Jump to content

Talk:Wikiproject:Antispam/2021

Add topic
From Meta, a Wikimedia project coordination wiki
Latest comment: 2 years ago by TheAafi in topic UA85 and related

About Pierre Malinowski

[edit]

Hi,

On fr-wiki we identified problematic spam on closely related topics:

SPI showed that: fr:Wikipédia:Vérificateur d'adresses IP/Requêtes/juillet 2021#Svetlana090, Foundation-french, Marija1st, BKTeaman, Yasinkovski, Jean-Dumoulin1, Jehanne-Sylvie - 24 juillet = 31.28.224.0/19 is proxy and sockpuppets are:

I also blocked other SPAs:

The pages are also under extended protection (2 yrs)-see request to admins: [1] Affected wikis are:

  • commons++++
  • en-WP+++++
  • fr-WP++++++
  • ru-WP++++++
  • de-WP++
  • WD+++

I can't speak German or Russian to warn them about this spam by a bunch of SPAs. Best regards, Bédévore (talk) 14:40, 31 July 2021 (UTC)Reply

created the page on en.wp. I blocked them for spamming back in April, for creating w:Roman Bekmuradov. MER-C (talk) 12:29, 1 August 2021 (UTC)Reply

Wiki PR, Status Labs

[edit]

Notable - literally, because they have articles written about them - spammers with a lengthy history. There's a lot of residual cross-wiki cleanup that needs to be performed, plus some of the spam seems to have returned in the intervening years since this case was investigated. MER-C (talk) 17:17, 17 August 2021 (UTC)Reply

List of articles pasted at User:MER-C/Spam/WikiPR. @Jules*: there's a couple for you to nuke. MER-C (talk) 16:38, 21 August 2021 (UTC)Reply
Done @MER-C: maybe it would be useful to open an archive subpage (with the links above)? best, — Jules* Talk 09:49, 22 August 2021 (UTC)Reply
P.-S. : if it can help to discover other socks, @MER-C:, MonsieurJohannes (who created fr:Freshworks listed on your subpage):
— Jules* Talk 09:58, 22 August 2021 (UTC)Reply
Okay, so, some other articles to delete not on your list:
Ping @Itti and MarioGom:. (We have no contact for it-wp.) — Jules* Talk 11:09, 22 August 2021 (UTC)Reply
Yay, untagged socks. The CU data was too cloudy, but there is little doubt these accounts are affiliated. Sigh. See en:Wikipedia:Sockpuppet investigations/Japanelemu/Archive for the untagged accounts. I also created Wikiproject:Antispam/Archives/2021/Wiki PR but someone needs to complete the research. There are a lot more discussions than this. MER-C (talk) 14:27, 22 August 2021 (UTC)Reply
There is also:
— Jules* Talk 15:51, 22 August 2021 (UTC)Reply
@MER-C: en:Wikipedia:Sockpuppet investigations/Boskit190/Archive may also be Wiki PR/Status Labs: Keke1970 (CA · xwiki · sc · COIBot report · ja · en), who created ja:SnatchBot and ja:PMインターナショナル, has been blocked on en-wp as a sock of Boskit190.
I also found out new and more recent (2020-2021) accounts, not blocked nor locked, via ja:チェーザレ・カターニア (found with ja:利用者:Keke1970/sandbox), which led me to wikidata:Q56141864:
— Jules* Talk 16:36, 22 August 2021 (UTC)Reply
Found another SPI: en:Wikipedia:Sockpuppet investigations/Fatima 77/Archive. New articles added to User:MER-C/Spam/WikiPR. MER-C (talk) 18:12, 22 August 2021 (UTC)Reply
Tagged es:SnatchBot and es:Ben Heine for deletion. es:eDreams.es is notable and someone already did some clean up. It might need further review though. Action still pending for VhuroMu2 (CA · xwiki · sc · COIBot report · es). MarioGom (talk) 20:21, 22 August 2021 (UTC)Reply

About KapitalBrand (frwp, commons, enwp)

[edit]

Hello,

KapitalBrand is an e-reputation company based in Morroco and they hire freelance editors to write on wikis. They use a lot of sockpuppets to edit articles about their clients (to get the "upper hand" in debates and to publish articles, sometimes cheating on typo to bypass protections). They never declare their conflicts of interest or their sockpuppets. They are banned on fr-wp. Typically, a freelance writes a draft and another dude publishes the draft.

Sockpuppets page is here: fr:Wikipédia:Faux-nez/KapitalBrand. They operate mainly on fr-wp and commons however a few of them are on en-wp.

Best, Bédévore (talk) 08:52, 23 August 2021 (UTC)Reply

Olga Vaganova

[edit]

Olga Vaganova [stalktoy] – [cross-wiki edits] (Ольга Ваганова in Russian) is a founder of ukrainian PR agency (article in russian about starting agency). Edits in uk, ru, en concern clients mainly, ignoring paid editing template. --Anntinomy (talk) 08:36, 4 September 2021 (UTC)Reply

Thanks for the information, @Anntinomy. On fr-wp, I only found one old (2011) creation: fr:PrivatBank. It used a promotional style, but it has been edited by an experienced user since. — Jules* Talk 20:38, 5 September 2021 (UTC)Reply
She has disclosure on English Wikipedia. So there is no issue here so far. MarioGom (talk) 07:48, 29 October 2021 (UTC)Reply

Polli Cannabis

[edit]

Four accounts blocked on en.wp, cleanup required on ru and Commons. @Oleg Yunakov and DarwIn: MER-C (talk) 16:29, 4 September 2021 (UTC)Reply

One more account: AnuFree (CA · xwiki · sc · COIBot report). MER-C 08:59, 12 September 2021 (UTC)Reply

Accounts locked. Archiving. MER-C 18:51, 12 September 2021 (UTC)Reply

Benutzer:مسافرت در ایران

[edit]


Spam to push a car rental --Itti (talk) 18:10, 16 August 2021 (UTC)Reply

This is مسافرت در ایران (CA · xwiki · sc · COIBot report). Google translate delivers “Travel in Iran” for the username. Contributions so far:
--AFBorchert (talk) 18:33, 16 August 2021 (UTC)Reply
I've asked for a global lock: SRG#Global lock for مسافرت در ایران. --AFBorchert (talk) 18:47, 16 August 2021 (UTC)Reply
This account is now globally locked. --AFBorchert (talk) 08:35, 17 August 2021 (UTC)Reply

They've been seen before at a low level. If it happens again, please report to the spam blacklist. MER-C 10:06, 18 September 2021 (UTC)Reply


COIBot

[edit]

I have enabled COIBot's tracking capabilities to this page (diff). That means that COIBot will create reports for link additions for links reported in {{LinkSummary}}/{{XWikiSummary}} templates and users reported in {{UserSummary}}/{{IPSummary}} templates, and that COIBot will track the diffs where the links/users were reported here. Overall that makes it easier to trace back evidence to blacklistings if every they get challenged, or future requests to earlier observations. Dirk Beetstra T C (en: U, T) 13:23, 21 September 2021 (UTC)Reply

Awesome, thank you Beetstra! I was just thinking about that this morning when I queued a bunch of reports via IRC for domains listed on this page. GeneralNotability (talk) 15:04, 21 September 2021 (UTC)Reply

Improving tools for monitoring and response

[edit]

I commented on wikimedia-l that it seemed there's much more that could be done to support this work. Including:

  • Monitoring the market for UPE
    Work with groups that are in the market and completely transparent about their work to maintain a sense of rates and volume
    Search general contracting sites, general search engines, and specific reputation brokers for new options; maintain a catalog
    Spot-check and commission work. last week Jan Böhmermann spent under 500 Euros and identified two German UPE networks
  • Building better tools for tracking and countering UPE
    Tracking: automated scoring (seems like some of this exists but not everyone uses it?)
    Countering: tools to coordinate work, making it more satisfying + collaborative to tackle organized UPE networks. Especially for often-targeted categories (politicians + companies)
    Both: Focus on tools for detecting large farms/networks over time, and cleaning up the mess they leave. (how automated is this now?)

Thanks @MarioGom: for pointing me here. I am curious how much of this tooling and automation exists already, and how to make it ore visible to editors on individual projects (who might not know about cross-wiki antispam efforts).

And I recognize that we don't have a uniform definition for the heart of the challenge -- Spam, COI, UPE (constituting a kind of hidden COI), and sock- and meat-puppet networks: all are slightly different contexts + scopes. How do you think about those in relation to one another? –SJ talk  20:52, 8 September 2021 (UTC)Reply

Hi SJ: thank you for bringing this up here. Here's some thoughts:
Monitoring the market for UPE
  • Work with groups that are in the market and completely transparent about their work to maintain a sense of rates and volume
    • Disclosed paid editors (DPE) are a tiny fraction of paid editing. Both in terms of number of accounts and edit volume. Some may be collaborative, like Beutler Ink (ping WWB Too), but I'm not sure that would be very useful for tackling UPE. If you refer to groups who are transparent about their work and rates off-wiki but don't disclose on-wiki, that probably only covers some Upwork freelancers, who are also just a small part of the market. Large actors rarely disclose rates, clients, and often not even the fact they offer Wikipedia services.
  • Search general contracting sites, general search engines, and specific reputation brokers for new options; maintain a catalog
    • We currently do some monitoring on English Wikipedia (see en:Wikipedia:List of paid editing companies), I think French Wikipedia does something similar (ping Jules*). Some editors also monitor sites like Upwork, and some results can be seen at en:WP:COIN. However, public disclosure can be in conflict with harassment policies (en:WP:OUTING), functionaries and some admins have access to more information on evidence discovered this way. A Volunteer Response Team queue exists at paid-en-wp@wikipedia.org, but only functionaries have access, and as far as I know, it is severely understaffed.
  • Spot-check and commission work. last week Jan Böhmermann spent under 500 Euros and identified two German UPE networks
    • Some people did this on French Wikipedia too, also uncovering some cross-wiki UPE operation in France (see en:Wikipedia:Wikipedia Signpost/2020-05-31/News and notes). There seems to be some disputes about how mystery shopping and our policies interact, especially on English Wikipedia. If we want more of this, we'd need a framework to ensure that mystery shoppers who are members of our community know the do's and dont's to avoid policy issues.
Building better tools for tracking and countering UPE
  • Unlike ORES, it is usually easier to detect UPE editors than isolated UPE edits. A (insufficient) number of tools exist, for example. MER-C's suspcious new articles report (see en:Wikipedia talk:WikiProject Spam#Suspicious new articles). We usually conceal operational details of such tools (en:WP:BEANS). Publicly disclosing all detection heuristics would be like publishing a manual on how to do UPE and get away with it. Anyway, I'll list here some categories of tooling I'm aware of:
    • General discovery: Tools that help finding UPE editors in general (not a specific sockfarm). MER-C's report fall into this category. I use some heuristics that yield around a 20%-35% verifiable true positive rate among the discovered accounts. I don't publish the results of this tool to avoid harm to innocent users, but a number of accounts I report come from these results after manual research.
    • Specific discovery: Tools to discover new accounts of known sockfarms. These include things as simple as watching recent changes on articles heavily targeted by specific sockfarms (e.g. en:User:MarioGom/TOPCOI/Bx), as well as more targeted heuristics to detect a known behavioral fingerprint. This works for some big UPE operations (e.g. Yoodaba SPI).
    • Attribution/Verification: Tools to check a suspicious account and attribute it to a known sockmaster. This is also quite feasible for some large operations (e.g. Yoodaba SPI, CharmenderDeol SPI, Jaktheladz SPI).
    • Investigation: Tools for behavioral sockpuppetry investigation, such as toolforge:spi-tools, toolforge:sigma, toolforge:xtools. Tooling is particularly lacking when it comes to research of cross-wiki UPE operations.
Other than that, the recent creation of Wikiproject:Antispam has been a good step in terms of cross-wiki coordination.
About cleaning up the mess, it's a quite lacking area. We have organized some ad hoc clean ups on enwiki (en:User:Blablubbs/Wolfram, en:User:MarioGom/LoboReview, en:User:MarioGom/KazakhReview), but there is still nothing formal or systematic.
Nosebagbear has a collaborative sandbox for UPE proposals (see en:User:Nosebagbear/UPE Proposals), which is worth the attention of anyone interested in moving some proposal forward. --MarioGom (talk) 10:45, 9 September 2021 (UTC)Reply
@MarioGom: on fr-wp, we have information on paid editing companies, but disseminated. I took the initiative to create fr:Projet:Antipub/Agences de communication today (we still have to complete it); it will help us to centralize the information. We also intend to trap again some agencies in the future, in order to find socks they use, as we did in May 2020. Best, — Jules* Talk 16:56, 10 September 2021 (UTC)Reply
Interesting, thanks to you both. @MarioGom: I think the number of larger orgs involved in en:WP:CREWE is enough that we could get a rough estimate of market rates and volume. Even one or two active PR agencies will have a better sense of it than most editors, and comparisons over time will be useful even if they see a biased subset. –SJ talk  16:29, 14 September 2021 (UTC)Reply
Our anti-abuse tools are a pile of garbage and the API is actually worse by virtue of having random missing functionality. Once we have a working CAPTCHA, all anti-abuse tools in MediaWiki and extensions used on WMF sites have dedicated maintainers, the technical debt in the anti-abuse tools is gone, the API has been audited for missing functionality (phab:T192023, phab:T20104, phab:T188672, phab:T261752 are all material impediments) and that functionality provided, the spam blacklist is still public and infinitely scalable, PageTriage is available for all wikis and in a much improved way, ..., then we can discuss improvements. I want to focus on finding spam, not fighting the WMF's bad software and bad management decisions.
That said, if someone wants to put together a training set that would be great. I know what I am looking for, it's just a matter of weeding out the false positives. The better I can do this, the less I can rely on behavior. MER-C 17:42, 9 September 2021 (UTC)Reply
MER-C Helpful ideas and links, thank you. I'm not sure what the right way is to bundle these up and push for prioritization; is it helpful to have an umbrella ticket for this that we can all add our +1's to? –SJ talk  16:29, 14 September 2021 (UTC)Reply
The state of the admin tools is so bad that any improvement to anti-abuse tools in MediaWiki is welcome. Anti-spam is not the only problem we face - a general improvement in anti-abuse tools will make progress against several problems. If I were to pick one for quick wins, it would be the deleted title search in the API and UI improvements for the deleted title search so that they are available in new page patrol and other scripts. There's no escaping the massive pile of work that is phab:T20493 though. MER-C 18:25, 14 September 2021 (UTC)Reply
  • SJ: I have surveyed data from various major UPE companies and they charge $500-$2,500, with median probably around $1,500. With respect to volume, after some back-of-the-envelope estimates, I would say that UPE page creations on English Wikipedia are in the hundreds per year (conservative), possibly in the thousands. It's hard to know for sure, since there's a long tail of UPE editors beyond the few major UPE companies. MarioGom (talk) 12:54, 28 January 2022 (UTC)Reply
Thank you for looking into it. That's substantive, and good context for improving related tools. –SJ talk  21:01, 29 January 2022 (UTC)Reply

Reduction + diversion of misapplied energy

[edit]

Another thought: have we looked into ways to reduce or divert demand for paid editing into constructive channels? The demand for run-of-the-mill publicity helps hide malicious manipulation. To limit this, we might create an (off-WP) space for freely-licensed intermediate steps along the path towards an on-WP proposed edit. And make the above even clearer by having all commercial paid editing start in this space instead, w/ its own tools and assumptions and expectations:

  1. Define (or create) a preferred site for sharing free knowledge about the 80% of this that is non-deceptive but still out of scope: self-curated statements by subjects, possibly-NN summaries, related media (less of an issue, given Commons' policies)
  2. Build tools to make it easy to create + transfer drafts there, streamlining deletion + migration processes.
  3. Observe activity there -- likely w/ meaningful correlation to UPE on Wikipedia.

As an example: sharing freely licensed media intended? proposed? for use in a paid article is easy, b/c Commons has fewer steps to follow, and is set up in a way that it doesn't suggest reputation or notability by associationn -- so its pages aren't very good targets for astroturfing; but are a mechanic for releasing media w/ metadata under a free license. An equivalent for nominally-factual statements (or self-reported statements) about verifiable entities could similarly narrow the subset of such edits that hit RC. –SJ talk  16:24, 14 September 2021 (UTC)Reply

Hammering UPE operations does divert some demand into constructive channels. I have observed a few companies switching to in-house, policy-compliant, disclosed paid editors after the agency they hired was banned, exposed, and their customers appeared connected to it.
As for other venues, you can look at Wikitia and Everipedia. BLP and companies there are often correlated with UPE on Wikipedia. These are wikis they can use to freely dump all the promotional garbage they want.
On English Wikipedia we do have drafts, which is where commercial paid editing is supposed to go. For simple, hard facts, Wikidata is friendly to COI and paid editing, disclosed or undisclosed. Commons is also a relatively safe place unless they incur in copyvio (which is often the case). I'm not sure I fully grasp the kind of solution you're proposing here. MarioGom (talk) 16:43, 14 September 2021 (UTC)Reply
Widely publicise examples of paid editing backfiring.
Unfortunately I've seen some diversion towards the Simple English Wikipedia. MER-C 18:29, 14 September 2021 (UTC)Reply
Thanks, good examples. Wikitia and Everipedia could perhaps be such a place. [Update: it seems not.] They both still claim to be curated third-party encyclopedic content... even though they have neutrality and balance problems that far exceed our own. What I mean is
1. identifying a specifically recommended autobio-index -- a channel for a) freely-licensed, b) sourced + verifiable, self- or pr-descriptions of possibly non-notable entities, which explicitly states that it makes no claims of independence, balance, or neutrality, and does not present itself as an "encyclopedia".
2. sending commercial-PE (paid or otherwise) to such a channel to update a page there. away from the RC or on-wiki process here.
3. while all editors can use Drafts here to develop articles, commercial-PE should just post a link to this other site; from which a page or section could be imported if appropriate.
4. building tools to easily transfer pages to that channel and remove them from WP. self-promotions or articles by sock farms (that might one day be WP-suitable, if cleaned up) could be more readily deleted + migrated; and we might impose a higher standard of balance + notability for CPE, or a policy of bulk deletion/migration of articles created by UPE. All of this might be easier / less controversial if we know this isn't removing free knowledge from the web, but rather removing it from the search-engine-visibility and implicit curatorial approval of being on WP.
Do you think we could do the above w/ a pointer to Wikitia? Do you see value in trying to move CPE away from using drafts, and adding specific "delete and migrate" tools? @MarioGom: I haven't thought through the implications in detail, but that's roughly what I meant. –SJ talk  17:07, 15 September 2021 (UTC)Reply
Do not ever consider Wikitia (but Everipedia is OK). Wikitia is a shady site documented in the MediaWiki spam blacklist. It is operated by Avoof [7], an Indian SEO company in Udaipur, Rajasthan that is well documented on en:WP:PAIDLIST. Avoof employees are the only users who are allowed to edit Wikitia. The main operators are Himank Seth [8] and Sonali Kavdia, who are highly active spammers on LinkedIn and Upwork and actively spam their own profiles all over the Internet to promote themselves. They regularly scrape articles off Wikipedia and charge clients a few hundred dollars to publish on Wikitia. Probably only 5% of the pages showing up on Wikitia are Avoof's clients.
They evidently have poor English skills as this confusing jumble of words on Wikitia's main page shows.

The community at Wikitia is limited to only specialized editors who are experts in their fields and can helping in building verified content by the continuous efforts. All articles and pages on Wikitia are protected to provide verified encyclopedic content by controlling the substandard edits by all users, who dont have knowledge in that industry or field.

Unlike Wikipedia, we believe that just negativity or controversial content are not a qualification for a page, which has garnered a lot of attention and mostly hate crime content is highlighted and not the positive work.

Dealing with this requires close monitoring of anything related to Wikitia that shows up on the Internet, such as job ads relating to Wikitia pages. Jwindleberg (talk) 02:28, 11 October 2021 (UTC)Reply
Thanks @Jwindleberg:, so it sounds like that one is not a good option. Again suggesting we might want to set up our own venue, which rejects spam and abuse, but supports permanent rough drafts and not-yet-notable material. –SJ talk  12:51, 12 October 2021 (UTC)Reply
Everipedia is a very good venue for "permanent rough drafts and not-yet-notable material." Larry Sanger, one of the co-founders of Wikipedia, was active in founding and managing Everipedia. The site looks well managed and has a very supportive community. On the other hand, there is no way that Wikitia can be viable option since it's completely controlled by shady Indian spammers. Jwindleberg (talk) 17:34, 12 October 2021 (UTC)Reply

Obviously the top priority is to first hunt down the big-time harassers and extortionists. They are the ones causing the biggest damage to WMF projects. All the other small-time spammers who don't do extortion or blackmailing are just annoying but not diabolic. We should get rid of those online gopnik gangs like Wikibusiness.ua first. Jwindleberg (talk) 17:45, 12 October 2021 (UTC)Reply

++ That makes sense to me. –SJ talk  16:03, 13 October 2021 (UTC)Reply

Rohit Mehta

[edit]




Affects en.wp, simple.wp, hi.wp, Commons and Wikidata. Spam for Rohit Mehta and his website. MER-C 08:35, 20 September 2021 (UTC)Reply

CharmenderDeol

[edit]

See w:en:Wikipedia:Sockpuppet investigations/CharmenderDeol. A large sockfarm working on simple, Commons and enwiki; accounts are usually either segregated between wikis or have a strong focus on one. Per enwiki CU, there is proxy use involved, so I suspect additional local checks may uncover additional accounts. Any assistance with filing relevant investigations and cleanup would be appreciated. Blablubbs (talk) 09:18, 25 September 2021 (UTC)Reply

Thanks, at Commons speedy deletions have been initiated for File:DAO Minh Quan.jpg, File:Michael Obeng.jpg and File:Luis Marti.jpg. In addition, a couple of regular DRs were opened: c:Commons:Deletion requests/Files uploaded by ImmaDie, c:Commons:Deletion requests/File:Griffin Lotson.jpg, c:Commons:Deletion requests/File:Richard Bohannon.jpg, c:Commons:Deletion requests/File:AQUILES ESTE.jpg, c:Commons:Deletion requests/Files uploaded by Nirmaln404. --AFBorchert (talk) 23:34, 25 September 2021 (UTC)Reply
I ran into SabrinaMaze (CA · xwiki · sc · COIBot report · simple · en) while working on the enwiki SPI case. They are stale on en, but based on their creation of simple:Aquiles Este they are probably related to this farm (see en:Draft:Aquiles Este, c:File:AQUILES ESTE.jpg). CU on simplewiki might be helpful. Spicy (talk) 01:30, 26 September 2021 (UTC)Reply
@Ferien: see above. MER-C 10:00, 26 September 2021 (UTC)Reply
I've sent that page to requests for deletion.. Eptalon, could you take a look at the sockpuppetry stuff? Thanks, Ferien (talk) 10:12, 26 September 2021 (UTC)Reply


[edit]


  • Affected wikis: Wikidata, pnb.wp (Western Punjabi), en.wp, fr.wp, no.wp, hi.wp (Hindi), ur.wp (Urdu), pl.wp, es.wp, bn.wp, Commons.

UA85 claims to be Umair Ahmad. Originally limited to this subject, they have since engaged in both UPE and link spamming. There is also likely a spam company behind all of this. Ongoing abuse. MER-C 20:01, 25 September 2021 (UTC)Reply

Most of the sockpuppets did not have any contributions at Commons. Most of the uploads are already deleted, File:Jeans Explosion.jpg is one of the surviving files with VRT permission (appears to be genuine). --AFBorchert (talk) 22:36, 25 September 2021 (UTC)Reply

Needs a flush out on Commons, Urdu and Punjab Wikipedias. MER-C 17:01, 16 April 2022 (UTC)Reply

@TheAafi: there are at least a few spam pages on the Urdu Wikipedia awaiting elimination. User:MER-C/Spam/UA85 may be helpful. MER-C 17:12, 25 April 2022 (UTC)Reply
MER-C Been in travel since last night. Gimme sometime and I'll get this done. ─ The Aafī (talk) 03:41, 26 April 2022 (UTC)Reply
I deleted several articles under UA85 tag, and will check all others once I reach back home. ─ The Aafī on Mobile (talk) 03:54, 26 April 2022 (UTC)Reply
{@MER-C:, I deleted a bunch of articles and removed the spam links from several others. I'll likely move few of these through AfD because I'm not sure whether to keep these or to delete them, so I'd seek consensus from the local community. Everything else is Done. ─ The Aafī (talk) 14:38, 26 April 2022 (UTC)Reply

Trane007

[edit]

These accounts have been blocked for socking and spamming on enwiki (see en:Wikipedia:Sockpuppet investigations/Trane007), but the first two are also active on frwiki. Articles that have been created or heavily edited by them include:

Trane007 was previously warned for UPE on frwiki [9]. There also seems to be some related logged-out editing on 2001:8A0:E80A:B200::/64 - see en and fr contribs. This might go back further than this - Barbapapa888 (CA · xwiki · sc · COIBot report · fr), though stale, is likely related based on editing interests and username.

Thanks, Spicy (talk) 12:21, 1 October 2021 (UTC)Reply

Hi @Spicy. Thanks for the info. I blocked accounts on fr-wp, deleted some articles, marked the other for UPE, and asked for a SPI: fr:Wikipédia:Vérificateur d'adresses IP/Requêtes/octobre 2021#Trane007, Honesty888 - 1 octobre. (You can ping me when cases are related to fr-wp.) Best, — Jules* Talk 13:03, 1 October 2021 (UTC)Reply
That was fast - thanks. Will do in the future re. pings. Spicy (talk) 14:39, 1 October 2021 (UTC)Reply

Locks requested. MER-C 17:09, 9 October 2021 (UTC)Reply

@Spicy, MER-C, and Jules*: Mardit1 (talk · contribs) has started editing about AFRO on enwp. Blocked locally. Blablubbs (talk) 15:25, 28 October 2021 (UTC)Reply


Split-project UPE for Dave Sidhu among likely others

[edit]

I got a set of users that are likely socks of one another, with single-project editing largely being limited to one of each account. What follows is the behavioral evidence that links them. I'm already working on making sure the enwiki editor gets blocked since it's pretty blatant.

User/Link summaries
















  • R. Edits is linked to R. Articles by the same strong interest in Dharmendra Ahirwar (see this global search)
  • Davesidhusydney is a little stale, but is linked to Tracktouch Productions by en:Dave Sidhu (see log of en:Draft:Dave Sidhu) compared to pa:Dave Sidhu being essentially identical
  • R. Articles is linked to Davesidhusydney by their substantial modifications to the above linked draft.
  • Kanwaljeetsingh is very stale, but had a similar interest with a mainspace creation on Sidhu in 2016, and no other activity.
  • Both R. accounts and Tracktouch have added links to thecover.in, and no one else.
  • Both R. Articles and Tracktouch have added links to davesidhu.in and no one else.
  • Some various other bits point to very likely UPE based from a marketing firm.

Because of the limited amount of single-wiki editing performed, there isn't really any place I can file an SPI. I'm putting this here mainly for documentation purposes, as there may be further cleanup needed: the accounts listed here are mostly very active in editing. I also provided a bit more evidence than probably needed to show that this is a spam ring, but both R. accounts have a decent number of edits (in the hundreds), so I don't want to skip out on any details. Perryprog (talk) 22:19, 5 October 2021 (UTC)Reply

+Tracktouchrecords, also years stale. GeneralNotability (talk) 22:22, 5 October 2021 (UTC)Reply

Xenen1970

[edit]

Nigerian based spammer. Ongoing abuse. Focus is Nigerian politics and CEOs but occasionally strays into the West.

New accounts not mentioned in the en.wp SPI which I just blocked:

Heavy spamming on Simple English and English Wikipedias, and lots of copyvio images on Commons (there's no way File:European Diversity Awards.jpg, File:Gideon Olanrewaju.jpg and File:Scott Lumley11.jpg among many others, is this user's own work). @Celestina007, DarwIn, and AFBorchert:. MER-C 17:05, 9 October 2021 (UTC)Reply

@Ferien: see above - I've made a few DRs on Simple, but there's too much and new socks keep on being discovered. MER-C 11:59, 10 October 2021 (UTC)Reply
I've taken the list of accounts from the simplewiki SPI, and every one of their uploads to Commons was copyvio. I've tagged all of those, but the accounts on the enwiki SPI will also need to be gone through. Jack Frost (talk) 13:06, 14 November 2021 (UTC)Reply

Several UPE/socks blocked on fr-wp

[edit]

Hi (ping @MER-C, @Blablubbs).

We found (and blocked) several accounts on fr-wp which are socks (and probably UPE!), in two separate cases. Articles created should probably reviewed. Some accounts are not blocked yet on en-wp:

I only put the not yet blocked accounts with at least one edit on en-wp; exhaustive lists can be found in the "case summary" links.

Kind regards, — Jules* Talk 22:18, 14 November 2021 (UTC)Reply

Photospam

[edit]

After noticing this [10] at deWP spam blacklist I realized that this was connected to spam reported in March by @SCP-2000 [11][12][13]. Now there are different URLs involved:

Accounts & IPs I've discovered so far spamming photoaid.com:

Accounts & IPs I've discovered so far spamming dvlottery.me:

Accounts & IPs I've discovered so far spamming mybritishpassport.com and ukabroad.net:

I guess there might be even more, so a CU might be useful + of course include the new URLs at the global spam blacklist. @Billinghurst: fyi as you added the previous urls to the spam blacklist.

By the way looking at passport-photo.online and passportphotocodeuk.com I noticed several accounts that were not globally blocked:

I checked all weblinks using this tool [14] and followed each account's edits, now all links should be removed from the mainspace in all projects. -- Johannnes89 (talk) 00:18, 23 November 2021 (UTC)Reply

@Johannnes89: I've added to the blacklist? Yeah maybe one or two. If a domain needs to be blacklisted, if it is unequivocally horrid, then just add it to Talk:Spam blacklist. If it needs a consensus reach one here, and add it to that page and cite and link to the consensus. I am less active in the UPE space for the wikis where I concentrate my efforts, and more eradicating the mass of spambot-targeted urls.  — billinghurst sDrewth 10:08, 23 November 2021 (UTC)Reply
@Billinghurst: maybe we should adapt the script so we can directly blacklist from here? After all I also make COIBot monitor this page, and the script is to make our life easy (for a lot of spam it is like a game of Monopoly - don't go through start, don't collect 20k$). -- Dirk Beetstra T C (en: U, T) 15:36, 23 November 2021 (UTC)Reply
@Beetstra is it possible to get COIBot LinkReports for the other domains listed as well? As there are multiple Accounts involved over a long period of time, there will likely be more attempts. -- Johannnes89 (talk) 15:29, 3 December 2021 (UTC)Reply


















@Johannnes89: ^^ that should have summoned the bot to save/refresh reports. Dirk Beetstra T C (en: U, T) 20:17, 3 December 2021 (UTC)Reply

FYI: I requested global lock for 100+ sockpuppets related to this crosswiki spam [15]. There are local checkuser actions against some of these accounts [16][17][18]. It appears that at least some of them are freelancers hired via Upwork [19]. --Johannnes89 (talk) 22:38, 9 January 2022 (UTC)Reply


Changingguardsatbuckinghampalace

[edit]

Changingguardsatbuckinghampalace is an Israeli UPE operation primarily focused on English Wikipedia. You can see the accounts in the English sockpuppet investigation, but I'll list here the cross-wiki ones:

And articles:

Maybe frwiki and dewiki could run some checkuser checks? Big UPE operations that go cross-wiki rarely do so for a single article.

Pinging fr and de contacts: Bédévore, Jules*, LaMèreVeille, AFBorchert, Itti, MBq, Millbart.

Best, MarioGom (talk) 19:24, 19 December 2021 (UTC)Reply

thx for the info, on dewiki a CU ist not possible, account was only active 1 June 2020, the edit is to old for CU. But I will have a look. Regards --Itti (talk) 19:29, 19 December 2021 (UTC)Reply
Thanks Itti! By the way, for any CU, contact GeneralNotability privately if you need some tips to interpret technical evidence for this sockfarm. MarioGom (talk) 19:34, 19 December 2021 (UTC)Reply
Thanks for the ping, @MarioGom. I deleted the article and blocked the accounts. Sadly, edits are too old for CU as well. Best, — Jules* Talk 17:33, 20 December 2021 (UTC)Reply
de:Millennium Management now deleted and protected --MBq (talk) 12:42, 12 February 2022 (UTC)Reply

Wikipedia:Sockpuppetry

[edit]

Misuse of spare account. Creating custom pages in all Wikipedia languages. User accounts:

Global user contributions

--Persia ☘ 13:57, 25 December 2021 (UTC)Reply

History of creating current pages
History of creating current pages
wiki history by
ps.wikipedia 1:35 9 November 2021 AriaTess
th.wikipedia 21:50 1 November 2021‎ AriaTess
tr.wikipedia 07.16 24 November 2021‎ Miladtayan
uk.wikipedia 15:17 7 November 2021 AriaTess
zh.wikipedia 12:20 8 ‎November 2021 AriaTess
en.wikiquote 16:33 16 November 2021‎ Miladtayan
commons.wikimedia 04:07 28 October 2021‎ AriaTess
wikidata 22:22 25 May 2020 Huyancho
pnb.wikipedia 6:45 6 December 2021 Abbas dhothar
pt.wikipedia 05:27 19 January 2022‎ Aryankhodakaramim
Delete history
Delete history
history Page on [wiki] deleted by
09:25, 30 December 2021‎ [hiwiki] User: रेजा गुडारी
15:56, 27 December 2021 [eswiki] User:-sasha-
17:13, 26 December 2021 [jawiki] User:Marine-Blue
15:21, 26 December 2021 [kowiki] User:Reiro
12:05, 26 December 2021‎ [urwiki] User:Ulubatli Hasan
23:36, 25 December 2021 [ruwiki] User:Q-bit array
22:55, 25 December 2021‎ [itwiki] User:Merynancy
17:12, 25 December 2021 [frwiki] User:Jules*
17:06, 25 December 2021 [dewiki] User:Partynia
18:09, 11 December 2021 [fawikiquote] User:فرهنگ2016
23:19, 08 December 2021 [eswiki] User:Ezarate
06:54, 28 November 2021 [fawiki] User:Jeeputer
01:16, 17 November 2021‎ [enwikinews] User:Acagastya
11:12, 03 November 2021‎ [dewiki] User:Kuebi
10:20, 03 November 2021 [itwiki] User:Gac
11:02, 02 November 2021 [dewiki] User:Stefan64
17:08, 17 September 2021‎ [fawiki] User:Mardetanha
15:46, 11 May 2021 [fawiki] User:Mardetanha
19:57, 17 January 2021 [enwiki] User:Praxidicae

--Persia ☘ 09:24, 28 December 2021 (UTC)Reply

@Jules*: Hello, What user handles the reports here?--Persia ☘ 20:20, 6 January 2022 (UTC)Reply
@Persia: Those who follow the page. But, as each report is about various wikis, you should ping users listed in Wikiproject:Antispam/Contacts for wikis relevant in the current case. — Jules* Talk 20:32, 6 January 2022 (UTC)Reply
  • Remarkable administrators of other wikis in:

--Persia ☘ 09:53, 23 January 2022 (UTC)Reply

Sophisticated (Eastern) European paid editing rings

[edit]

At Wikiproject:Antispam we see highly sophisticated paid editing syndicates operating mainly from Europe, especially Ukraine and Russia but with a smattering of US, French and German operators. On en-wp, the main actors are low-skilled spammers from India, Pakistan and Bangladesh who usually do not display much sophistication and largely confine their activities to en-wp. Starting off with a list of known sockfarms and their countries of origin listed at meta,

  • Çelebicihan - Ukraine
  • Wikibusiness - Ukraine
  • Serghiy Hrabarook - Ukraine
  • Olga Vaganova - Ukraine
  • Pierre Malinowski - Russia and France
  • Wiki PR, Status Labs - US
  • Ross kramerov - US, of Russophone origin
  • Olaf Kosinsky - Germany
  • Prix Versailles - France
  • KapitalBrand - Morocco
  • UA85 - Pakistan
  • Xenen1970 - Nigeria

Quite a different situation from en-wp which gets overwhelmed with clueless unsophiscated spammers from developing Anglophone countries such as India, Pakistan, Bangladesh, Sri Lanka, Nigeria, Ghana and the likes, as observed at en:WP:SPI. See this observation by Bri on en:Wikipedia:Wikipedia Signpost/2020-05-31/Recent research,

I've been working in this arena for a while, and in fact have a credit in the paper for contributing labeled data that was used to train the model. We aren't sure how sophisticated some of these operations are but my feeling is there's a distinct break between the activities of the outfits catering to well-funded Global North entities (in particular corporations and their executives, entertainers/entertainment companies, and politicians and political groups) – probably what you mean by the "professionals" – and the rest. I wouldn't be surprised if the former are highly aware of the investigative techniques used on-Wiki, and adapt to whatever metrics and techniques we apply, but the latter are unable to, at least quickly. But the greatest volume of stuff that has to be dealt with is due to the less sophisticated group, and it would still be useful to have tools that willow that away so human effort can be focused on the remainder.

This means we may need different strategies and tools to deal with, for instance, sophiscated Ukrainian paid editing rings vs. noob-type Indian freelancers. A pattern emerging now is that sophisticated x-wiki spam tends to come out of Ukraine, Russia and to some extent Western Europe, but the mostly monolingual Americans and British are typically occupied only with en-wp. Jwindleberg (talk) 02:28, 11 October 2021 (UTC)Reply

For what it's worth, fairly sophisticated UPE operations are run from the US, UK, and Israel too. At least on English Wikipedia. Also some bigger operations are internationalized, e.g. primarily run from the US with additional teams in Philippines or Hong Kong. MarioGom (talk) 21:06, 5 November 2021 (UTC)Reply

USA/India spammers

[edit]

Here is a link to a portfolio of a Wikipedia PR company: https://www.wikipedialegendsllc.com/portfolio.php. List of articles they claim to be theirs:

--212.91.160.53 10:11, 25 November 2021 (UTC)Reply

Many of the companies offering paid editing services have false client lists, and this appears to be another one of those. Giraffer (talk) 20:54, 26 November 2021 (UTC)Reply

PR Olaf Kosinsky

[edit]

Olaf_Kosinsky (CA · xwiki · sc · COIBot report) Subteno (CA · xwiki · sc · COIBot report)

A German TV show showed a PE connection between user Olaf Kosinsky and Subteno a disposable sock. This was confirmed by CU. Olaf Kosinsky was involved in many projects. It is reasonable to assume that he also enriched many articles there with advertising. --Itti (talk) 12:28, 4 September 2021 (UTC)Reply

en:Wikipedia talk:WikiProject Articles for creation notified. MER-C (talk) 16:35, 4 September 2021 (UTC)Reply
Filed en:Wikipedia:Sockpuppet investigations/Olaf Kosinsky. MER-C 08:53, 5 September 2021 (UTC)Reply

Regards --Itti (talk) 09:32, 5 September 2021 (UTC)Reply

@AFBorchert and DarwIn: c:Commons:Volunteer Response Team/Noticeboard#Tickets verified by Olaf Kosinsky. MER-C 10:10, 5 September 2021 (UTC)Reply
Reported to eswiki: es:Wikipedia:Tablón de anuncios de los bibliotecarios/Portal/Archivo/Miscelánea/Actual#Olaf Kosinsky. TaronjaSatsuma: could you look at the cawiki side? MarioGom (talk) 11:13, 5 September 2021 (UTC)Reply
reported in :ca.--TaronjaSatsuma (talk) 12:42, 5 September 2021 (UTC)Reply
Blocked on Commons: c:Commons:Administrators' noticeboard#Case Olaf Kosinsky. MER-C 13:02, 5 September 2021 (UTC)Reply
Wikidata checkuser request made: d:Wikidata:Requests for checkuser/Case/Olaf Kosinsky. MER-C 13:10, 5 September 2021 (UTC)Reply
blocked on wikisource.org -jkb- 14:39, 5 September 2021 (UTC)Reply
  • Inevitably there will need to be some sort of cleanup for the UPE here – how do we intend to go about this? Do we treat all of his contributions as UPE, or a select few? If so, how would we determine which? Thanks, Giraffer (talk) 18:08, 5 September 2021 (UTC)Reply
@Giraffer: Olaf Kosinsky was a very prolific and experienced editor and a significant part of his contributions were apparently not paid for. As far as I can see, Olaf Kosinsky was using sockpuppets for paid editing but used his main account to support these activities by moving articles from draft to main space (at en:wp, example), by reviewing new articles (at de:wp, example), and by processing VRT tickets which were related to his paid activities ([example). The problem is that we just know some of the socks but there are probably more which did not come up in the CU results at de:wp as they weren't used in the last three months. --AFBorchert (talk) 09:49, 6 September 2021 (UTC)Reply
Nothing extra found in the en.wp sockpuppet investigation. MER-C 17:11, 7 September 2021 (UTC)Reply
Thanks, AFBorchert. I think I'm just gonna go through the sockpuppets' contributions and then whatever interaction the main account had with them (on enwiki). Thanks for your help. Regards, Giraffer (talk) 21:24, 7 September 2021 (UTC)Reply

Welcome

[edit]

Hi, welcome everyone to the antispam project. Native English speakers, I am guilty for the terrible style. ;) Feel free to rephrase as you see fit. Best, Bédévore (talk) 15:30, 30 July 2021 (UTC)Reply

For the record, this project is born after this discussion (permalink) on en-wp. Best, — Jules* Talk 15:36, 30 July 2021 (UTC)Reply
@Bédévore and Jules*: How come all things frwiki-related just look so beautiful? This is great work, thank you so much for taking the time. I've given the landing page a major copyedit. Blablubbs (talk) 17:07, 30 July 2021 (UTC)Reply
Thank you @Blablubbs (twice)! — Jules* Talk 17:10, 30 July 2021 (UTC)Reply
Thanks Blablubbs! Bédévore (talk) 21:59, 30 July 2021 (UTC)Reply

Looking for contacts on Wikimedia projects

[edit]

Hello,

As discussed before, this wikiproject would be very useful to identify volunteers of other Wikimedia projects willing to help on cross-wiki promotion cases.

Bédévore and I will soon start contacting other wikis (using embassies or other means) to identify such volunteers, so they can join this project and list their names on Wikiproject:Antispam/Contacts. I suggest we list below which projects each of us did contact, in order to avoid any redundancy.

Regards, — Jules* Talk 16:35, 30 July 2021 (UTC)Reply

@Jules, could you also leave the invitation for volunteers among uk.wikipedia admins? Village pump (administration) page. Thanks. --Anntinomy (talk) 16:27, 6 September 2021 (UTC)Reply