Spam attacks

[Eric Shepherd]

We have begun to be hit by what are clearly automated, bot-driven spam attacks. We need to figure out how to prevent this, or at least to make it harder than it is now. Do we have a way to get IP information for individual edits and/or users? What else can we do to help track them down and prevent them from striking again?

We’ve had to become incredibly vigilant the last few days; it’s not pretty. And on top of everything else, they’re overriding the entire page, replacing MDN with their own site content, but hosted on our wiki. That’s way, way bad.

Eric Shepherd
Developer Documentation Lead
Mozilla Developer Network <https://developer.mozilla.org/>
Blog: http://www.bitstampede.com/
<http://www.bitstampede.com/>Twitter: http://twitter.com/sheppy <http://twitter.com/sheppy>

[Saurabh Nair]

>
> What else can we do to help track them down and prevent them from striking
> again?

Wikipedia must definitely have faced this before, so I wonder if we could
get some insights from them about how they tackled it.

- jsx

On Thu, Dec 11, 2014 at 1:41 PM, Eric Shepherd <eshe...@mozilla.com>
wrote:

> _______________________________________________
> Mdn-drivers mailing list
> Mdn-d...@lists.mozilla.org
> https://lists.mozilla.org/listinfo/mdn-drivers
>

[Eric Shepherd]

Their biggest tool is the IP block, which we haven't implemented yet. We always knew the day would come when we couldn't delay any longer. I suspect that day has arrived. :)

Eric Shepherd
Developer Documentation Lead
Mozilla

Twitter/IRC: sheppy
Blog: http://www.bitstampede.com

[Will Bamberg]

Until this is fixed, should we consider temporary mitigation, e.g.
blocking new account creation?

[Luke Crouch]

We can't ban by IP address from the app code, but we can certainly ban
by IP address at the network level.

I've updated the bug [1] with asks for a list of the pages affected so
that WebOps can check the logs and ban the IP range.

-L

[1] https://bugzilla.mozilla.org/show_bug.cgi?id=1109994

--
Q: Why is this email five sentences or less?
A: http://five.sentenc.es

[Jean-Yves Perrier]

Can you cc us admins so that we can give the information we have?

"Prenez soin des minutes, les heures prendront soin d'elles-mêmes."
P.D. Stanhope (4e baron de Chesterfield, 1694-1773)

[Luke Crouch]

Added :teoli, :wbamberg, :chrismills, :fscholz, and :sheppy

-L

[Jean-Yves Perrier]

Thanks a lot!

[Saurabh Nair]

A new kind of spam has started appearing among MDN revisions. If you have
been checking the revisions dashboard, you would have noticed several edits
from the same user, but without any change to the content.

In addition to the revisions dashboard, if you have subscribed to pages,
you might have got several email with subject "[MDN] Page 'Tutorials'
changed by Username" and such.

This is the list of such users I got this morning:

https://developer.mozilla.org/en-US/dashboards/revisions?user=jensen
https://developer.mozilla.org/en-US/dashboards/revisions?user=morello
https://developer.mozilla.org/en-US/dashboards/revisions?user=jscape
https://developer.mozilla.org/en-US/dashboards/revisions?user=shneeple
https://developer.mozilla.org/en-US/dashboards/revisions?user=fenster
https://developer.mozilla.org/en-US/dashboards/revisions?user=rogerxas
https://developer.mozilla.org/en-US/dashboards/revisions?user=joemix
https://developer.mozilla.org/en-US/dashboards/revisions?user=Penny
https://developer.mozilla.org/en-US/dashboards/revisions?user=LoTD

Collectively, they have created hundreds of revisions in the past few
hours, making it hard to spot vandalizing edits. A pattern among the edits
is that most of the edits are only seconds apart - usually around 20 edits
in the same minute.

- jsx

On Thu, Dec 11, 2014 at 9:58 PM, Jean-Yves Perrier <jype...@gmail.com>
wrote:

[Ali Spivak]

Yup. I've been banning away since I saw it about 30 minutes ago.

I also opened a bug asking opsec to block the IP address.
https://bugzilla.mozilla.org/show_bug.cgi?id=1121832

ali spivak
Manager, MDN Community & Content
asp...@mozilla.com

[Sebastian Zartner]

Can the histories of these articles be cleaned up once they are blocked?

Also I think bug 812157
<https://bugzilla.mozilla.org/show_bug.cgi?id=812157> should finally be
fixed in order to avoid empty revisions.

Sebastian

[Jean-Yves Perrier]

I think that deleting these accounts will make the edition goes away.
Didn't tried it myself though.

These spammers are annoying: I got 200 e-mail this morning :-( I'm
subscribed to quite a few high-profile pages they touch.

Jean-Yves Perrier
Senior Technical Writer / Mozilla Developer Network

[Sebastian Zartner]

I assume there is no automatic deletion as it needs to be smart enough to
keep real editions coming after them untouched.
Though I'm ready for a surprise. :-)

Sebastian

[Jean-Yves Perrier]

This I don't know, I've never used this feature.

But as we don't store the diff, we store the revision. My (educated)
guess that it won't cure the page, just remove the revision (and any
change would appear to have been done in the next revision of a page).

That's why it is a tool to use with great caution (and why i didn't dare
touch it yet).

--
Jean-Yves

On 15/01/2015 08:25, Sebastian Zartner wrote:
> I assume there is no automatic deletion as it needs to be smart enough
> to keep real editions coming after them untouched.
> Though I'm ready for a surprise. :-)
>
> Sebastian
>
> On 15 January 2015 at 08:58, Jean-Yves Perrier <jype...@gmail.com

> <mailto:jype...@gmail.com>> wrote:
>
> I think that deleting these accounts will make the edition goes away.
> Didn't tried it myself though.
>
> These spammers are annoying: I got 200 e-mail this morning :-( I'm
> subscribed to quite a few high-profile pages they touch.
>
>
> On 15/01/2015 06:37, Sebastian Zartner wrote:
> > Can the histories of these articles be cleaned up once they are
> blocked?
> >
> > Also I think bug 812157
> > <https://bugzilla.mozilla.org/show_bug.cgi?id=812157> should
> finally be
> > fixed in order to avoid empty revisions.
> >
> > Sebastian
> >
> > On 15 January 2015 at 07:00, Ali Spivak <asp...@mozilla.com

> <mailto:asp...@mozilla.com>> wrote:
> >
> >> Yup. I've been banning away since I saw it about 30 minutes ago.
> >>
> >> I also opened a bug asking opsec to block the IP address.
> >> https://bugzilla.mozilla.org/show_bug.cgi?id=1121832
> >>
> >>
> >>
> >> On Wed, Jan 14, 2015 at 9:50 PM, Saurabh Nair

> <sau...@rebugged.com <mailto:sau...@rebugged.com>>

> <jype...@gmail.com <mailto:jype...@gmail.com>>

> >>> sau...@rebugged.com <mailto:sau...@rebugged.com>>

> >>>> wrote:
> >>>>>>>>>>>>>> Wikipedia must definitely have faced this before, so I
> >> wonder
> >>>> if we
> >>>>>>>>>>>>>> could get some insights from them about how they
> tackled it.
> >>>>>>>>>>>> _______________________________________________
> >>>>>>>>>>>> Mdn-drivers mailing list
> >>>>>>>>>>>> Mdn-d...@lists.mozilla.org

> <mailto:Mdn-d...@lists.mozilla.org>

> >>>>>>>>>>>> https://lists.mozilla.org/listinfo/mdn-drivers
> >>>>>>>>>> _______________________________________________
> >>>>>>>>>> Mdn-drivers mailing list
> >>>>>>>>>> Mdn-d...@lists.mozilla.org

> <mailto:Mdn-d...@lists.mozilla.org>

> >>>>>>>>>> https://lists.mozilla.org/listinfo/mdn-drivers
> >>>>>> -- "Prenez soin des minutes, les heures prendront soin
> >> d'elles-mêmes."
> >>>>>> P.D. Stanhope (4e baron de Chesterfield, 1694-1773)
> >>>>>> _______________________________________________ Mdn-drivers
> mailing
> >>> list
> >>>>>> Mdn-d...@lists.mozilla.org

> <mailto:Mdn-d...@lists.mozilla.org>

> >>>>>> https://lists.mozilla.org/listinfo/mdn-drivers
> >>>>>>
> >>>>
> >>>> --
> >>>> "Prenez soin des minutes, les heures prendront soin
> d'elles-mêmes."
> >>>> P.D. Stanhope (4e baron de Chesterfield, 1694-1773)
> >>>>
> >>>> _______________________________________________
> >>>> Mdn-drivers mailing list
> >>>> Mdn-d...@lists.mozilla.org

> <mailto:Mdn-d...@lists.mozilla.org>

> >>>> https://lists.mozilla.org/listinfo/mdn-drivers
> >>>>
> >>> _______________________________________________
> >>> Mdn-drivers mailing list
> >>> Mdn-d...@lists.mozilla.org

> <mailto:Mdn-d...@lists.mozilla.org>

> >>> https://lists.mozilla.org/listinfo/mdn-drivers
> >>>
> >>
> >>
> >> --
> >> ali spivak
> >> Manager, MDN Community & Content

> >> asp...@mozilla.com <mailto:asp...@mozilla.com>

> >> _______________________________________________
> >> Mdn-drivers mailing list
> >> Mdn-d...@lists.mozilla.org

> <mailto:Mdn-d...@lists.mozilla.org>

> >> https://lists.mozilla.org/listinfo/mdn-drivers
> >>
> > _______________________________________________
> > Mdn-drivers mailing list

> > Mdn-d...@lists.mozilla.org <mailto:Mdn-d...@lists.mozilla.org>

[Luke Crouch]

I've deleted all revisions by a user locally and saw things break in bad
ways. :( The issue is that every revision has a "based_on" field pointing
to the previous revision for a doc. [1]

To enforce referential integrity, deleting models via django admin site
attempts to also delete any other models that reference the one you're
deleting.

So, deleting revisions would potentially delete other revisions that are
"based_on" the deleted on, and it will cascade all the way up to the most
recent revision of the doc.

Basically, we need to short-circuit the default delete behavior of the
django admin site before we can safely delete all revisions from a user.

-L

[1] https://github.com/mozilla/kuma/blob/master/kuma/wiki/models.py#L1637

On Thu, Jan 15, 2015 at 2:31 AM, Jean-Yves Perrier <jype...@gmail.com>
wrote:

> https://lists.mozilla.org/listinfo/mdn-drivers
>

[Jannis Leidel]

> On 15 Jan 2015, at 14:35, Luke Crouch <lcr...@mozilla.com> wrote:
>
> I've deleted all revisions by a user locally and saw things break in bad
> ways. :( The issue is that every revision has a "based_on" field pointing
> to the previous revision for a doc. [1]
>
> To enforce referential integrity, deleting models via django admin site
> attempts to also delete any other models that reference the one you're
> deleting.
>
> So, deleting revisions would potentially delete other revisions that are
> "based_on" the deleted on, and it will cascade all the way up to the most
> recent revision of the doc.

That's only the case for the way that code is written. Django allows setting different behaviors, see https://docs.djangoproject.com/en/1.4/ref/models/fields/#django.db.models.ForeignKey.on_delete

[Janet Swisher]

Having the ability to lock pages
(https://bugzilla.mozilla.org/show_bug.cgi?id=925964) would help
mitigate this type of attack.

>>> wrote:
>>>>>>>>>>>>> Wikipedia must definitely have faced this before, so I wonder
>>> if we
>>>>>>>>>>>>> could get some insights from them about how they tackled it.
>>>>>>>>>>> _______________________________________________
>>>>>>>>>>> Mdn-drivers mailing list
>>>>>>>>>>> Mdn-d...@lists.mozilla.org

>>>>>>>>>>> https://lists.mozilla.org/listinfo/mdn-drivers
>>>>>>>>> _______________________________________________
>>>>>>>>> Mdn-drivers mailing list
>>>>>>>>> Mdn-d...@lists.mozilla.org
>>>>>>>>> https://lists.mozilla.org/listinfo/mdn-drivers

>>>>> -- "Prenez soin des minutes, les heures prendront soin d'elles-mêmes."
>>>>> P.D. Stanhope (4e baron de Chesterfield, 1694-1773)
>>>>> _______________________________________________ Mdn-drivers mailing
>> list
>>>>> Mdn-d...@lists.mozilla.org
>>>>> https://lists.mozilla.org/listinfo/mdn-drivers
>>>>>
>>>
>>> --
>>> "Prenez soin des minutes, les heures prendront soin d'elles-mêmes."
>>> P.D. Stanhope (4e baron de Chesterfield, 1694-1773)
>>>
>>> _______________________________________________
>>> Mdn-drivers mailing list
>>> Mdn-d...@lists.mozilla.org

>>> https://lists.mozilla.org/listinfo/mdn-drivers
>>>
>> _______________________________________________
>> Mdn-drivers mailing list
>> Mdn-d...@lists.mozilla.org
>> https://lists.mozilla.org/listinfo/mdn-drivers
>>
>
>

--
Janet Swisher <mailto:jREMOVE...@mozilla.com>
Mozilla Developer Network <https://developer.mozilla.org>
MDN Community Manager