Talk:Spam blacklist/Archives/2009-12

Add topic
Active discussions

Proposed additions

  This section is for completed requests that a website be blacklisted

studyguide.com.vn





plus 3 others

Spammed on en and vi with the creation of multiple pages solely to house links and citations to studyguide.com.vn. See WikiProject Spam item. MER-C 13:58, 23 November 2009 (UTC)

  Added. --Finn Rindahl 14:18, 23 November 2009 (UTC)

Two more URL shorteners

Moved from the #Discussion section. Format adapted. —Dferg (disputatio) 17:52, 24 November 2009 (UTC)




I doubt these two are in wide use (or whether they offer reliable service), but suggest to blacklist nonetheless. If you need help with Hebrew, let me know (preferably on HE WP). Odedee 01:10, 24 November 2009 (UTC)

  Added Huib talk 14:26, 26 November 2009 (UTC)

gratisweb.com



It has been reported today on the Spanish Wikipedia Technical Village Pump that this site may contain viruses, trojans and other kind of malware capable to compromise the security of the computer. I checked on various sites (Google, Symantec and Malwaredomainlist) and I got the same security warnings on all of them. In a preventive step I have blacklisted the whole domain on es.wikipedia pending further investigation. I request a review on this site to consider if blacklisting is possible (I know that malware IS a reason for global blacklisting, I need just some outside views on this case). Thank you for your attention. —Dferg (disputatio) 19:14, 26 November 2009 (UTC)

  Added Huib talk 11:04, 27 November 2009 (UTC)

xlurl.de



url shortener
see e.g. w:de:WP:SBL#xlurl.de.2C_pokerstrategy.com.   Added -- seth 14:33, 28 November 2009 (UTC)

abqo.com



URL shortener. MER-C 11:51, 30 November 2009 (UTC)

  Added Huib talk 17:20, 30 November 2009 (UTC)

online-betting.me.uk













More spamming from a known cross-wiki spammer. See WikiProject Spam item. MER-C 03:05, 5 December 2009 (UTC)

  Added  — Mike.lifeguard | @en.wb 15:32, 13 December 2009 (UTC)

neilsonrabelo.blogspot.com



spammed by



--Erwin 08:23, 8 December 2009 (UTC)

  Added. --Erwin 08:24, 8 December 2009 (UTC)

pawel72.republika.pl





Personal site spammed cross-wiki.  — Mike.lifeguard | @en.wb 23:09, 9 December 2009 (UTC)

  Added  — Mike.lifeguard | @en.wb 23:09, 9 December 2009 (UTC)

More Matrikon redirect spam



redirect to matrikonOPC



redirects to matrikonanalytics



redirect



redirect





6 more Spam redirects to Matrikon inc. Persistant.en.wikipedia archive --Hu12 21:23, 11 December 2009 (UTC)

  Added Huib talk 13:21, 13 December 2009 (UTC)

A bunch of URL shorteners





URL shorteners. Pmlineditor  11:42, 12 December 2009 (UTC)

  Added Huib talk 13:15, 13 December 2009 (UTC)

link shortner



Temp to make my own regex ok. Huib talk 13:19, 13 December 2009 (UTC)

  Added Huib talk 13:19, 13 December 2009 (UTC)

ye-s.com

The following discussion is closed.


This site is used for phishing, links are added to various pages on Moneybookers, for instance here, here and here. Lymantria 07:47, 15 December 2009 (UTC)

Blocked as a URL shortener. —Pathoschild 07:59:30, 15 December 2009 (UTC)

pege.org





I'm not sure about this one. Massive link additions at en and de talk pages and in some articles. Afaics mostly en:user:Pege.founder (de:user:Pege.founder) added the links. Not all of the links seem to be in contrary to WP:EL.
discussions: w:en:user_talk:Pege.founder#Spam, w:de:user talk:Pege.founder#Werbung.2Fexterne_Links -- seth 11:55, 29 November 2009 (UTC)

I don't have enough time to walk through all global link additions, so I'll block the domain at de-wiki now. -- seth 14:06, 29 November 2009 (UTC)
I agree, only Pege.founder's additions are worrisome. I've reverted the rest. I don't think it needs to be blacklisted, but I will add to the monitor list.  — Mike.lifeguard | @en.wb 15:30, 13 December 2009 (UTC)
Closing as not done for now. Per Mike. — Dferg (disputatio) 14:01, 15 December 2009 (UTC)

goo.gl



Url shornener Track13 0_o 13:05, 15 December 2009 (UTC)

  Added  — Mike.lifeguard | @en.wb 01:13, 17 December 2009 (UTC)

Strange url shortener



I do not know what it is, but it works =): to/wiki → ru.wikipedia.org Track13 0_o 02:21, 22 November 2009 (UTC)

  • some browsers set .com as a default domain, use to./wiki Track13 0_o 14:17, 22 November 2009 (UTC)
  Added Huib talk 14:18, 22 November 2009 (UTC)
  • This regex is incorrect. It block's any link with (any boundary symbol)to(any boundary symbol), towards-to-taiwan.ru for example. Fix, please, or remove this entry from black list Track13 0_o 14:46, 25 November 2009 (UTC)
  Removed. To make the correct regexp. —Dferg (disputatio) 15:01, 25 November 2009 (UTC)
Thanks Dferg for the fix, sorry for the mistake. Huib talk 15:22, 25 November 2009 (UTC)
Hi! I don't habe much time for testing it, so I won't add the entry, but anybody, who has some time, could try this one:
(?<=://)to\.?/
i.e. 'any "to./" or "to/" that is preceeded by "://"'.
(?<=://) is a zero-width positive look-behind assertion (see php or perl manual), and it's needed here, because otherwise the whole tld ".to" and all "...-to" domains would be blocked. -- seth 21:10, 25 November 2009 (UTC)
I test this in local black list, at first look it works Track13 0_o 21:51, 25 November 2009 (UTC)

I'm unclear what's going on here - this doesn't seem to be related to any browser "helpfulness":

mikelifeguard@arbour:~$ wget -S to
--2009-12-02 01:22:21--  http://to/
Resolving to... 216.74.32.103
Connecting to to|216.74.32.103|:80... connected.
HTTP request sent, awaiting response... 
  HTTP/1.1 200 OK
  Date: Wed, 02 Dec 2009 05:22:22 GMT
  Server: Apache/1.3.27 (Unix)  (Red-Hat/Linux) mod_perl/1.26
  Connection: close
  Content-Type: text/html; charset=ISO-8859-1
Length: unspecified [text/html]
Saving to: `index.html'

    [ <=>                                   ] 727         --.-K/s   in 0s      

2009-12-02 01:22:21 (50.6 MB/s) - `index.html' saved [727]

mikelifeguard@arbour:~$ cat index.html 
<!DOCTYPE html
	PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
	 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en-US" xml:lang="en-US">
<head>
<title>TO. -- Get Shorty URL</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
</head>
<body>
<form method="post" action="/" enctype="multipart/form-data">
<table><tr><td>Enter a long URL:</td> <td><input type="text" name="url"  size="50" /></td></tr><tr><td>Enter an optional name:</td> <td><input type="text" name="name"  size="20" /></td></tr><tr><td>&nbsp</td> <td><input type="submit" name="'Witz that URL!" value="'Witz that URL!" /></td></tr></table></form>
</body>

 — Mike.lifeguard | @en.wb 05:25, 2 December 2009 (UTC)

Maybe it's DNS server helpfulness?
$ wget -S to
--2009-12-02 10:09:29--  http://to/
Resolving to... failed: Name or service not known.
wget: unable to resolve host address “to”
As you see it doesn't work for me. In any case, I wouldn't blacklist it for now. Wait and see if any problems arise and then start worrying about blacklisting. --Erwin 09:12, 2 December 2009 (UTC)
I'm guessing it's related to the to.net domain, of which I quote the index : "uURL enables you to use a very short web site (like TO.NET/1) to refer to sites that are difficult to type or require hundreds of keystrokes."
Sounds like an URLshortener to me...
(?<=://)to(?:\.(?:net)?)?/ would be an even better regex, since it will also rid us of the "full address" (all examples are to be immediately preceded by http://) :
  • to/
  • to./
  • to.net/
won't work
However, tonet (a swiss company selling DIY tools and products) will work (not sure that's a good idea, on second thought ...).
If we want to get rid of tonet.ch too, (?<=://)to\.?(?:net)?/ is the way to do.
Alphos [bother me] 08:33, 15 December 2009 (UTC)
(?<=://)to(?:\.(?:net)?)?/ is the same regexp as the one I mentioned above, but additionally it catches "to.net/", so I agree with Alphos. But we should not block "tonet", if there is no spam containing this. however, another possibility is using two regexps. -- seth 00:50, 17 December 2009 (UTC)
I'll block to.net and not worry about the other one.  — Mike.lifeguard | @en.wb 01:11, 17 December 2009 (UTC)
For the record, this is the .to top level domain (country code for Tonga), and yes, the bare top level domain is an URL shortener - see w:en:URL shortening#History for more on this. Gavia immer 02:41, 18 December 2009 (UTC)

rihannanow.fr.cr



massive xwiki spam, see User:COIBot/XWiki/rihannanow.fr.cr#Discussion as well as xwiki contribs of main ip (blocked by dungodung)

\brihannanow\.fr\.cr\b                 # ADMINNAME # {{sbl-diff|#}}; see [[User:COIBot/XWiki/rihannanow.fr.cr]]
  Added (via xwiki report). Thank you, — Dferg (disputatio) 18:53, 20 December 2009 (UTC)

funurl.com



url shortner, noticed on m:User:COIBot/XWiki/gp2xwiz.funurl.com James (T|C) 11:05, 20 December 2009 (UTC)

  Added vvvt 17:08, 20 December 2009 (UTC)

airsoft-cube.com





Crosswiki spam. Account globally locked. — Dferg (disputatio) 23:39, 20 December 2009 (UTC)

  Added — Dferg (disputatio) 23:40, 20 December 2009 (UTC)

casino.ru



Spammed by numerous IPs on Russian and Ukrainian Wikipedias. --Mercy 15:33, 23 December 2009 (UTC)

  Added — Dferg (disputatio) 21:13, 23 December 2009 (UTC)
Possibly related domains, not yet added:
















See contributions. — Dferg (disputatio) 21:37, 23 December 2009 (UTC)
  Added  — Mike.lifeguard | @en.wb 21:42, 26 December 2009 (UTC)

peoplesprimary.com



Reported as GNAA / LastMeasure browser crash exploit at enWP. Used for main page vandalism. JzG 10:54, 27 December 2009 (UTC)

  Added, thank you. Please revert if disagree. — Dferg (disputatio) 22:15, 27 December 2009 (UTC)
Thanks guys! Multixfer 02:47, 28 December 2009 (UTC)

Proposed removals

  This section is for archiving proposals that a website be unlisted.

cevennes-tourisme.fr



We've got a request on the fr-wp's admin requests page to remove this site from the blacklist... I don't really understand why it was blocked on the first place, as it is an official site belonging to the local chamber of commerce (Per whois.net : "contact: CHAMBRE COMMERCE ET D INDUSTRIE D ALES"), so a link is pertinent on fr:Cévennes and fr:Chambre de commerce et d'industrie d'Alès Cévennes, and the articles for the towns and local structures in the area... -Ash Crow 12:59, 26 November 2009 (UTC)

  Removed Huib talk 14:24, 26 November 2009 (UTC)

www.newskentei.jp



This is the official website for the article ja:ニュース時事能力検定.

We got a request at ja:MediaWiki talk:Spam-blacklist#www.newskentei.jp to remove this site from the blacklist. It is an official site of "The society for Testing News Proficiency" in Tokyo - was listed here because several IP users went on spamming in 2007 when this service was about to launch. Today this sevice has grown well known, I think this site may be de-listed now. And if spamming should begin again, we can now block it on our local Spam-blacklist. --miya 01:49, 29 November 2009 (UTC)
  Removed -- seth 11:33, 29 November 2009 (UTC)
Thank you.--miya 15:31, 29 November 2009 (UTC)

zoophilia.co.cc



Just wanted to add this as my personal website on my mediawiki profiles. I've no idea why it's blocked I've not long registered on here nor there. Friend of mine said it might be because the last owner might have used spam, but I haven't even got enough bandwidth to do that lol. Thanks, James — The preceding unsigned comment was added by James D Smith (talk)

  Comment - a user page isn't made for promotion for your own site. Huib talk 14:28, 26 November 2009 (UTC)
  Declined Huib talk 13:22, 13 December 2009 (UTC)

www.thesportsinterview.com



www.thesportsinterview.com is a maintained web site that features audio recordings of interviews, but thesportsinterview.com (without www) has been linkfarmed, which keeps me from citing the former at q:Michael Jackson. Can the list be modified to distinguish between the two? 05:05, 2 December 2009 (UTC)

Those are the same domain.  — Mike.lifeguard | @en.wb 05:18, 2 December 2009 (UTC)
No, they're not. They produce different pages. 22:02, 5 December 2009 (UTC)
You're wrong
mikelifeguard@arbour:~$ cd /tmp
mikelifeguard@arbour:/tmp$ wget thesportsinterview.com
--2009-12-09 19:20:21--  http://thesportsinterview.com/
Resolving thesportsinterview.com... 67.228.216.2
Connecting to thesportsinterview.com|67.228.216.2|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: unspecified [text/html]
Saving to: `index.html'

    [   <=>                                 ] 20,425      39.1K/s   in 0.5s    

2009-12-09 19:20:22 (39.1 KB/s) - `index.html' saved [20425]

mikelifeguard@arbour:/tmp$ wget www.thesportsinterview.com
--2009-12-09 19:20:32--  http://www.thesportsinterview.com/
Resolving www.thesportsinterview.com... 67.228.216.2
Connecting to www.thesportsinterview.com|67.228.216.2|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: unspecified [text/html]
Saving to: `index.html.1'

    [   <=>                                 ] 20,425      39.6K/s   in 0.5s    

2009-12-09 19:20:33 (39.6 KB/s) - `index.html.1' saved [20425]

mikelifeguard@arbour:/tmp$ diff index.html index.html.1 
357c357
< </html><!-- 1260400822 -->
\ No newline at end of file
---
> </html><!-- 1260400833 -->
\ No newline at end of file
mikelifeguard@arbour:/tmp$ 
The domains are the same, they refer to the same page.  — Mike.lifeguard | @en.wb 23:23, 9 December 2009 (UTC)
  Declined Huib talk 13:23, 13 December 2009 (UTC)

eu-football.info



The eu-football.info site is blacklisted, as I received a warning after trying to add a source to it. I asked a question at WP:Footy about it ([1]) which pointed me to this page. It appears to be a very good website in terms of reference content for football, and I would request that it be unlisted as spam. As far as I can gather from the links it was partly listed because one user added so much, but I don't think this a good reason to block. You will see from the Footy link that at least one other person tried to link to it. I'm not sure what the process is for removing sites from spam lists, but hope it can be done in this instance. Thanks. 82.6.118.35 12:12, 20 December 2009 (UTC)

This has been previously declined, though that doesn't mean that it will be declined this time. I think a local whitelisting will be the best option here. Pmlineditor  12:18, 20 December 2009 (UTC)
Thanks for swift response. What does whitelisting mean, and how would it work? How do I get my en.wiki name to show - do you need a new account for meta?
Hello. While there is a global blacklist to stop spam that affects multiple projects, malware, etc... every project has a local whitelist which allows you to circunvent the global blacklist. If you want to add the link on the English language Wikipedia, and you want to ask for whitelisting, please do so at en:MediaWiki talk:Spam-whitelist. I have reviewed the last request for de-blacklisting and I have to agree with Mike.lifeguard that local whitelisting would be the prefered solution, at least, for some time so I'm   declining this request. Best regards, — Dferg (disputatio) 15:04, 20 December 2009 (UTC)

examiner.com



Not sure why Examiner.com is blacklisted. Tried to add "http://www.examiner.com/x-14143-Orange-County-Conservative-Examiner~y2009m11d21-Glenn-Beck-at-the-Villages-Saturday-to-kick-of-2010-plan-to-preserve-the-Constitution-video" as a reference on The Villages wiki page, but came back as not saved because it was blacklisted as shown below.

"The following link has triggered a protection filter: http://www.examiner.com Either that exact link, or a portion of it (typically the root domain name) is currently blocked."

It is a news site, even has it's own section here in Wikipedia. Maybe I'm missing something?!What's the scoop? Thanks --WebDeb 06:12, 21 December 2009 (UTC)

This URL is not globally blacklisted, so we can not remove it. It is blacklisted on the English Wikipedia though, so I assume that's the project you were trying to edit. If so, you can request removal at w:en:MediaWiki_talk:Spam-blacklist#Proposed_removals. --Erwin 09:27, 21 December 2009 (UTC)

Troubleshooting and problems

  This section is for archiving Troubleshooting and problems.


Discussion

  This section is for archiving Discussions.

Mailinglist

Hi, Maybe a silly idea but is it a idea to create a mailinglist also for "co-ordination of activities related to maintenance of the blacklist" since not everybody uses IRC, it could be that Mail is the second best option to reach lot all the users active here.

Best regards, Huib talk 10:04, 23 November 2009 (UTC)

Well, it is sort of a problem that the activities related to maintenance of the blacklist to a large extend is coordinated via IRC - some user don't want to use IRC. But I do not see the need for a mailinglist, as there's practically nothing in my experience (no privacy issues etc) that can't be discussed onwiki if necessary. This is more a question of us #wikipedia-external-links regulars to be mindful that info/discussion where it's important to reach all should be posted onwiki and not just shared between whoever of us is on the channel at any given time. Finn Rindahl 12:15, 23 November 2009 (UTC)
I think talk pages on-wiki work just fine. --MZMcBride 19:08, 23 November 2009 (UTC)
Yeah, I don't see any need for a mailing list.  — Mike.lifeguard | @en.wb 05:20, 2 December 2009 (UTC)

Wikipedia:Requests for comment/Reliability of sources and spam blacklist

There is a discussion regarding the spam blacklist and the reliability of sources en:Wikipedia:Requests for comment/Reliability of sources and spam blacklist.--Hu12 21:43, 11 December 2009 (UTC)

Huh, people seem to be more sane than I predicted.  — Mike.lifeguard | @en.wb 15:51, 13 December 2009 (UTC)
Return to "Spam blacklist/Archives/2009-12" page.