Want to take part in these discussions? Sign in if you have an account, or apply for one below
Vanilla 1.1.10 is a product of Lussumo. More Information: Documentation, Community Support.
killed a spam page, now called spam
Was it called ’car-shipping’ before? I can still see it in my RSS reader, but I can’t edit it away. Author: ’Fred C’ 65.13.77.24
That’s the right author, and the only edit made by that author.
I’ve renamed the page spam: car-shipping to go along with our other four pages in this vein.
I was just wary of leaving that “car-shipping” in there, for clearly the whole point of that spammer was to have that term appear.
I can easily imagine spammers creating pages whose title we certainly don’t want to keep in any form. I spare you the evident details. So maybe we should think about a different convention. Maybe just number it as “spam 1”, “spam 2”, etc.?
I agree with Urs. Toby likes to be faithful to original content, even when the possibility that it is worthy to remember is very minor. This is very nice and caring, but I would be rather rude here, if asked.
That’s a good point, Urs.
I do like to preserve information, to the point that I’m annoyed at the people who caught spam: inner product and spam: ferrim within 30 minutes and blanked their history. (Maybe they would be useful to future historians of spam; or more reasonably, maybe they were false positives like this one.)
However, material that spammers want search engines to see should be in archive pages only. We’ve been doing that, except for the titles. By itself (without the spammer’s links), ‘car-shipping’ is probably fairly safe by itself, but we may as well start clearing out the titles too.
So I’ll Urs’s suggestion on names, and we can see how it works. See http://ncatlab.org/nlab/list/spam.
Seems to be 7 incidents of spamming on Recently Revised. Remind me how we get rid of them.
I do not understand. Recently revised is sort of ‘current’ so should react to other changes, not really be spammable itself? or am I missing something?
I meant that you can see the spam by looking at that page.
I looked but did not see. (After doing an edit myself I hit recently revised and now see what you mean. I will fix it. Ignore the rest of this as you know it already.)
My usual thing is to look at any suspicious entry then look at changes, and if they do not look correct to roll back one stage.
I noticed several new names changing small things but have not checked them all. I always look at anonymous cowards, except when the address IP number is identifiable with a named one (so someone forgot to change the little box!)
Sometimes my ‘suspicions’ are not justified… in fact more often than not.
The attack is continuing! I have not noted all the IP addreses as I am sure they can be retrieved from the system. Some at least seem fo be in France.
Up to ’empty 60’ that is nearly 20 attacks today. I guess that ’school’s out’ and teenagers are at their computers mucking about. Heigh ho. It only lasts a few months! It looks as if some group of ’kids’ across the world organised this.
In these cases of new spamming pages rather than spam in established pages, our proceedure has been to change the name to empty ‘number’ then delete the content (and any redirects) before submitting.
A new one ( 112.5.237.30) is chinese and seems to be basedin a corporation. It is a known spammer. empty 61 and 62 coming up!
Thanks, Tim, for looking after this. That’s much appreciated.
There is more come in recently, again some from that address. (Up to 72 now. That means 30 out of 72 this afternoon!!!!!!!!!!!!)
Sorry I should have said 73.
On empty 74, I realised that the page had been revised 40 times. The history is illuminating. It all centres on the Beijing spammer. Can someone have them blocked. I also looked at a later on message and in its history the text was changed between each one.
Can someone block the two or three addresses concerned before I turn in because otherwise there will be several hundred spam entries blocking things tomorrow morning.
block the two or three addresses
I haven’t been watching closely but the list seems to be larger
112.5.237.210 213.238.175.71 76.164.224.130 112.5.237.38 120.40.156.79 76.164.234.26 112.5.237.30 162.244.13.18
‘
Thanks Rod, but who can block them?
I have blocked the list of IP’s Rod helpfully provided, but it seems to be growing…
Thanks. This person with a Chinese IP has been reported to the spam watch sites see for instance: http://www.stopforumspam.com/ipcheck/112.5.237.210
who can block them?
Until someone who can does we should accumulate a list of the IPs here. (note I’ve wrapped the list with <pre>)
112.5.237.210 213.238.175.71 76.164.224.130 112.5.237.38 120.40.156.79 76.164.234.26 112.5.237.30 162.244.13.18 112.5.237.64 112.5.236.55 112.5.237.38 112.5.237.172 112.5.236.31 112.5.236.109 UPDATED
This would suggest blocking
112.5.237.* 112.5.236.* 213.238.175.71 76.164.224.130 76.164.234.26 120.40.156.79 162.244.13.18
Good thinking. But I doubt they will give up completely. I don’t see what they gain from it. It seems completely futile to me.
Everyone note that we now have close to 100 empty pages on which to write you new illuminating entries. (i.e. please use them if starting somethin rather than just hitting the usual keys!)
all of 112.5.237.* (and probably 112.5.236.*) should be blocked because the latest is 112.5.236.109
I don’t see what they gain from it.
The nLab is a high status site which means Google ranks links from it highly for searches. You can find many sites on the net that are moribund or non-vigilant about spam that are clogged with spam.
Thanks for all this.
Way back at the beginning of the nLab we used to block every address from one of these big publically available files that list known spamming addresses worldwide.
We removed that general block because it turned out that most of the IP addresses which I would get assigned when using my surfstick were on that list…
Maybe we will have to reinstall that big block file. But then I’ll be in trouble.
New spam from
173.61.194.56 173.77.165.72
since Googling those IPs says they are known proxies I would say it is in general OK to blacklist proxies from the nLab.
EDIT This new one isn’t listed as a proxy but it does have spam complaints
173.44.37.226
EDIT more with spam complaints
110.85.71.230 199.15.233.132
EDIT more
91.207.5.58 199.15.233.186 199.15.233.132 199.15.233.186 188.143.232.6 110.85.71.230
There is a page urs schreiber// which I cannot edit. Hitting the edit button just sends me back to the Home Page. Can someone with more access clear this? (In fact, some short time later, I find that that papge is not there any longer!)
up to 108 now.
I’ve blocked the new addresses. I’ve also attempted to block proxy’s, let’s see if that works (hopefully it doesn’t block any real people).
Thanks.
Adeel, when a user is blocked, he or she gets to see a message, right? (I seem to remember it’s something thoughtful as “You are not allowed to post here.”) Might you know how to make a message appear that says something more helpful, such as
“Unforturnately your IP address seems to look like one that is notorious for sending spam. If you are a genuine user then we apologize for the inconvenience and please ask you to report the problem here … on the nForum.”
Might that be possible?
Urs, something like that should be possible, I will look into it.
Thanks! But this has low priority. Please don’t feel pushed if you are too busy otherwise.
Another isolated case slipped through I renamed it empty 109.
New spam from 112.111.188.48 at dold-kan correspondence,
New spam
cartesian bicategory// by Josephfap? at July 22, 2014 07:24:54 from 94.102.56.210
category theory Required but will not be published sheaf&tbs=qdr:m&hl=zh-TW&ct=clnk by nike store ecuador? at July 22, 2014 07:23:45 from 117.26.198.135
Cantor by supra shoes society? at July 22, 2014 07:13:06 from 49.143.192.215
string theory FAQ means field is required oscillate&tbs=qdr:m&hl=zh-TW&ct=clnk by nike running dart 7? at July 22, 2014 07:10:14 from 117.26.198.135
Clearly related to yesterday’s attack. emptied and renamed empty 111 to 114
117.89.217.236 (Twice) CLEARED. Can you block this?
18 new spam messages this morning! Here goes …. .
A page john was edited by john? (62.210.78.209 ). I thought this part of the general attack and emptied it (as 127) but then realised the spammerhad not created a new page but had renamed the very old page of general disccusion summary that archived the debates before this forum existed. I therefore have renamed the page general discussion. (I could not see any old name.)
Some of these spammers are bots (but not all I think). Look at https://cleantalk.org/blacklists?record=ovyecnhpjna%40gmail.com
The number listed is one of the ones were are suffering from.
(Edit: by the way, the general discussion I mentioned earlier has alredy been spammed or rather General Discussion has been (re)created. I will try and fix this.)
Latest count 135 empty pages. (On Monday it was 42.)
Here is a list of some of the recent addresses.
27.159.220.57 175.44.29.47 27.150.203.233 117.26.198.135 27.150.203.233 117.26.198.135 182.245.141.97 216.244.81.250 27.150.203.233 175.44.58.130 202.199.240.236 27.150.203.233 27.150.203.233 27.150.203.233 80.82.64.118 117.26.198.135 58.22.79.152 116.24.82.204
The recurring numbers presumably refer to spambots, but just as with litter I supsect a spammed site attacts the solitary spammer as well.
Urs’s personal web now has a spammed page Laws. 38 versions already!
The spam attack seems to be a very active one. Personal pages are worth checking up on even if they are not used that much.
The attack on Urs is from what seems to be a spambot. The pattern is identical to several pages that were spammed earlier.
On following up some links I found the strange one: PrimeDeGold. I suggest this is scrapped.
Thanks to you two. Gee, we’re in trouble, it seems.
It may be necessary to move to a model where users must register with passwords etc., but in my experience even requiring email verification doesn’t stop (what appears to be) automated spamming.
Blocked the new addresses, and removed the proxy block (see http://nforum.mathforge.org/discussion/6119/national-university-of-singapore-blocked). Clearly we need a more long-term solution, I’ll think about this.
Urs. I don’t think we are in trouble. The attacks are from a small group of sites but are spambotted. There are a few others, but they can be handled. I wonder if we cannot ask if unregistered users edits be examined before added and the creation of new pages might be a bit more difficult for non-registered users.
I would like to see those sites reported to their providers so that they can be investigated and their lives made a bit more awkward.
So it turns out that it was just a bug introduced in the recent Instiki update (which fixed the cookie issue). Jacques was kind enough to let me know that another update is available, which re-implements the spam protection. I’ve applied that update now so I think things should be back to normal now!
There were two more now 139 and 140
@#52: Hoorah! I was getting worried.
… I was getting fed up! That was 98 new empty * entries in about one and a half days. I does not take long to shift them but it is not inspiring work!
@Tim #47: That's not a spammer, that's a crackpot, if I recall correctly. This username made another edit, although I can't find it now, since Authors times out. But it is a real person with real mathematical interests.
@Toby, you probably mean this: http://nforum.mathforge.org/discussion/1702/possible-spam-primedegold-and-theory-of-primes/.
Thanks, that lets me find the link that I really wanted: what this person did. My comment on their user page was in response to that.
1 to 58 of 58