Fedora PSA: Why is my new Fedora account listed as spamcheck_waiting or spamcheck_denied?

The Fedora Project is currently undergoing a massive spam account creation and insertion problem. In the month of June, we saw over 14,000 accounts created just to put in various Quickbook and Antivirus scam web pages in order to get higher SEO search rankings in various search engines. There have also been some malicious pdf and docx files uploaded which would have potentially harmed people. The groups behind these campaigns have shown themselves to be organized and are using teams of people to solve various captchas and other "I am a human" tests to create more accounts.

The amount of spam caused several parts of the project to actually get delisted from various search engines with warnings that we needed to clean up the pages. However the amount of spam being created was more than our usual scripted cleanups as various pages would not be found until the next google or bing crawl. [I spent this weekend cleaning up pages from late 2015 and early 2016 which finally got 'used' and showed up in weblogs.]

Due to the nature of this, Fedora Infrastructure has had to implement multiple circuit breakers to slow down registration and web page creation to try and cut down the amount of bad accounts and webpages being inserted.  Like any diagnostics test, it is not infallible and produces both  false positives and false negatives.

In the case of false negatives, we eventually will get alerted by someone looking through the wikis and finding the spam we weren't able to find. In the case of false positives, we have closed an account for a bad review of the account.

If you have gotten spamchecked, please email admin@fedoraproject.org, and we will review the logs to see why this happened. This will take time however as we have found that most of the requests for review are now coming from the spam account openers.

I am sorry for the delay and problems this last 2 month's have become a "Tragedy of the Commons" where a small set of people have taken up a large amount of resources for their own benefit.

[For more details on the statistics and the various circuit breaker programs written, please look forward to various future blogs from various members of the Fedora Infrastructure.]

No comments: