Closed Bug 1078178 Opened 10 years ago Closed 8 years ago

repeated spamming on addon review

Categories

(addons.mozilla.org Graveyard :: Public Pages, defect)

Product:
addons.mozilla.org Graveyard
Component:
Public Pages
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED WORKSFORME

People

(Reporter: michel.gutierrez, Unassigned)

Details

Attachments

(1 file)

from review notifications: showing 113 dates/times when this spam occured
12.14 KB, text/plain
Details 
User Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:32.0) Gecko/20100101 Firefox/32.0
Build ID: 20140830210550

Steps to reproduce:

a user registered on addons.mozilla.org and named "Charlie Guella", posted 113 times the exact same review, between May 10th and now, advertizing for a commercial competitor product "Houlo Video Downloader".


Actual results:

After reporting the review and an amo editor removes it, the same review comes back a few minutes, sometime a few hours later. This cycle happened ~40 times.


Expected results:

After repeated abuses, the spamming reviewer should be blocked as a user and/or on his IP.
The guy keeps posting his spam everyday, sometimes several times a day, to ensure being at the top of the reviews.
I see he slightly changed his name from "Charlie Guella" to "Charlie Guoelia" but the review text remains the same.
Is it possible to filter out this spam based on the review text containing "houlo", the commercial product the spammer is advertizing for ?
We don't have filters on review content (other than some URL detection). We have blacklist for usernames, and I have already blacklisted some variants of this username. However, that probably won't stop them.

One possibility would be to extend the name blacklist to review content. After looking at the current blacklist, it looks like it's doable without affecting normal posts.
Status: UNCONFIRMED → NEW
Ever confirmed: true
Hey Jorge,

Did you make any progress on this ?

The guy keeps spamming the VDH reviews several times a day.

Thanks.
We've been deleting those accounts as we encounter them. However, making any changes on AMO at present is very difficult due to limited dev resources. Only a few bugs are fixed on every monthly cycle, so it might take a while before this is fixed.
Would it be doable to give me the rights to delete those spams (and only those ones) on my own ? I would write a script to remove them automatically so they wouldn't stay for hours polluting the reviews list.
No, not even reviewers are able to delete reviews for their own add-ons.
Do you have any suggestion to fight that kind of spam that makes the whole addon review system useless ?
(In reply to Michel Gutierrez from comment #7)
> Do you have any suggestion to fight that kind of spam that makes the whole
> addon review system useless ?

Not without making changes on AMO, which is what this bug should be about. I don't see how this makes add-on reviews useless at all, though.
Well, it's that if potential addon users read a review that is biased by commercial inputs, having a review system lose its interest since reviews cannot be trusted. Even worse, since it looks like true entries, people don't know they cannot trust it.
I'm pretty sure a huge majority of users don't go beyond the 3 reviews displayed in the main addon page. Since the spamming guy ensures he is in at the first position in the list, this harms badly the review system.
The good news is that the guy has not been spamming anymore for several weeks.

The bad one is that he is now posting reviews saying the addon contains some malware.

Since Video DownloadHelper is a very popular addon on Firefox, it also affects Mozilla reputation.

Can we do something like blocking the IP address ?

Also, assuming you cannot give me his IP address for privacy reasons, is it possible for me to know at least what country/state it is from, so i can plan legal actions ?
I haven't checked if these reviews all come from the same IP address, but it wouldn't be difficult for the poster to just use a different one. As for this particular instance, it seems to originate from the US: http://whois.arin.net/rest/org/CORPO-6.html. I don't think we can share the IP address, though maybe we can if there's a legal reason.

It would be useful if you inform us of new reviews here, so we check if they come from the same place.
Thanks Jorge.
The guy is back under name "minettea" saying "TrojanDropper:Win32/Rotbrow.A detected by McAfee:  This add-on periodically connects to a couple of suspicious remote servers and downloads Spywares/Adwares."

Can you confirm it's the same or related IP ?
Different IP, this time from Vietnam.
He is using tor ? https://www.dan.me.uk/torcheck
This one now from "harry minskey": "This add-on upgrades itself without asking and installs malicious plugins in stealth mode. That's why some antivirus software does not block this type of assault in the first place."
Korea this time. None of them TOR nodes.
From "Amanuel56": "I would if I can give this add-on a 0 star. Used for a month but yesterday when I scan my PC, a Win32/Spy.SpyEye.B was detected in this add-on. BEWARE!!! Try other add-ons!"
From "elkan2": "VORSICHT: Trojan:Win32/Sirefef.P"
"Das add-on versucht ständig Trojaner auf meinem Computer zu installieren während man es verwendet. Finger weg von dem Programm!"
Product: addons.mozilla.org → addons.mozilla.org Graveyard
That spamming campaign has stopped about one year ago. Time to close that bug.
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: