1110205 - Heavy spam attacks on MDN over the last two weeks

Status: RESOLVED DUPLICATE of bug 1109994

(developer.mozilla.org Graveyard :: User management, task)

Description

[Jean-Yves Perrier [:teoli]]

We had 3 large spam attacks over the last two weeks.

About 10 account creation each time and defacement of pages with links to external websites.

We count 0.5d of work by an admin each time.

We need to analyze the attack and see what are the minimum set of action to take to fight them.

I'll start by listing the involved account and timing. A few questions: do they log in via Persona or Github. Is there an IP pattern? Is there an e-mail pattern?

(Marking this bug as security sensitive as we don't want the spammer to know what we know about her).

Comment 1

[Jean-Yves Perrier [:teoli]]

List of account used by the spammer:
(in reverse order of banning)
dianalolla
androiddrom
LiveStreaming
wraewefr
kalangan
polsen
redbull
lejetwerkengwa91
dian
hajar
joutioph
kkopet
danggit
robinvp
brunalimadias692
inah
Tukul
marjorieconcepcionsantana1412
irani
murdoc
kirstenfilemonsen322
trouuais
niowriaf
thikaipr
felic
Rossadiana
wedhus
Parno29
romanakupresak368
Reidhild
Lamella
atika
cobaaja
teijalenkkeri2465
isabel
PAMELA13
awetwae
soa713
janetlogin66
geordieshore79
SoaS713
lejetwerkengwa87
evie
jayeshmitra
razu01764900015
calistungpitak
neccabawa
lejetwerkengwa90
kousakio
1nici1
danikapatrick103
tritrouk
jmenez71
talk2talk
greenleave14
watsons
zerone
Panji_Engineering (may be different this one)
samboe

Comment 3

[Will Kahn-Greene [:willkg] ET needinfo? me]

For bugs that are resolved, we remove the security flag. These haven't had their flag removed, so I'm removing it now.