pause Spam on CPAN: DOCRIVERS

I don't know if this is the right place to report it, but use DOCRIVERS appears to be a spammer.

Uploads so far:

https://metacpan.org/release/DOCRIVERS/Panda360
https://metacpan.org/release/DOCRIVERS/Panda360s
https://metacpan.org/release/DOCRIVERS/Changes360s
https://metacpan.org/release/DOCRIVERS/gamechangers

Aug 23 '18 15:08 tobyink

Thanks! There are weird commonalities with user ADDICT who registered just the day before. Here are the MD5 sums:

e0afe541d5cd31082dbd520c6015d788 /home/ftp/pub/PAUSE/authors/id/A/AD/ADDICT/Boost-UUID-0.01.readme e0afe541d5cd31082dbd520c6015d788 /home/ftp/pub/PAUSE/authors/id/A/AD/ADDICT/Boost-UUID-0.02.readme e0afe541d5cd31082dbd520c6015d788 /home/ftp/pub/PAUSE/authors/id/D/DO/DOCRIVERS/Changes360s.readme e0afe541d5cd31082dbd520c6015d788 /home/ftp/pub/PAUSE/authors/id/D/DO/DOCRIVERS/gamechangers.readme e0afe541d5cd31082dbd520c6015d788 /home/ftp/pub/PAUSE/authors/id/D/DO/DOCRIVERS/Panda360.readme e0afe541d5cd31082dbd520c6015d788 /home/ftp/pub/PAUSE/authors/id/D/DO/DOCRIVERS/Panda360s.readme

I tend to believe this deserves a quick account shutdown. Opinions?

-- andreas

Aug 23 '18 19:08 andk

That looks a bit like what blog comment spammers do to try to fly under the radar – copying vaguely related legitimate content from elsewhere and slipping their spam into that, hoping to escape the notice of inattentive owners/moderators. As a blogs.perl.org janitor, my vote is kill it.

If DOCRIVERS has anything to say for themselves they can always email. (Spoiler: they’ll never email.)

Aug 24 '18 00:08 ap

And it might be better to disable recaptcha for now to discourage creating more spam accounts.

Aug 24 '18 12:08 charsbar

There's been a lot more in the last few hours.

https://metacpan.org/recent

And yeah, the upload by ADDICT was fine. Looks like DOCRIVERS just used ADDICT's latest upload as a template for his spam.

Aug 24 '18 13:08 tobyink

@andk I've just changed the email and passwords for both DOCRIVERS and FULLHD (and mailed modules@ to explain).

Personally, I'd go with 'cleansing fire' but I figured 'stop the spam while you decide' was a good first step.

Aug 24 '18 14:08 shadowcat-mst

(FULLHD was also using the Boost-UUID 'template')

Aug 24 '18 14:08 shadowcat-mst

I guess that’s what happens when you allow unmoderated signups. Welcome to the internet. 😐

Aug 24 '18 16:08 ap

Btw, the way we handle this on blogs.perl.org is, Aaron set up a thing that sends him a mail every time some user publishes their very first article. So he goes and looks at each first post, and if it’s spam then the entire account gets nuked.

Something similar might be a good idea for PAUSE too. “First upload has to be approved by a human.”

Aug 24 '18 16:08 ap

On Fri, 24 Aug 2018 09:31:16 -0700, Aristotle Pagaltzis [email protected] said:

I guess that’s what happens when you allow unmoderated signups. Welcome to the internet. 😐

We have a switch in PAUSE to choose between moderated and unmoderated signups. This incident in a sad way confirms that we will have to use this switch, but I'm not yet sure that we have to do so immediately.

I'm contemplating other solutions. First thing that comes to my mind is throttled uploads for newbies, maybe one upload per month. Something like that. But whatever we invent will cause work.

-- andreas

Aug 25 '18 08:08 andk

One upload per month? With a new distribution, it's pretty common that ten minutes after uploading the first release, I notice a simple problem like a missing dependency, and correct it. And I've been using CPAN for years. A newbie author is likely to make loads more mistakes.

Aug 25 '18 12:08 tobyink

@shadowcat-mst Another user: FULLUHD (note the extra U).

Aug 25 '18 13:08 tobyink

@tobyink @andk Stole FULLUHD and mailed modules@ yesterday

Aug 26 '18 17:08 shadowcat-mst

@tobyink @andk ULTRAHD and FULLHQ toasted.

Time to flip the 'needs a human' switch back on while we decide what to do, I think.

Aug 27 '18 12:08 shadowcat-mst

PUTLOCKER looked suspicious so I've locked it on general principles.

Aug 27 '18 12:08 shadowcat-mst

and they just also registered OPENLOAD, still with smithwaillam191 [[at]] gmail.com as the address.

@andk this is getting silly.

Aug 27 '18 12:08 shadowcat-mst

and now GOSTREAM and SNAGFILMS

Aug 27 '18 12:08 choroba

@choroba not anymore.

Aug 27 '18 13:08 shadowcat-mst

Thanks @all,

I've now turned the Google recaptcha mechanism off to reenable 'needs a human'.

Besides that I have turned all of the following into ustatus=nologin (so they cannot guess any password) and emptied their directories:

DOCRIVERS FULLHD FULLUHD FULLHQ ULTRAHD

Thanks for your quick and tireless reactions,

andreas

Aug 27 '18 18:08 andk

Please could we talk about https://github.com/andk/pause/issues/144 again - otherwise deleting this stuff from MetaCPAN is a very manual job

Aug 27 '18 18:08 ranguard

ULTRAHD now also set to nologin and directory emptied. Thanks for the heads up!

Sep 02 '18 11:09 andk

https://metacpan.org/release/OPENLOAD/Watch-The-predator-Online

This should probably be removed. Unless it's the original 80s version; that was pretty good.

Oct 01 '18 11:10 tobyink

More spam, this time by ADAMS:

https://metacpan.org/release/ADAMS/Watch-Ralph-Breaks-the-Internet-online-full-movie-free-download-hd https://metacpan.org/release/ADAMS/Watch-Creed-2-online-full-movie-free-download-hd https://metacpan.org/release/ADAMS/Watch-Fantastic-Beasts-The-Crimes-of-Grindelwald-online-full-movie-free-download-hd

Nov 27 '18 11:11 ap

Dealt with the account in the usual way: set to nologin and removed all files.

Nov 27 '18 19:11 andk

I don't think this issue serves any purpose anymore.

Apr 28 '23 11:04 rjbs

pause pause copied to clipboard

Spam on CPAN: DOCRIVERS

Thanks for your quick and tireless reactions,

pause
pause copied to clipboard