2016-07-28

Fedora PSA: Why is my account listed as spamcheck_* (Updated)

In my previous post I talked about the fact that Fedora infrastructure has been undergoing a large amount of spam that caused us to put in extra circuit breaker programs to try and slow down the account creation and web spam. After 3 months of constant attrition, we eventually had to change the policy on the wiki that people with new accounts could not open up web pages without being sponsored by an existing group. That caused an immediate drop in web spam, and 12 hours later a drop in account creation. However not a cessation in either of them which has made it not possible to remove the circuit breakers. My guess is that some amount of accounts are being stockpiled for if the wiki permissions are made open again so that they can start putting wiki spam in. 


Above we have a link for account creation for 2016. Normally we see spikes during convention shows and such but in March we saw a large number of accounts created.. many of which were not used until June. At this point the accounts were flagged as spam when pages created had various "Quickbooks", "Norton Antivirus", "Cheap Electricity" or "Emergency Printer Support" pages created on the wiki and one of the circuit breakers tagged the account to lock down. Other accounts created by the same IP address were never used so my guess is that accounts were forgotten or were to be used for some other "campaign" in the future. 

If you do find your account to be listed as spamcheck_denied or spamcheck_manual, you can contact admin@fedoraproject.org and please list the following information:
  1. The email address you used for creating the account. [We have a lot of people who use one account name for account creation and another to report the problem. This makes tracking down the account info easier for us.]
  2. The account name you requested.
  3. If possible the IP address you used when creating the account. The website icanhazip is extremely useful here.
We may request other information that you inputted to try and confirm that it is you requesting the spamcheck cleanup. 

2016-07-04

Fedora PSA: Why is my new Fedora account listed as spamcheck_waiting or spamcheck_denied?


The Fedora Project is currently undergoing a massive spam account creation and insertion problem. In the month of June, we saw over 14,000 accounts created just to put in various Quickbook and Antivirus scam web pages in order to get higher SEO search rankings in various search engines. There have also been some malicious pdf and docx files uploaded which would have potentially harmed people. The groups behind these campaigns have shown themselves to be organized and are using teams of people to solve various captchas and other "I am a human" tests to create more accounts.

The amount of spam caused several parts of the project to actually get delisted from various search engines with warnings that we needed to clean up the pages. However the amount of spam being created was more than our usual scripted cleanups as various pages would not be found until the next google or bing crawl. [I spent this weekend cleaning up pages from late 2015 and early 2016 which finally got 'used' and showed up in weblogs.]

Due to the nature of this, Fedora Infrastructure has had to implement multiple circuit breakers to slow down registration and web page creation to try and cut down the amount of bad accounts and webpages being inserted.  Like any diagnostics test, it is not infallible and produces both  false positives and false negatives.

In the case of false negatives, we eventually will get alerted by someone looking through the wikis and finding the spam we weren't able to find. In the case of false positives, we have closed an account for a bad review of the account.

If you have gotten spamchecked, please email admin@fedoraproject.org, and we will review the logs to see why this happened. This will take time however as we have found that most of the requests for review are now coming from the spam account openers.

I am sorry for the delay and problems this last 2 month's have become a "Tragedy of the Commons" where a small set of people have taken up a large amount of resources for their own benefit.

[For more details on the statistics and the various circuit breaker programs written, please look forward to various future blogs from various members of the Fedora Infrastructure.]