Spam account #1293

jessienab commented 2023年09月18日 02:47:20 +02:00

Hi there, there seems to be a spam account here:
https://codeberg.org/arwana388slotgacor

Spam post that I noticed was here:
teddit/teddit#400 (comment)

Hopefully this is an acceptable place to report this, possibly faster than emailing.
Thank you!

Hi there, there seems to be a spam account here: https://codeberg.org/arwana388slotgacor Spam post that I noticed was here: https://codeberg.org/teddit/teddit/issues/400#issuecomment-1159040 Hopefully this is an acceptable place to report this, possibly faster than emailing. Thank you!

HexagonCDN commented 2023年09月18日 07:50:11 +02:00

I have emailed two spams to Codeberg Abuse. But I haven't received any replies so I will also copy paste here.

Spammer on Codeberg/Community #696 issue

Me: #696 (comment)
Me: The repo still isn’t removed yet. https://codeberg.org/elguet/first/issues
Codeberg Moderation: The user was simply re-recreated after it was deleted.
Me: The user was simply re-recreated after it was deleted.
Me: The persistent spammer has just recreated the account again today! We should do something else to remove the spammer for real!
Me: Maybe ban that IP and that username for a while.
Me: No actions have been done yet. And elguet is still hosting ever-increasing trash vile issues.

Another issue tracker flooded with spam issues

Me: https://codeberg.org/neuhalje/bouncy-gpg/issues
Me: If you are interested, I found this issue tracker from a forum spammer that appeared in "codeberg spam" search query. https://kythuatphancung[dot]vn/forum/index[dot]php?/topic/56919-what-are-the-benefits-of-buying-bitsoft360-ai/
Me: However, DON'T delete the repo owner's account. From my check, this is a legit account.

I have emailed two spams to Codeberg Abuse. But I haven't received any replies so I will also copy paste here. ## Spammer on Codeberg/Community #696 issue _Me:_ https://codeberg.org/Codeberg/Community/issues/696#issuecomment-1117078 _Me:_ The repo still isn’t removed yet. https://codeberg.org/elguet/first/issues _Codeberg Moderation:_ The user was simply re-recreated after it was deleted. _Me:_ The user was simply re-recreated after it was deleted. _Me:_ The persistent spammer has just recreated the account again today! We should do something else to remove the spammer for real! _Me:_ Maybe ban that IP and that username for a while. _Me:_ No actions have been done yet. And `elguet` is still hosting ever-increasing trash vile issues. ## Another issue tracker flooded with spam issues _Me:_ https://codeberg.org/neuhalje/bouncy-gpg/issues _Me:_ If you are interested, I found this issue tracker from a forum spammer that appeared in "codeberg spam" search query. `https://kythuatphancung[dot]vn/forum/index[dot]php?/topic/56919-what-are-the-benefits-of-buying-bitsoft360-ai/` _Me:_ However, DON'T delete the repo owner's account. From my check, this is a legit account.

n0toose commented 2023年09月18日 09:45:33 +02:00

When in doubt, tag @moderation. (Moderation team, please take a look at the original post <3)

https://codeberg.org/neuhalje/bouncy-gpg/issues

This case is known - the bot(s) presumably went to the oldest repository with open issues and started spamming the tracker.

When in doubt, tag @moderation. (Moderation team, please take a look at the original post <3) > https://codeberg.org/neuhalje/bouncy-gpg/issues This case is known - the bot(s) presumably went to the oldest repository with open issues and started spamming the tracker.

fnetX commented 2023年09月18日 21:59:54 +02:00

There is currently no way to prevent recreation of spam accounts. We are handling all reports sent to the inbox, but we do not actively participate in discussions there - there is no time to discuss our workflows or speculate about the source of spam with everyone individually. This is where issue trackers are made for.

The bouncy-gpg repo is continously filled with spam. You can see that there are currently 500 open issues, and the issue index is at 11896. So we already removed more than 10k issues in this repo.

There is currently no way to prevent recreation of spam accounts. We are handling all reports sent to the inbox, but we do not actively participate in discussions there - there is no time to discuss our workflows or speculate about the source of spam with everyone individually. This is where issue trackers are made for. The bouncy-gpg repo is continously filled with spam. You can see that there are currently 500 open issues, and the issue index is at 11896. So we already removed more than 10k issues in this repo.

HexagonCDN commented 2023年09月19日 08:10:12 +02:00

There is currently no way to prevent recreation of spam accounts.

I thought we can ban IPs and usernames temporarily like Wikipedia?

> There is currently no way to prevent recreation of spam accounts. I thought we can ban IPs and usernames temporarily like Wikipedia?

HexagonCDN commented 2023年09月19日 08:21:24 +02:00

The bouncy-gpg repo is continously filled with spam. You can see that there are currently 500 open issues, and the issue index is at 11896. So we already removed more than 10k issues in this repo.

Since the repo is inactive for years, maybe just disable creating issues on that repo?

> The bouncy-gpg repo is continously filled with spam. You can see that there are currently 500 open issues, and the issue index is at 11896. So we already removed more than 10k issues in this repo. Since the repo is inactive for years, maybe just disable creating issues on that repo?

HexagonCDN commented 2023年09月19日 11:22:28 +02:00

Let's change "sing_up" to "sing_down"! :D

Let's change "sing_up" to "sing_down"! :D

fnetX commented 2023年09月19日 11:31:15 +02:00

I thought we can ban IPs and usernames temporarily like Wikipedia?

The software has no built-in support. we need to manually grep them from the access logs, then go to the reverse proxy, add a banlist there, and reload. We do it for mass-actions like scaping / crawling when we cannot identify the source and consider the speed to be rude, but these spam bots do way too few requests to be visible by the traffic alone.

> I thought we can ban IPs and usernames temporarily like Wikipedia? The software has no built-in support. we need to manually grep them from the access logs, then go to the reverse proxy, add a banlist there, and reload. We do it for mass-actions like scaping / crawling when we cannot identify the source and consider the speed to be rude, but these spam bots do way too few requests to be visible by the traffic alone.

macfanpl commented 2023年09月20日 13:53:13 +02:00

@fnetX I think this is what you need. Implement it server-wide and just focus on what matters to you/CB/whoever.

@fnetX I think [this](https://www.crowdsec.net/) is what you need. Implement it server-wide and just focus on what matters to you/CB/whoever.

n0toose commented 2023年09月21日 02:29:08 +02:00

I think that the scope of this issue is getting way too broad - I have issued an update to our instructions to better explain how reports should be dealt with and the implementation-specific recommendations would better work in repositories like Codeberg/Contributing instead.

The general problem has been acknowledged, the overall problem is a big deal for us and the OP's concerns have been dealt with. Closing.

I think that the scope of this issue is getting way too broad - I have issued an update to our instructions to better explain how reports should be dealt with and the implementation-specific recommendations would better work in repositories like `Codeberg/Contributing` instead. The general problem has been acknowledged, the overall problem is a big deal for us and the OP's concerns have been dealt with. Closing.

HexagonCDN commented 2023年09月21日 07:28:36 +02:00

I think that the scope of this issue is getting way too broad

I think the scope is to remove these two spammers permanently:

1. https://codeberg.org/neuhalje/bouncy-gpg/issues
2. https://codeberg.org/elguet/first/issues

> I think that the scope of this issue is getting way too broad I think the scope is to remove these two spammers _permanently_: 1. https://codeberg.org/neuhalje/bouncy-gpg/issues 2. https://codeberg.org/elguet/first/issues

ashimokawa commented 2023年09月21日 15:19:29 +02:00

I deleted both (EDIT: all) of them including all their issues and comments

I deleted both (EDIT: all) of them including all their issues and comments

HexagonCDN commented 2023年09月21日 15:59:23 +02:00

To prevent eulget from coming back, I had taken their username! >:)
After 1 year, they hopefully will give up getting back the username, then I will delete the account.

To prevent eulget from coming back, I had taken their username! >:) After 1 year, they hopefully will give up getting back the username, then I will delete the account.

crystal commented 2023年09月21日 16:28:07 +02:00

I very much doubt that they particularly care about the username. If your only goal is to post SEO spam, which username you get is completely irrelevant.

I very much doubt that they particularly care about the username. If your only goal is to post SEO spam, which username you get is completely irrelevant.

HexagonCDN commented 2023年09月21日 16:51:06 +02:00

@crystal But will it make their lives a bit more dificult as they can’t copy-paste the same username again? Many old spam links they have posted will break.

@crystal But will it make their lives a bit more dificult as they can’t copy-paste the same username again? Many old spam links they have posted will break.

crystal commented 2023年09月21日 17:51:30 +02:00

It really won't. I'm not sure about that specific account, but most of the links that are being posted point to some external site. In most cases, any username will do for spam, so they can just mash the keyboard and be back in business in no time at all.

EDIT: Even if the links they're posting lead back to their own profile, they can easily use any text editor's find and replace function to swap it out in the bodies of text that they're pasting. My point is, it is completely trivial to workaround.

It really won't. I'm not sure about that specific account, but most of the links that are being posted point to some external site. In most cases, any username will do for spam, so they can just mash the keyboard and be back in business in no time at all. EDIT: Even if the links they're posting lead back to their own profile, they can easily use any text editor's find and replace function to swap it out in the bodies of text that they're pasting. My point is, it is completely trivial to workaround.

macfanpl commented 2023年09月21日 22:36:38 +02:00

they?

@crystal you sure these are 2 different people? Are they real people even? Cannot be that there are (were) bots and - once banned here - will appear elsewhere?

Whoever/whatever it was, I highly recommend using software I posted link to in my prev post. Ive been using it on all my servers (both VPS and physical) for well over 5 years and I have not seen single spamming person/bot. Seriously.

> they? @crystal you sure these are 2 different people? Are they real people even? Cannot be that there are (were) bots and - once banned here - will appear elsewhere? Whoever/whatever it was, I highly recommend using software I posted link to in my prev post. Ive been using it on all my servers (both VPS and physical) for well over 5 years and I have not seen single spamming person/bot. Seriously.

crystal commented 2023年09月21日 23:20:59 +02:00

you sure these are 2 different people? Are they real people even? Cannot be that there are (were) bots and - once banned here - will appear elsewhere?

????????? I never made any such implication. I suspect that this work is being distributed among a number of human click workers, but that is entirely irrelevant. "They" is, in fact, not exclusively a group pronoun. It can also refer to a single person of indeterminate gender, which was how I was using it in that context.

P.S. They're seriously not bots. Human labor is very inexpensive in some parts of the world and every indication points to this spam coming from humans using human web browsers. See #1297

Additionally, I think blocking a massive swath of IP addresses/ranges is something Codeberg wants to avoid doing.

> you sure these are 2 different people? Are they real people even? Cannot be that there are (were) bots and - once banned here - will appear elsewhere? ????????? I never made any such implication. I suspect that this work is being distributed among a number of human click workers, but that is entirely irrelevant. "They" is, in fact, not exclusively a group pronoun. It can also refer to a single person of indeterminate gender, which was how I was using it in that context. P.S. They're seriously not bots. Human labor is very inexpensive in some parts of the world and every indication points to this spam coming from humans using human web browsers. See #1297 Additionally, I think blocking a massive swath of IP addresses/ranges is something Codeberg wants to avoid doing.