354291
http://drupal.org/user/357387
http://drupal.org/user/357390
http://drupal.org/user/357405
http://drupal.org/user/357406
http://drupal.org/user/357407
http://drupal.org/user/357408
http://drupal.org/user/357411
http://drupal.org/user/357417
http://drupal.org/user/357453
http://drupal.org/user/357456
Comment #7
swentel commentedList in #6 all blocked, thx.
Comment #8
nancydruI see lots more.
Comment #9
oadaeh commentedEvery profile in http://drupal.org/profile/interest/porn is spam.
Many of them listed in http://drupal.org/profile/interest/mp3 are, as well.
Comment #10
swentel commentedEveryone interested in p*rn is blocked
Comment #11
oadaeh commentedThere's another one. There has to be a better way to keep this from happening, than to manually delete them everytime they show up.
Comment #12
gerhard killesreiter commentedlyricnz did start a module to help against this problem:
http://drupal.org/project/check_profile
Thee are two issues inthe queue that need fixing....
Comment #13
tgeller commentedCould Mollom be of some help? Considering the connection between drupal.org and mollom.com, this would be an ideal testbed for them.
http://www.mollom.com
http://drupal.org/project/mollom
Is there anyone here who could comment officially, or bring this to their attention?
Comment #14
BioALIEN commented@tgeller, mollom is still a pile of mess at this stage. The issue queue is growing and a lot of problems need to be ironed out before it should be considered ready.
check_profile looks like a good solution in our never ending combat against spam.
Everyone interested in p*rn is blocked (again). Should we be banning such users or deleting them in this case?
Comment #15
dman commentedThis is funny. In a sad way. http://drupal.org/profile/interest/mp3 is filling up again.
Don't we have captcha on the sign-up? Surely that is well-tested enough?
second-guessing them is interesting...
Ringtones ? http://drupal.org/user/341809
Viagra? http://drupal.org/user/350807
... but I never knew dww was interested in Cialis! ;-)
Comment #16
oadaeh commented@dman: no, there is no captcha setup for account creation. Get on the Check Profile band wagon, as that is the path Gerhard is persuing.
Comment #17
dman commentedHm. I think it addresses a different problem.
Canning 'bad words' is a really outdated way of fighting spam. I even listed a false positive above!
And the real problem is preventing bogus registrations, which is why I thought captcha would be more appropriate.
So I'm not on that wagon.
Comment #18
tgeller commented"Canning 'bad words' is a really outdated way of fighting spam."
Agreed, although it works for the current situation until something better occurs.
An insight: The point of this particular sort of spam is to create links back to the original page, thereby showing it as "popular" in search engines in relation to the words given. So there are two factors the spammer is counting on: (a) the ability to link back to the original page, and (b) the ability to associate that page with the words given. This approach attacks (b).
Comment #19
dman commentedI really can't see which badwords filter would have prevented
http://drupal.org/user/359895
from doing his thing.
I found him thorough a random search for 'ringtones' - but not all ringtones folk are spammers, so avoid the false positives...
re #18 tgeller :
attacking factor B can't be made practical by blacklisting all words that anyone would possibly want to search... It's about more than porn.
I say raise the barrier for entry, not just try to clean up after them or moderate their behavior after letting them in.
someone plz del
transs-1
http://drupal.org/user/359895
and his brother
http://drupal.org/user/359902
and * sigh * the rest of the transs-* family
http://drupal.org/user/359901
http://drupal.org/user/359898
... these guys had different keyword lists, so I don't even know what search would have found the last two - I backtracked on userid instead after seeing transs-1 and transs-4 :-)
Comment #20
nancydruIsn't it amazing that they can come up with those long lists without duplicating each other?
Comment #21
BioALIEN commentedUsers in #19 all blocked.
Comment #22
dman commentedThanks :-/
But it seems like any time any admin needs a bit of creative genocide they can lookup http://drupal.org/profile/interest/mp3 and go vigilante on their ass. There's gotta be hundreds out there. one in three d.o profiles I found was fake.
I think it's may be more effective to go after the pushers in their dens than chase footsoldiers around corners. By which I mean : bust the URLs being advertised rather than playing whack-a-mole with the users.
Considering the "Check Profile" suggestions, I'd be in favor of it if
- it (also) scanned on linked URLs, not (just) a few dictionary words.
- maybe participated in a realtime blackhole list (not sure about the big picture issues there)
- Instead of challenging the spammers to find ways through the bouncers at the door, we just nodded them through and then quietly herded them towards the "egress"
- it could run retroactively to clean up the existing mess.
some safeguards - like "older than a month and with zero actual posts" may be needed before the pogrom though.
... yes, I've posted those ideas directly against the check_profile queue.
Comment #23
killes@www.drop.org commenteddman: It is exactly my plan to scan for forbidden URLs not for just some random words. I actually have a patch for check_profile that I'll upload now.
Comment #24
gerhard killesreiter commentedcertain URLs are now forbidden to be used as homepage.
Comment #25
Anonymous (not verified) commentedAutomatically closed -- issue fixed for two weeks with no activity.