remove spammy user profiles - Githubissues

mitodl / open-discussions

BSD 3-Clause "New" or "Revised" License

10 stars 2 forks source link

remove spammy user profiles #3798

Open pdpinch opened 1 year ago

pdpinch commented 1 year ago

It seems some users have created accounts on MIT Open solely to populate the user bio with spam.

IS&T shared this google search query to find advertisements for online gambling, which we can use to detect who is spamming us:

https://www.google.com/search?q=site%3Aopen.mit.edu+%28%22IDN+Togel%22+OR+%22TERBAIK%22+OR+%22Klik+disini%22+OR+%22NinjaHoki%22+OR+%22Situs+Agen%22+OR+%22maltcasino%22+OR+%221xbet%22+OR+%22Jenis+Taruhan%22+OR+%22Mata+Uang%22+OR+%22Game+Favorit%22+OR+%22Togel+Online%22+OR+%22betboo%22+OR+%22Linkaja%22+OR+%22Terpercaya%22+OR+%22Slot88%22+OR+%22Slot88star%22+OR+%22INFORMASI+SITUS%22+OR+%22judi+bola%22+OR+%22bahis-siteleri%22%29&newwindow=1&sxsrf=ALiCzsa9VNFtC8r5OeaNtsJQhopYVtd-ZA%3A1672928071130&source=hp&ei=R9u2Y7GwBd6hptQP4oaI2AI&iflsig=AJiK0e8AAAAAY7bpV35rBfrXVF0l1cy8TpKIa6TioEuR&ved=0ahUKEwjx76XbzrD8AhXekIkEHWIDAisQ4dUDCAk&uact=5&oq=site%3Aopen.mit.edu+%28%22IDN+Togel%22+OR+%22TERBAIK%22+OR+%22Klik+disini%22+OR+%22NinjaHoki%22+OR+%22Situs+Agen%22+OR+%22maltcasino%22+OR+%221xbet%22+OR+%22Jenis+Taruhan%22+OR+%22Mata+Uang%22+OR+%22Game+Favorit%22+OR+%22Togel+Online%22+OR+%22betboo%22+OR+%22Linkaja%22+OR+%22Terpercaya%22+OR+%22Slot88%22+OR+%22Slot88star%22+OR+%22INFORMASI+SITUS%22+OR+%22judi+bola%22+OR+%22bahis-siteleri%22%29&gs_lcp=Cgdnd3Mtd2l6EANQAFgAYIcEaABwAHgAgAEAiAEAkgEAmAEAoAECoAEB&sclient=gws-wiz

Acceptance Criteria:

[ ] retire the accounts of any users found by this search

Related issues

To get out ahead of this problem, we're going to stop allowing new registration unless the user is already in an MIT community: https://github.com/mitodl/open-discussions/issues/3781

Ferdi commented 1 year ago

Not great. how does IS&T comes up with this search term(s)?

pdpinch commented 1 year ago

using a search string handed to me by an outside security researcher, who compiled a list of Turkish and Indonesian phrases that seem to crop up often in spammed sites. It's a bit of a game of whack-a-mole taking down compromised or spammed things.

The original query they sent me was for all of .mit.edu which included profiles on other sites that we don't control.

pdpinch commented 1 year ago

@rhysyngsun do you think we can close this?

pdpinch commented 1 year ago

I'm reopening this because we've had many more spammy profiles created in the time since February.