Community
Participate
Working Groups
I'm seeing an upsurge in spam bugs with bogus phone numbers. They are coming from fake users: e.g., https://bugs.eclipse.org/bugs/show_bug.cgi?id=502725, https://bugs.eclipse.org/bugs/show_bug.cgi?id=502761, https://bugs.eclipse.org/bugs/show_bug.cgi?id=502724. Two requests. First, can we make it so that Eclipse committers can actually *delete* bugs, or at least hide them from public search? We already have something like this for security bugs - we can mark a bug as being security-related and keep searches from finding it. Second, is there any way to make bugs posted by brand new users be provisional, in some way, so that not everyone can search them, or so that they need to be approved by an Eclipse committer before they become generally visible? Sort of like how many moderated forums work?
My knee-jerk reaction is to deny @gmail.com accounts, since all the spam comes from there. But otherwise, we're looking into it.
One thing though -- clearly the captcha process on the account creation form is easily circumvented.
See bug 442999 comment #370 also.
Two things(In reply to Noopur Gupta from comment #3) > See bug 442999 comment #370 also. Were the accounts really blocked? If so, it should be prevented that new accounts with such IDs can be created.
(In reply to Denis Roy from comment #2) > One thing though -- clearly the captcha process on the account creation form > is easily circumvented. Maybe asking an additional Eclipse related question out of a pool of questions could kill the bots.
(In reply to Walter Harley from comment #0) > First, can we make it so that Eclipse committers can actually *delete* bugs, > or at least hide them from public search? We are already dealing with such bugs by marking them as duplicates of bug 442999. The Webmaster is periodically removing all of duplicates so that they no longer exist in the bugzilla's database. See bug 442999 and its comments, the older ones contain bugs that no no longer exist, the newer ones will be soon deleted. If you want to delete the bugs you mentioned in comment 0, please mark them as duplicates of bug 442999 and wait for the Webmaster action. Not an ideal solution but at least spam bugs are gone for good.
Until we have a better solution: can we block all bug reports that have "skype" or "facebook" in the summary? That will already block a lot.
(In reply to Dani Megert from comment #7) > Until we have a better solution: can we block all bug reports that have > "skype" or "facebook" in the summary? That will already block a lot. + "hp" This is really creating a lot of noise and wastes time of our developers to mark spam bugs as spam.
Bugzilla doesn't have a blocking mechanism, so we'll have to bake something. Fully agree that SPAM is a waste of everyone's time.
Searching for "support number" in the text finds a lot of them: https://bugs.eclipse.org/bugs/buglist.cgi?list_id=15143712&longdesc=support%20number&longdesc_type=substring&order=bug_id%20DESC&query_based_on=&query_format=advanced (bugs opened after bug 462905). (Nice - yesterday, this same search turned up 139 bugs - today only 18. The eclipse webmasters have obviously been hard at work. Thanks! :) I was afraid to dup the spam bugs or mark them as invalid because I figured that was just one more way the spammers could get my email address. I agree that instead of captcha (how do bots pass a captcha? it is either a very bad captcha or there's a real person somewhere being paid to answer captchas for spammers) - for new eclipse bugzilla users it would be cool to have them answer Eclipse-related questions. :)
I wonder if there's any way to figure out who those phone numbers go to.
Oh, and right now it's back up to 40 bugs on that query. So, we're getting slammed.
In case it's helpful, here's the (current set of) emails that need to be blocked: meganfoxkaty@gmail.com lateasha95@p71ce1m.com error.s@accountant.com guppiegreen26@p71ce1m.com bh@r.kwcp.com btr@k.fido.be angelinaballack@gmail.com And here's the bugs (from the list of 40 mentioned on comment 12) that can be deleted. (In short, anything in the search that was opened after this bug). 503009 503008 502996 502995 502994 502993 502991 502990 502989 502988 502986 502984 502981 502980 502979 502978 502977 502976 502973 502970 502965 502958 502957 502956 502954 502953 502952 502951 502948 502943 502942 502941
Denis, Carolyn, I don't know if there's anything I can do to help but if there is, please let me know. Thanks!
Denis, currently every single spam bug needs to be manually marked as duplicate. Unfortunately, the 'Change Several Bugs at Once' feature does not allow to mark multiple bugs as duplicate. I assume you can't change that? If so, please consider to create a new dummy bugzilla user, e.g. spam@eclipse.org. Then, instead of marking bugs as duplicates, we can multi-assign several bugs at once to this user.
(In reply to Dani Megert from comment #15) Actually, Dani, the webmasters seem to have been able to completely delete the bugs. See, for example, bug 503009 and bug 503008 (etc) from comment 13. I think this is the best method, because if you dup or assign a bug, or change it to invalid, then your email address has the potential to go to the spammers. Oh man! The search in comment 10 gives 192 bugs today. Only the first 8 are valid and the previous batch was deleted, so that's 184 new spam bugs... and 21 of them were opened in the past hour. Argh! They are filling up my email inbox. At least I can recognize them from their title by now, so I just delete them. However, if there's any way to detect the source... what do people do about this type of thing? Call the CIA? <sad smile> Not sure if this bugzilla bug has anything helpful, but Denis, if you can think of anything that the bugzilla devs might be able to do to help out, I believe this is the bug to ping: https://bugzilla.mozilla.org/show_bug.cgi?id=380489#c4
I cant say for sure, but I don't think the feature of marking multiple bugs as duplicate can be added to the 'Change Several Bugs at Once' feature. In the meantime, I have added a dummy account spam@eclipse.org which can be used as the assignee for spam bugs.
(In reply to Derek Toolan from comment #17) > In the meantime, I have added a dummy account spam@eclipse.org which can be > used as the assignee for spam bugs. What will happen to such bugs? User which created it will be blocked and bug will be deleted? For testing, I assigned the user to Bug 503362.
(In reply to Carolyn MacLeod from comment #16) > (In reply to Dani Megert from comment #15) > Actually, Dani, the webmasters seem to have been able to completely delete > the bugs. See, for example, bug 503009 and bug 503008 (etc) from comment 13. > I think this is the best method, because if you dup or assign a bug, or > change it to invalid, then your email address has the potential to go to the > spammers. I know that. I suggested a better approach to mark them as spam. (In reply to Derek Toolan from comment #17) > I cant say for sure, but I don't think the feature of marking multiple bugs > as duplicate can be added to the 'Change Several Bugs at Once' feature. > > In the meantime, I have added a dummy account spam@eclipse.org which can be > used as the assignee for spam bugs. Thanks! I just marked 35 bugs as spam in 10 seconds!
Thanks for working on deleting those 184 bugs that the search found today. Only 45 left to go. ;) Derek, do we have you to thank? I kept the list of users from that search, to delete/block/whatever: vunarareki@cartelera.org ankurcoe11@gmail.com eliyanadcroz@gmail.com fejide@cartelera.org fhghh@polyfaust.com forrrsoomeee@yopmail.com forsomee@yopmail.com gfbdtgf@polyfaust.com gillyadam87@gmail.com jaima@pokemail.net jhon17wirte@gmail.com mahendrajavad1@gmail.com printerhelpline@gmail.com shanelatham1234@gmail.com singhpinkki@gmail.com spd@hasanmail.ml vev@linkedintuts2016.pw vunarareki@cartelera.org weqrtyui@yopmail.com william979done@gmail.com yexila@cartelera.org znesr@mailfs.com
(In reply to Carolyn MacLeod from comment #20) > Thanks for working on deleting those 184 bugs that the search found today. > Only 45 left to go. ;) If you know them, just use 'Change Several Bugs at Once' and assign to the new ID.
(In reply to Dani Megert from comment #19) > I know that. I suggested a better approach to mark them as spam. I actually prefer the "webmaster does the search and deletes the spam" approach. <g> a) It feels "cleaner" because the spam is completely gone, and b) as an added bonus, I don't have to do anything. <g> c) Plus, even though the spammers already harvested a list of email addresses when they opened the bug <sigh>, it feels like if I touch the bug in some way that sends out my email address again, that confirms that I am a live person - which makes my email address even more valuable.
(In reply to Carolyn MacLeod from comment #22) > (In reply to Dani Megert from comment #19) > > I know that. I suggested a better approach to mark them as spam. > > I actually prefer the "webmaster does the search and deletes the spam" > approach. <g> Me too, but not sure he has the bandwidth, and need some help from us. > a) It feels "cleaner" because the spam is completely gone, and He will do that with the ones marked as such. > b) as an added bonus, I don't have to do anything. <g> Yeah, we all would prefer that! :-)
Derek and Denis, is there a way to delete a list of bugs all at once? Are you working with the bugzilla devs to try to fix this in a better way? Are we considering moderating the first post so that spammers can't even get past the gate?
(In reply to Dani Megert from comment #23) > He will do that with the ones marked as such. They don't need to be marked. They show up in the search - that's the same as marking them.
I'm sourcing a qualified Bugzilla developer who can throw together a quick extension to intercept comments (including new bugs) if (submitter.postcount < X && bug.comment CONTAINS(regexp from some source) { bug.reject (with error) } else { bug.accept (yay) }
You could probably just exclude anything with a phone number in it. I wouldn't think we'd want to post even legitimate bugs that contain phone numbers.
*** Bug 504673 has been marked as a duplicate of this bug. ***
Please don't dup this bug with the spam bugs. That just puts the spammers on this bug's cc list.
If you must dup, please use bug 442999. Note that if you do, your email address will go out to the spammers, yet again. In fact, unless our valiant webmasters have done some special magic to the spam bug, your email address will go out to all of the spam email accounts that are cc'd on that bug, maximizing the chance for them to note your email address if they are monitoring any of the accounts. FYI.
Denis/Derek, you know how when someone opens a bug, bugzilla displays the following message: Bug ###### has been added to the database Email sent to: lovely-harvestable-list-of-email-addresses Excluding: additional-list of-harvestable-email-addresses (i.e. the sum of the 2 email lists == everybody on the project inbox) Is it possible to turn that message off for *all* newly-opened bugs? Maybe that's what these spammers are after. Maybe if they don't get that, then they don't get what they want and they go away? (I'm sure I'm being naive...) Of course, the solution you mentioned in comment 26 is much better. But until that is implemented, if turning off that message is possible, then maybe it might discourage them? [367-8 = 359 spam bugs on that search today. They're getting faster...]
Actually, I doubt that's what they're after; or at least, I doubt it's the primary target. If that's what they wanted, any random text would do fine in the bug contents. I think, rather, that this is for search optimization. They're trying to fool Google into redirecting legitimate searches for things like AVG tech support into going to their phone numbers instead. I assume the phone number then goes to a credit card scam. This is basically the inbound version of the "Hello, I am calling you because your computer is sending error messages" scam. The phone numbers in the spam bugs are fairly consistent, although I see some are being obfuscated with junk characters in between in order to foil simple regex blocking.
I'm raising this to critical. I had to get rid of 200 of those spam e-mails and many other probably had to do the same. Please delete all those spam bugzilla accounts and disable account creation until this is fixed. You could display a page which either only informs people about the issue or offers some manual way to create the account, e.g. via webmaster.
"[Bug 504696] Replace XWarpPointer/XTestFakeMotionEvent with pure gdk" went missing today so I assume it was removed as part of this spam cleanup. Can we get it back somehow?
> Please delete all those spam bugzilla accounts and disable account creation > until this is fixed. Agreed. We'll get something together ASAP. Webmaster will moderate new account creation until we can patch bugzilla.
(In reply to Denis Roy from comment #35) > > Please delete all those spam bugzilla accounts and disable account creation > > until this is fixed. > > Agreed. > > We'll get something together ASAP. Webmaster will moderate new account > creation until we can patch bugzilla. See bug 505388
(In reply to Walter Harley from comment #32) Interesting - makes sense. I'll bet you're right. (In reply to Dani Megert from comment #33) Thank-you, Dani. Excellent idea. (In reply to Denis Roy from comment #36) Thanks for the very fast response, Denis - awesome!
Raised Bug 507118 - About message before coming to this bug. Don't block emails (especially all from one domain), those users may be malware victims as well. And sometime the advertised contact (black marketing, e.g. see those companies do SPAMming) This also may be kind of DOS attack on Eclipse, e.g. make it harder to submit a bug and interact with authors. The reaction is to be the same. Just Eclipse accounts should be blocked, suspended, added SPAMMer badge, etc And new user should come through some are-you-human? capcha verification before it can post. And now should be a way to see that an account is blocked, suspended. Again, it may be old Eclipse user, who's email was used. So he/she should see a warning "your account is ..." when logged-in.
*** Bug 507549 has been marked as a duplicate of this bug. ***
*** Bug 508644 has been marked as a duplicate of this bug. ***
*** Bug 510563 has been marked as a duplicate of this bug. ***
On some of our other Bugzillas, we've installed a basic AntiSpam extension that will undo our need to moderate accounts. I'll deploy it to bugs.e.o tomorrow morning.
(In reply to Denis Roy from comment #42) > On some of our other Bugzillas, we've installed a basic AntiSpam extension > that will undo our need to moderate accounts. I'll deploy it to bugs.e.o > tomorrow morning. Great news! Thanks Denis!
I have to say that it has been really nice and quiet these past few months, and your moderation has been hugely appreciated. Thanks! You guys are awesome! :)
As the anti-spam plugin is now active I've removed moderation and the warning at the top of the page. If you do see spam bugs that aren't caught please let webmaster know and we'll clean up and extend the plugins rules. -M.
> I have to say that it has been really nice and quiet these past few months, > and your moderation has been hugely appreciated. Thanks! You guys are > awesome! :) We recognize it was a huge pain point. It's a tough act to balance. Thanks for your support. (In reply to Eclipse Webmaster from comment #45) > As the anti-spam plugin is now active I've removed moderation and the > warning at the top of the page. Matt, thank you for implementing a group-based moderation system rapidly so that everyone can return to some form of productivity, and Derek, thanks for your vigilance and persistent in keeping the house cleaned up.
(In reply to Carolyn MacLeod from comment #44) > I have to say that it has been really nice and quiet these past few months, > and your moderation has been hugely appreciated. Thanks! You guys are > awesome! :) I totally agree. Your efforts are highly appreciated!
Denis, I'm seeing an immediate uptick in spam bugs; this morning, 513082 and 513089 in my area. Are those just a glitch?
> Denis, I'm seeing an immediate uptick in spam bugs; this morning, 513082 and > 513089 in my area. Are those just a glitch? Hi Walter, the SPAM protection is nothing more than a series of regexp patterns... Please continue reporting bad bugs here, and we'll add the patters to have them blocked. We then delete bad bugs.
We've seen a serious spam attach today. Either moderation must be enabled again or some other protection must be put in place. I got over 2000(!) e-mails today. This time the bugs seemed to be created by a bot. Not sure about the account creation. Creating bugs via API should generally be disallowed and only allowed for certified partied like e.g. AERI.
Bugzilla has limited (and rudimentary) spam protection. We'll be upgrading to the latest Bugzilla soon, which will hopefully help. Currently, Bugzilla access through API is not permitted for specifically that reason.
(In reply to Denis Roy from comment #51) > Currently, Bugzilla access through API is not permitted for specifically > that reason. The bugs seemed to come in very fast. Didn't look like a human filed them.
(In reply to Dani Megert from comment #52) > The bugs seemed to come in very fast. Didn't look like a human filed them. It can easily be a Selenium script or something like that that interact with the Bugzilla HTML forms.
(In reply to Mickael Istria from comment #53) > (In reply to Dani Megert from comment #52) > > The bugs seemed to come in very fast. Didn't look like a human filed them. > > It can easily be a Selenium script or something like that that interact with > the Bugzilla HTML forms. Right.
We've solved this with the Bugzilla AntiSpam extension. It's not perfect but it does work.
(In reply to Denis Roy from comment #55) > We've solved this with the Bugzilla AntiSpam extension. It's not perfect but > it does work. Nice.
Are there instructions for reporting spam I can follow? See bug 533965 for context.
(In reply to Jonathan Nieder from comment #57) > Are there instructions for reporting spam I can follow? See bug 533965 for > context. Mark it as duplicate of bug 442999. This will delete the spam bug.
