Spam Attack on December 15th, 2010
The MuseScore.org forum suffered from a spam attack less than 12 hours ago. 600 spam comments were posted by a spam bot operated from Rusland with the IP address 89.163.39.37. The result was a flood of forum subscription emails being sent to users containing the spam. Sorry for everyone for the disturbance that may have caused.
Something has to be done against this and so two measurements are being put in place:
- Posts and comments from new users are now not send out anymore in subscription emails (a bug slipped in and eliminated a previous fix)
- There is a posting limit for new users which should prevent automated flooding of the forum with spam
Hopefully these anti spam measurements will be enough to control it for the time being. Thanks for your understanding and patience.
Comments
Out of curiosity, what defines a user as "new"?
In reply to Out of curiosity, what by ceegers
Good questiosn ;-) I will not publicly define what is 'new', to avoid that these spammers will adapt their scripts to it.
In reply to Not defining it by Thomas
So ... is there a Plan B?
In reply to So ... is there a Plan B? by [DELETED] 448831
....since it looks like another spam attack today, 12/25.
In reply to ....since it looks like by newsome
I'm not even sure if it's a plan B that we need, but rather, it appears plan A didn't work as intended... unless the posting limit is large... or is he not new?
In reply to I'm not even sure if it's a by ceegers
There has been indeed a new flood of comment spam. Could someone answer me on the following question: did you get any spam in your mail box? If so, how many?
The anti spam flood script is being improved as we speak.
In reply to A new iteration is needed by Thomas
Hi guys,
A fix is in place to prevent flooding. I can't get into a lot of details, but I could reproduce the problem which preventing the anti flooding script to work. I'm pretty confident that this fix will hold it for a while.
Thx for your understanding and happy holidays.
In reply to A new iteration is needed by Thomas
Ik heb tot nu toe +/- 150 spam mail binnen gekregen
FredPaul Vogel
In reply to A new iteration is needed by Thomas
I got 4 e-mails based on what he posted... a lot of what he posted on seemed to be old threads, so I'm not sure if there were more e-mails I would have gotten anyway, as I haven't been around that long.
I'm happy to say that not one single spam message was sent out via mail subscriptions in the past 2 weeks. So the anti spam measurements seem to be holding up. The number of spam posted in the forums has also dropped a lot. Great!
Thank you all for sticking with me.
In reply to No spam in the past 2 weeks by Thomas
Way to go Thomas. Thanks.
Regards,
In reply to Way by xavierjazz
..but occasionally (approx. twice a week) I receive from the forums a number of e-mail notifications for updates to my posts with no update inside.
I mean: in the e-mail there is my original post, all the paraphernalia of boilerplate links and notes present in all notifications and nothing else, no new post or answer or reply of any kind.
Anybody else noticed this?
Thanks for the effort in trying to keeping the forum clean! (Do these spammers have nothing more interesting to do than forcing other peoples to waist time on their crap?)
M.
In reply to Not sure if it the same thing... by Miwarre
Miwarre, Are you referring to forum posts or bug reports?
With bug reports, when the status changes from fixed to closed it sends an email that does not explain what happened and when you visit the web page the comment the changed the issue from fixed to closed is often hidden. I believe the emails would be better if they showed status changes (or title changes, etc.) or were not sent at all.
In reply to Miwarre, Are you referring to by David Bolton
Ok, thanks for bringing this up Miwarre. I confirm I get these as well in case of issue updates but I haven't payed to much attention to it. I'll have a look and try to fix it.
In reply to Miwarre, Are you referring to by David Bolton
Although I haven't noticed it recently, I believe that when I a spam comment is removed from a bug report I get an email. Again, the email does not explain what changed, (and probably isn't necessary).
In reply to Although I haven't noticed it by David Bolton
David: posts or issues? I think both; I cannot be 100% sure but I am rather confident.
Notification about issue status: I do not have an example to quote at hand, but I am pretty sure the notification sent when an issue changes of status DOES contain a line with the status change: rather INconspicuous but it is there (and now I know to look for it).
So, I still suspect, like David, that those no-contents notifications could be spurious notifications sent after spam removal.
Thanks,
M.