Talk:Spam blacklist

Camella Manors Spam WebsitesEdit

This took a bit of work, but pretty sure this is the comprehensive list of domains and users that have been spamming them on various articles. It's been primarily enwiki, but they've had a few trips to Commons as well as an attempted addition on metawiki. Not every domain listed has been crosswiki, just a few—because it's all part of the same crosswiki ring, though, I'm putting this here. It looks like a few of the domains are all in a similar IP range, possibly cloudflare; I'm not sure if something can be done with that. I've also left out a few users that are much older—the only accounts listed have (unless I messed up) edited in the last year or two.

Here's the best example of how the domains tend to be tied together (similar things happen in mainspace, too—mainly on en:Vista Land, but I can't easily see what pages they have made that have been deleted), and here's an example of what the most prolific uploader looked like on Commons (only one or two other users uploaded images on Commons).

I'm going to guess it would be worthwhile to look into global locks or CU'ing them, but I'll leave that decision up to someone else. Perryprog (talk) 01:52, 27 February 2021 (UTC)

Oh—and one other thought is this does seem like it could be fairly viable as a 🍯, as I wouldn't be surprised if the users behind these accounts just went to boring old text as advertisement instead of attempting to add backlinks everywhere. I'm not sure if that's a standard practice in this area, though. Perryprog (talk) 05:05, 27 February 2021 (UTC)

@Perryprog: I know that we are only seeing "after cleanup" results, though what we are seeing does not definitively indicate abuse; well not enough to put them into the global blacklist without a larger consensus. You can set COIBot to do some monitoring on the domains if that is of value to you.  — billinghurst sDrewth 05:50, 27 February 2021 (UTC)

Billinghurst, I'm not sure that I agree—the link spam is clearly deliberate, and there is definitely some socking or WFH meat-puppetry going on here. However, I am OK with waiting a bit to see how the group will decide to continue their efforts in order to have a more informed decision as to what preventative measures should be taken. Perryprog (talk) 17:33, 28 February 2021 (UTC)

You misunderstand my comment. I am saying that it is not evident that the editing is out of scope for all wikis. I am seeing some allowance at Commons, especially with an account that has over a million edits for a portion of the domains. So it could be that the abuse is only occurring at enWP, especially noting difference in policies around paid editing between enWP and Commons. So for that list to be globally blacklisted it needs more than enWP's say so and hence a broader consensus, or we need to pare it down.  — billinghurst sDrewth 18:20, 28 February 2021 (UTC)

@Billinghurst: what is recorded by COIBot on commons is all reverted or deleted, and obvious spam. I’ll dive a bit deeper in a bit. —Dirk Beetstra ^{T C} (en: U, T) 04:07, 1 March 2021 (UTC)

@Billinghurst and Perryprog: OK, so camilla.com.ph is linked from c:File:9990kfQuirino_HighwaySan_Josefvf_01.JPG, added in 2015 by user:Judgefloro. I however fail to see the utility of the link in itself, it is a website promoting the sale of land / property (in that area??), it is not the source of the image, it is not providing any more information about the area or content of the image (well, currently it redirects to the root of the domain). Fact is, that there are accounts like COHObyVistaLandofficial, Vistarecidences, and Vista Residences Inc that are spamming this. Blacklist, remove the stuff that is unneeded, and consider to whitelist the links that are really needed. --Dirk Beetstra ^{T C} (en: U, T) 12:54, 2 March 2021 (UTC)

Beetstra, sounds good. From my own investigation I am very doubtful that any of the links are needed (at least currently). Currently there's still similar types of spam happening on enwiki here. (Poor XLinkBot tried :(.) Perryprog (talk) 13:06, 2 March 2021 (UTC)

And the Commons community works out what links they do and do not want, and how to deal with an editor with 1.6M edits. They should also express their opinion on the domains to build that larger consensus. Nothing holding enWP up from blacklisting now.  — billinghurst sDrewth 13:12, 2 March 2021 (UTC)

Billinghurst, this is a bit interesting—I hadn't noticed those uploads by Judgefloro (and yes, I did misunderstand your earlier comment—sorry!), and that may indeed change things. The current links that seem to be legitimately used on Commons is the camella one and the goldenhaven one (see their respective major wiki search). I do see only one addition of a Commons upload from one of the users listed that also included an external link; the rest were just promotional by way of text or the image themselves. There's also the attempted page creation on meta at Lumina. That means there's really been just one external link addition each on Commons and meta that was actually by one of the user's listed, while the rest have been on enwiki. Perryprog (talk) 14:07, 2 March 2021 (UTC)

@Perryprog and Billinghurst: though I have very little hopes on spam that has already crossed the borders of one wiki, I would suggest that you report this to en.wikipedia's spam blacklist and we will see from there if that is enough. (Note, the page on meta was completely promotional). --Dirk Beetstra ^{T C} (en: U, T) 14:50, 2 March 2021 (UTC)

• Reply from Commons;

• Good afternoon from hereat Bulacan province of Philippines; hello and thanks for your visit and messages; please if you have time On Time, visit the most beautiful Philippines;

• I am Judge Florentino Floro a Senior Citizen of Philippines age 67;

• Even with my Total edit count: 1,705,316, please bear with with the fact that I don't have so fine knowledge of the Internet and Commons Information Technology;

• I just received your message last night and now is 2:00 p.m. Wednesday Philippine Time; I really do not understand ping and notifications except if I receive User Talk Page message;

• In My Categories Created to Category talk:Photographs by Judgefloro from January 2017 to * Category:Photographs created by Judgefloro : January-December, 2021 upon careful perusal of any of them, I usually support by Creation of Categories by Wikedia Links and or Internet sites; I just had one experience since 2010 that my edit was not succesful due to blocking of one Site or Link that I added;
• There are 2 reasons why I include links in addition to Wikipedia articles: a) first, to support the Notability of the Category Created; and b) to define the boundaries of Barangays, villages, with Wikimapia or Phiilppine Map Sites like PhilAtlas etc. and also in Meals or Foods, to educate the viewers about the correctness of my naming of the Cuisine;

• In this Camella Manors Spam Websites, particulary my portion photo of Category:Quirino Highway; allow me to explain that the only purpose of including the Camella Website is my problem of determining which Barangay of 59 Category:Barangays of San Jose del Monte City will I Categorize the instant photo considering that it is located on Boundary;

• And this is true for all Camellas that I photographed to wit:

• Revision as of 08:37, 30 December 2014 by Judgefloro (talk | contribs) (Create)

Category:Housing in the Philippines with Camela Orani, Bataan‎ (1 F) Camella Alfonso‎ (5 F) Camella Baliuag (Tangos, Baliuag, Bulacan)‎ (25 F) Camella Gapan (Nueva Ecija)‎ (12 F) Camella Nueva Ecija‎ (20 F) Camella Provence (Longos, Malolos City, Bulacan)‎ (30 F) Camella San Jose Del Monte City, Bulcan‎ (17 F) Camella Subic‎ (6 F) Camella Trece‎ (5 F)Camella Venezia;

• PREMISES CONSIDERED, I respectfully submit the foregoing Facts, which I hope may be helpful though; however, for my Personal Security, I cannot comment on whether the sites are spam or not, since please do understand that Senator Cynthia Villar is a top Senator and co-owner of these Camellas, and with their son as co-owner the highest Cabinet Secretary Official Senator Mark Villar, very sincerely 119.92.228.245 05:59, 3 March 2021 (UTC)

et20slam.net and myinfo.pkEdit

Spammed at enwiki, svwiki and ptwiki by User:182.185.25.11‎, User:Karenjonaa and User:59.103.96.180‎. EstrellaSuecia (talk) 14:43, 1 March 2021 (UTC)

binance.comEdit

Spam. The parameter behind "ref" is the Referral ID. --SCP-2000 16:08, 3 March 2021 (UTC)

• @SCP-2000: the whole domain (you're talking about referral id's behind a "ref", and I see those links being added, but also other links)? --Dirk Beetstra ^{T C} (en: U, T) 16:45, 3 March 2021 (UTC)

  @Beetstra: Forgive me for my mistake. Let me clarification, I would like to blacklist binance\.com.*\?ref=.* this domain. Thank you. SCP-2000 01:21, 4 March 2021 (UTC)

• {{BLRequestRegex}} should do it. —Dirk Beetstra ^{T C} (en: U, T) 04:09, 4 March 2021 (UTC)

@SCP-2000:   Added to Spam blacklist. --Dirk Beetstra ^{T C} (en: U, T) 04:09, 4 March 2021 (UTC)

@Beetstra: The regex rule seem not working. SCP-2000 04:38, 4 March 2021 (UTC)

redo regex Regex requested to be blacklisted: binance\.com(?:[\?&]ref\=)  — billinghurst sDrewth 10:20, 4 March 2021 (UTC)

@SCP-2000:   Added to Spam blacklist. -- — billinghurst sDrewth 10:24, 4 March 2021 (UTC)

@Billinghurst: Thanks. But the regex is still broken. SCP-2000 10:34, 4 March 2021 (UTC)

@SCP-2000 and Billinghurst: regex manually adapted to binance\.com.*(?:\?|&)ref\=. --Dirk Beetstra ^{T C} (en: U, T) 10:58, 4 March 2021 (UTC)

shorturl.atEdit

URL shortener, spotted here. From their site, looks like a generic shortener. Ravensfire (talk) 13:32, 4 March 2021 (UTC)

COIBotEdit

The LinkWatchers report domains meeting the following criteria:

• When a user mainly adds this link, and the link has not been used too much, and this user adds the link to more than 2 wikis
• When a user mainly adds links on one server, and links on the server have not been used too much, and this user adds the links to more than 2 wikis
• If ALL links are added by IPs, and the link is added to more than 1 wiki
• If a small range of IPs have a preference for this link (but it may also have been added by other users), and the link is added to more than 1 wiki.