repeated spamming on addon review

RESOLVED WORKSFORME

Status

addons.mozilla.org Graveyard
Public Pages
RESOLVED WORKSFORME
3 years ago
2 years ago

People

(Reporter: Michel Gutierrez, Unassigned)

Tracking

Details

Attachments

(1 attachment)

(Reporter)

Description

3 years ago
Created attachment 8500307 [details]
from review notifications: showing 113 dates/times when this spam occured

User Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:32.0) Gecko/20100101 Firefox/32.0
Build ID: 20140830210550

Steps to reproduce:

a user registered on addons.mozilla.org and named "Charlie Guella", posted 113 times the exact same review, between May 10th and now, advertizing for a commercial competitor product "Houlo Video Downloader".


Actual results:

After reporting the review and an amo editor removes it, the same review comes back a few minutes, sometime a few hours later. This cycle happened ~40 times.


Expected results:

After repeated abuses, the spamming reviewer should be blocked as a user and/or on his IP.
(Reporter)

Comment 1

3 years ago
The guy keeps posting his spam everyday, sometimes several times a day, to ensure being at the top of the reviews.
I see he slightly changed his name from "Charlie Guella" to "Charlie Guoelia" but the review text remains the same.
Is it possible to filter out this spam based on the review text containing "houlo", the commercial product the spammer is advertizing for ?
We don't have filters on review content (other than some URL detection). We have blacklist for usernames, and I have already blacklisted some variants of this username. However, that probably won't stop them.

One possibility would be to extend the name blacklist to review content. After looking at the current blacklist, it looks like it's doable without affecting normal posts.
Status: UNCONFIRMED → NEW
Ever confirmed: true
(Reporter)

Comment 3

3 years ago
Hey Jorge,

Did you make any progress on this ?

The guy keeps spamming the VDH reviews several times a day.

Thanks.
We've been deleting those accounts as we encounter them. However, making any changes on AMO at present is very difficult due to limited dev resources. Only a few bugs are fixed on every monthly cycle, so it might take a while before this is fixed.
(Reporter)

Comment 5

3 years ago
Would it be doable to give me the rights to delete those spams (and only those ones) on my own ? I would write a script to remove them automatically so they wouldn't stay for hours polluting the reviews list.
No, not even reviewers are able to delete reviews for their own add-ons.
(Reporter)

Comment 7

3 years ago
Do you have any suggestion to fight that kind of spam that makes the whole addon review system useless ?
(In reply to Michel Gutierrez from comment #7)
> Do you have any suggestion to fight that kind of spam that makes the whole
> addon review system useless ?

Not without making changes on AMO, which is what this bug should be about. I don't see how this makes add-on reviews useless at all, though.
(Reporter)

Comment 9

3 years ago
Well, it's that if potential addon users read a review that is biased by commercial inputs, having a review system lose its interest since reviews cannot be trusted. Even worse, since it looks like true entries, people don't know they cannot trust it.
I'm pretty sure a huge majority of users don't go beyond the 3 reviews displayed in the main addon page. Since the spamming guy ensures he is in at the first position in the list, this harms badly the review system.
(Reporter)

Comment 10

3 years ago
The good news is that the guy has not been spamming anymore for several weeks.

The bad one is that he is now posting reviews saying the addon contains some malware.

Since Video DownloadHelper is a very popular addon on Firefox, it also affects Mozilla reputation.

Can we do something like blocking the IP address ?

Also, assuming you cannot give me his IP address for privacy reasons, is it possible for me to know at least what country/state it is from, so i can plan legal actions ?
I haven't checked if these reviews all come from the same IP address, but it wouldn't be difficult for the poster to just use a different one. As for this particular instance, it seems to originate from the US: http://whois.arin.net/rest/org/CORPO-6.html. I don't think we can share the IP address, though maybe we can if there's a legal reason.

It would be useful if you inform us of new reviews here, so we check if they come from the same place.
(Reporter)

Comment 12

3 years ago
Thanks Jorge.
(Reporter)

Comment 13

3 years ago
The guy is back under name "minettea" saying "TrojanDropper:Win32/Rotbrow.A detected by McAfee:  This add-on periodically connects to a couple of suspicious remote servers and downloads Spywares/Adwares."

Can you confirm it's the same or related IP ?
Different IP, this time from Vietnam.
(Reporter)

Comment 15

3 years ago
He is using tor ? https://www.dan.me.uk/torcheck
(Reporter)

Comment 16

3 years ago
This one now from "harry minskey": "This add-on upgrades itself without asking and installs malicious plugins in stealth mode. That's why some antivirus software does not block this type of assault in the first place."
Korea this time. None of them TOR nodes.
(Reporter)

Comment 18

3 years ago
From "Amanuel56": "I would if I can give this add-on a 0 star. Used for a month but yesterday when I scan my PC, a Win32/Spy.SpyEye.B was detected in this add-on. BEWARE!!! Try other add-ons!"
(Reporter)

Comment 19

3 years ago
From "elkan2": "VORSICHT: Trojan:Win32/Sirefef.P"
"Das add-on versucht ständig Trojaner auf meinem Computer zu installieren während man es verwendet. Finger weg von dem Programm!"
(Assignee)

Updated

2 years ago
Product: addons.mozilla.org → addons.mozilla.org Graveyard
(Reporter)

Comment 20

2 years ago
That spamming campaign has stopped about one year ago. Time to close that bug.
Status: NEW → RESOLVED
Last Resolved: 2 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.