search

mozilla / addons

☂ Umbrella repository for Mozilla Addons ✨
Other
127 stars 41 forks source link

Add a configuration parameter of words which block downloadi #6599

Closed bjherbison closed 5 years ago

bjherbison commented 5 years ago

There have been many outbreaks of similarly named add-ons which appear to be malicious. The most recent outbreak has been of add-ons with "flash" or "Flash" in the tile. Today there have been many different newly listed add-ons with a title of "Flash Player" or some variation.

This evening I noticed some of the add-ons got a few dozen downloads while I took time to entertain guests.

But we can't just block the use of Flash--I did see few apparently reasonable add-ons with Flash in the title in the past week. And if Flash was obviously blocked the users would switch names.

Just adding more content reviewers in different time zones wouldn't solve the problem. Some add-ons get placed in a state where content reviewers are not allowed to reject them, and the escalation process sometimes takes a while to get add-ons rejected.

It would be beneficial if there was an easily updated parameter in the server of a list of dangerous words. Any add-on with one of those words in the title (not description) would not be available for download until after a manual review. Right now the only word I would put on the list is "flash" (case-insensitive).

An add-on wouldn't need to be a full code review, a content review is sufficient if the content reviewers are kept trained on how to look for current malware attacks.

This add-on from a couple of weeks ago got 680 downloads in the ten hours before I blocked it: https://reviewers.addons.mozilla.org/en-US/reviewers/review-content/adobe-flash-player-version122 The average daily users is still 9, and it is logging user information and providing no use.

This add-on got 21 downloads yesterday and today in spite of spelling Adobe incorrectly: https://reviewers.addons.mozilla.org/en-US/reviewers/review-content/adob-flash-player-2019-2019

jvillalobos commented 5 years ago

We are working on some plans for Q3 to address this problem. It might involve blocking publication on content review, or just giving content reviewers more time to look at submissions before they are published. Word filters don't work very well because they are trivial to bypass. And we implemented a spam filter (Akismet), but we haven't turned it on fully because it needed to be trained to identify spam first (and that hasn't been a priority for a while, unfortunately).

For the time being we don't have a better solution than to handle them as they appear.