2016-07-28

Fedora PSA: Why is my account listed as spamcheck_* (Updated)

In my previous post I talked about the fact that Fedora infrastructure has been undergoing a large amount of spam that caused us to put in extra circuit breaker programs to try and slow down the account creation and web spam. After 3 months of constant attrition, we eventually had to change the policy on the wiki that people with new accounts could not open up web pages without being sponsored by an existing group. That caused an immediate drop in web spam, and 12 hours later a drop in account creation. However not a cessation in either of them which has made it not possible to remove the circuit breakers. My guess is that some amount of accounts are being stockpiled for if the wiki permissions are made open again so that they can start putting wiki spam in. 


Above we have a link for account creation for 2016. Normally we see spikes during convention shows and such but in March we saw a large number of accounts created.. many of which were not used until June. At this point the accounts were flagged as spam when pages created had various "Quickbooks", "Norton Antivirus", "Cheap Electricity" or "Emergency Printer Support" pages created on the wiki and one of the circuit breakers tagged the account to lock down. Other accounts created by the same IP address were never used so my guess is that accounts were forgotten or were to be used for some other "campaign" in the future. 

If you do find your account to be listed as spamcheck_denied or spamcheck_manual, you can contact admin@fedoraproject.org and please list the following information:
  1. The email address you used for creating the account. [We have a lot of people who use one account name for account creation and another to report the problem. This makes tracking down the account info easier for us.]
  2. The account name you requested.
  3. If possible the IP address you used when creating the account. The website icanhazip is extremely useful here.
We may request other information that you inputted to try and confirm that it is you requesting the spamcheck cleanup. 

No comments: