Wikipedia talk:WikiProject Spam/2013 Archive Jan 1

ScaleEngine Inc.



 * Articles
 * Articles


 * "The company was founded in November 2009 by Allan Jude and Stefan Caunter"
 * Accounts
 * Accounts

Owner / CEO, ScaleEngine Inc  --Hu12 (talk) 18:24, 1 January 2013 (UTC)
 * Wikipedia talk:Articles for creation/ScaleEngine
 * Continued article spamming and promotion, --Hu12 (talk) 17:47, 10 January 2013 (UTC)

PhoneMania.com.pk Spamming



 * Accounts
 * Accounts

Bl'd--Hu12 (talk) 20:38, 2 January 2013 (UTC)

The ProGuide



 * Accounts
 * Accounts

--Hu12 (talk) 02:25, 3 January 2013 (UTC)

mbabug.com



 * Spammers

MER-C 12:48, 2 January 2013 (UTC)
 * MER-C 05:07, 6 January 2013 (UTC)

science-niblets

 * Registrant Name:Elmar Bergeler


 * Accounts
 * Accounts

--Hu12 (talk) 00:03, 4 January 2013 (UTC)

propertytradingcenter.com

 * Previous incidents
 * Wikipedia talk:WikiProject Spam/2012 Archive May 2


 * Sites spammed


 * Spammers

MER-C 12:42, 5 January 2013 (UTC)

Ole E. Sorensen Self-promotional WP:JOURNALSPAM

 * Accounts

Contributions consist of citing himself and those who cite him. --Hu12 (talk) 12:46, 4 January 2013 (UTC)
 * --Hu12 (talk) 23:30, 7 January 2013 (UTC)
 * --Hu12 (talk) 23:30, 7 January 2013 (UTC)

viEUws



 * User:Squareambiorix/ViEUws a website that communicates EU policy
 * Accounts
 * Accounts

posting this domain everywhere  --Hu12 (talk) 20:11, 7 January 2013 (UTC)

project nightflight



 * Accounts
 * Accounts


 * de:Special:Contributions/188.118.247.177
 * it:Special:Contributions/80.123.61.158

--Hu12 (talk) 21:20, 7 January 2013 (UTC)

FORA.tv

 * Amazon Affiliate: foratv-20 (3)
 * Amazon Product: B001UW59JY (4)+31


 * Article
 * Article


 * Accounts
 * Accounts

conference and event videos--Hu12 (talk) 22:58, 7 January 2013 (UTC)

sports coach UK ref Spamming



 * Wikipedia talk:Articles for creation/sports coach UK
 * Accounts
 * Accounts

--Hu12 (talk) 20:03, 9 January 2013 (UTC)

Article; I Get Paid To Edit Wikipedia For Leading Companies
Article; I Get Paid To Edit Wikipedia For Leading Companies
 * www.businessinsider.com/wikipedia-marketing-2013-1


 * "Mike Wood is a freelance writer who specializes in professional Wikipedia editing."



Clearly he's promoting his service on businessinsider.com (one article wonder). --Hu12 (talk) 03:15, 10 January 2013 (UTC)

OXUS Development Network

 * Accounts
 * Accounts
 * Accounts

--Hu12 (talk) 18:34, 10 January 2013 (UTC)

Martial Arts Lineage
The website www.malineage.com is being spammed into the encyclopedia by User:Chien fu. It purports to trace the lineage of martial artists. It appears to be a self-published source. Binksternet (talk) 22:59, 10 January 2013 (UTC)


 * Accounts
 * --Hu12 (talk) 23:57, 10 January 2013 (UTC)
 * Accounts
 * --Hu12 (talk) 23:57, 10 January 2013 (UTC)
 * --Hu12 (talk) 23:57, 10 January 2013 (UTC)
 * --Hu12 (talk) 23:57, 10 January 2013 (UTC)


 * Good work! Thank you. Binksternet (talk) 00:49, 11 January 2013 (UTC)


 * I would like to refute this case against MALineage.com. The website is a very useful and informative tool regarding martial arts lineage.  It provides a closer look at historical lineage than is possible on Wikipedia.  The website is not a business and does not make any money.  Please reconsider removing all of the links I have worked hard to create.  Thank you.  Chien Fu (talk) 7:52, 13 January 2013 (UTC)

Open IPTV Forum



 * Articles
 * Articles
 * Articles


 * ca:Open IPTV Forum
 * es:Open IPTV Forum
 * Wikipedia talk:Articles for creation/Open iptv forum
 * Wikipedia talk:Articles for creation/Open IPTV Forum
 * User:CdEsclercs/Open IPTV Forum
 * Accounts
 * User:CdEsclercs/Open IPTV Forum
 * Accounts

(St Peter Port, Guernsey) (St Peter Port, Guernsey)    Claire d'Esclercs (OIPF Secretariat) --Hu12 (talk) 19:38, 7 January 2013 (UTC)
 * ca:Special:Contributions/Edu.Perez
 * es:Special:Contributions/Edu.Perez


 * This is a legit organization per (The Register) and  (Ericsson). Please cease deleting, moving, or blanking this page. &mdash;Ahnoneemoos (talk) 01:59, 12 January 2013 (UTC)
 * Whether or not that's true, it doesn't confer a license to exploit Wikipedia for promotional purposes, nor does it make for exemption of official Wikipedia policies;
 * Advertisements masquerading as articles
 * External link spamming
 * Paid advocacy, public relations, and marketing
 * Accounts used for promotion
 * Wikipedia is not a vehicle for advertising
 * The users contributions to Wikipedia under DJDonkey and his IP's 78.41.3.211 and 93.189.161.68 consist entirely of adding external links to oipf.tv, creating content about Open IPTV Forum and based on his edit history, exists for the sole or primary purpose of promoting Open IPTV Forum. Wikipedia owes much of its success to its openness. However, that very openness sometimes attracts people and organizations who seek to exploit the site, this is one such case. The bigger picture clearly shows someone who is using Wikipedia to promote their own interests. --Hu12 (talk) 03:45, 12 January 2013 (UTC)
 * Then revert the article to a previous state, modify to keep it within our guidelines, or ban the user/range of IPs temporarily, but cease deleting it and blanking it. The references make it very clear that this is legit and we can provide independent reliable sources to support this. &mdash;Ahnoneemoos (talk) 13:51, 12 January 2013 (UTC)

Virtual Network Services Group LTD

 * (redirect to redvirtualservicios.com)
 * Article
 * Article


 * Accounts
 * Accounts

--Hu12 (talk) 16:56, 12 January 2013 (UTC)

Erotic Female Domination



 * Accounts
 * Accounts


 * :commons:Special:Contributions/64.15.68.19
 * en:Special:Contributions/64.15.68.19
 * tl:Special:Contributions/64.15.68.19

Targets the article Female dominance--Hu12 (talk) 17:29, 12 January 2013 (UTC)

restaau.co.uk



 * Spammers

MER-C 11:00, 14 January 2013 (UTC)

inogolo.com
A website that purports to provide the correct pronunciation of names. No indication of it being a reliable source on its own, and it doesn't mention its own sources. It appears to be run by one individual, but does offer visitors the option to submit corrections if the pronunciation listed is incorrect. Apparently ad supported. Links from Wikipedia really can only be described as refspam. Looks like it's found its way into about a hundred articles so far, based on what I came across at WikiProject Spam/LinkReports/inogolo.com. Should be blacklisted, at the least. user: j (talk)  08:33, 16 January 2013 (UTC)

Fireplace spam
This link is being inserted in multiple articles from an IP-hopper in the 112.215.66.1/24 range. May need further monitoring or blacklisting. Kilopi (talk) 16:10, 16 January 2013 (UTC)

Acworth related



 * Related
 * Articles
 * Articles
 * Articles


 * Accounts
 * Accounts
 * Accounts
 * Accounts

--Hu12 (talk) 20:04, 16 January 2013 (UTC)

Openbiz Technology LLC Spamming



 * Articles
 * Articles


 * Articles for deletion/Openbiz Cubi
 * Accounts
 * Accounts

--Hu12 (talk) 03:05, 17 January 2013 (UTC)

bestmusicspots.com


The user does nothing but add various pages associated with the above domain. Binksternet (talk) 00:03, 18 January 2013 (UTC)

Robotic SurgePedia cut and paste copyvio





 * Cut and past Articles (rsp.inf.elte.hu)


 * Other cut and past copyvios
 * Other cut and past copyvios
 * Other cut and past copyvios
 * Other cut and past copyvios
 * Other cut and past copyvios
 * Other cut and past copyvios
 * Other cut and past copyvios
 * Other cut and past copyvios
 * Other cut and past copyvios
 * Other cut and past copyvios
 * Other cut and past copyvios
 * Other cut and past copyvios
 * Other cut and past copyvios


 * Accounts
 * Accounts


 * rsp.inf.elte.hu/mediawiki/index.php/Special:Contributions/Rperro88

User is cut and pasting articles from Robotic SurgePedia wiki for the purpose of WP:REFSPAM sourcing them with Robotic SurgePedia wiki. All of which seem to have Francesco Cardinale (Neurosurgeon at Ospedale Niguarda Ca' Granda) in common.--Hu12 (talk) 04:50, 19 January 2013 (UTC)

Adsense related



 * Accounts
 * Accounts
 * Accounts

--Hu12 (talk) 06:03, 19 January 2013 (UTC)

Bowtie, Inc



 * Related
 * Accounts
 * Accounts
 * Accounts
 * Accounts
 * Accounts
 * Accounts
 * Accounts
 * Accounts
 * Accounts


 * "Content generated by our loyal visitors, which includes comments and club postings, is free of constraints from our editors' red pens..."

--Hu12 (talk) 06:27, 19 January 2013 (UTC)

3news.co.nz

 * Accounts
 * Accounts

(user ignored subsequent warnings and was indef'd)


 * Comment I reverted the most recent ones, but there are over 500 still out there. Link probably meets reliable sources, but has been subject of long-term canvassing by at least one user. OhNo itsJamie  Talk 21:45, 17 January 2013 (UTC)
 * This is a legitimate news source. 3 News views with One News as the two authoritative television news shows in New Zealand. Neither are predominantly tabloid (although both do cover celebrity gossip along with more weighty issues). The edits by Exenola I've looked at all appear to be good edits; the only cause for concern is that all used the same source, and the editor did not reply to concerns about this on their talk page. Editors often do have a preference for a particular source, but this does not constitute spam. I use the New Zealand Herald as a source frequently; in part, that is because when I first started editing Wikipedia its main competitor in NZ print media was Stuff.co.nz, which at the time did not keep its articles online longterm. Stuff has since improved, but my habits were set. This does not make me a spammer; I have no commercial interest in any media company.- gadfium 19:57, 18 January 2013 (UTC)
 * I realize that 3news is a legitimate news source. For that reason, I've only been reverting ones that were canvassed by this user.  If you look at the user's pattern closely, it's clear that they tried to add short sections plus the ref any time a subject hit the headlines; classic WP:SPA behavior. Unlike you, Exenola never made changes that didn't involve adding a 3news link. I don't think I'm going to revert further. I do think it's important to document the abuse here so that further SPA accounts can be dealt with more quickly. OhNo itsJamie  Talk 19:54, 19 January 2013 (UTC)

truelithuania.com

 * Accounts
 * Accounts


 * Comment I reverted most of them; as of this writing, thirty are remaining.OhNo itsJamie Talk 21:45, 17 January 2013 (UTC)
 * Comment I think there is a mistake here in this mass removal. User:Ohnoitsjamie seemingly did not agree with the links I have added at Brockton and Worcester (Massachusetts) articles and then he removed, presumably without checking, all the links to the same domain name (added over a period of some 8 months and not disputed before; it was not some kind of link spam as it is made seem here). This is not the way it should be done. Here I give just a few examples of what has been removed and tagged as "spam"/"link canvassing":
 * 1) A link from Vilnius article to the most extensive English online travel guide to Vilnius.
 * 2) A link from Lithuanian American article to the largest English language webpage on Lithuanian American heritage.
 * 3) A link from Kaunas article to the most extensive English online travel guide to Kaunas.
 * I don't tink that disputing 2 or even 10 links is a reason to remove 50 appropriate ones. Also I don't believe that my contribution to Wikipedia by providing links to websites that conform with Wikipedia rules and add something to Wikipedia is detrimental. As you can see this is far from the only type of contribution I made since I joined in 2006 as I have also started numerous articles and some of the facts I added have been featured on "Did you know..." on the front page. BBBDBV (talk) 08:04, 18 January 2013 (UTC)
 * 95% of what you've done over the years is add links to the same website to Wikipedia. Consider yourself lucky that it took this long for someone to catch on. Also see WP:COI. (I'm pretty sure I've removed more than 50, and will get the rest today). OhNo itsJamie Talk 14:47, 18 January 2013 (UTC)
 * The "95% of those years" is simply not truth. I have added no links to that website at all before May 21st of 2012 (my edit list, scroll down). Only in a minority of my total edits I have added links. And the rest of my Wikipedia edits included sizeable ones such as these at Eurobasket 2011 article 1, 2, 3, 4 and I have newly started articles.


 * In any case, now I understand you believe that I am employed by the website. That is, the trouble is me and not the website. However, I have not received any money from that website, neither directly nor indirectly. The way I see it is that the website in question is probably the largest English website on Lithuania (excluding news websites) so it quite naturally has lots of information; on many Lithuania-related topics it provides the most extensive English coverage available online. Therefore there are lots of Wikipedia articles where links to different webpages of the website could be added adhering to Wikipedia rules (nobody ever disputed this).


 * Anyway I understand you that my edits may seem to you of bad faith, given the situation. However neither in WP:EL nor WP:COI have I saw a recommendation to unilaterially remove all the (completely legitimate) links added by an editor if there is a personal belief that the editor acted in conflict of interest. And this case is borderline at best (it is porbably clear for you as well that this was not bot-spamming nor any other cases specifically mentioned in WP:EL). In fact, WP:COI provides a very different procedure:


 * The first approach should be direct discussion of the issue with the editor, referring to this guideline. If persuasion fails, incidents may be reported on the conflict of interest noticeboard (WP:COIN), and users may be warned with the uw-coi user warning template. Conflict of interest is not in itself a reason to delete an article, though other problems with the article arising from a conflict of interest may be valid (see criteria for deletion).


 * Given the situation an understandable procedure would have been to refer the matter to people knowledgable on the subject in WikiProject Lithuania to let them decide which links are acceptable and which aren't. BBBDBV (talk) 13:06, 20 January 2013 (UTC)

ias.umn.edu
User Curious 1949's contributions appear to consist entirely of spamming links to various minor lectures hosted at ias.umn.edu. Though this user has been warned repeatedly that these contributions are inappropriate, they persist without discussion.

Thanks for the help -- Khazar2 (talk) 00:33, 18 January 2013 (UTC)
 * User has agreed to stop adding links to articles, proposing future additions on talk pages instead. Good enough for me. -- Khazar2 (talk) 07:33, 20 January 2013 (UTC)

InhaleTime



 * Accounts
 * Accounts


 * InhaleTime.com is really no different than linking to a blog or personal website and fails Wikipedia's specific inclusion requirements of our External Links policy. Being that "anyone can contribute", it has limited or no editorial oversight (see WP:RS) and articles are essentially self-published or Origional research.--Hu12 (talk) 19:03, 20 January 2013 (UTC)

Internal link spamming: Brittle power
Brittle_Power is someone's book.

Looking at the what links here page for it, there are relevent links to subject matter to do with the author or publisher, but there are also several links from recent mass blackout articles in the 'see also', sections, which should not be there. — Preceding unsigned comment added by Tommylommykins (talk • contribs) 23:09, 20 January 2013 (UTC)

Long term Dracony self promotion and Spamming

 * (Dracony) sites
 * (Dracony) sites


 * Related
 * User:Dracony/sandbox
 * Wikipedia talk:Articles for creation/PHPixie
 * Accounts
 * Related
 * User:Dracony/sandbox
 * Wikipedia talk:Articles for creation/PHPixie
 * Accounts
 * User:Dracony/sandbox
 * Wikipedia talk:Articles for creation/PHPixie
 * Accounts


 * "I've been developing my http://phpixie.com framework... "
 * "...my PHPixie"


 * Moving one's own link "UP", is never a sign of good faith. Within ONE WEEK of registering his site phpixie.com (2012-12-28) he requested for an article about PHPixie to be created, sourced it with phpixie.com and his own personal blog dracony.org, then followed that by spamming it (url's and redlinks) on Comparison of web application frameworksSeems. His marketing isn't limited to Wikipedia but promoting elswhere by comment spamming and more comment spamming and forum spam and more forum spam, ect.., ect..

--Hu12 (talk) 05:35, 21 January 2013 (UTC)

findagrave.com
Like the one above, this one appears to have slipped through the cracks. It isn't a reliable source (it claims to be crowdsourced), many of its "biographies" are copyvios, and it is overloaded with ads. In the last several articles I've checked, it adds nothing of value. The issue has been brought up before on the talk page for the article about the site itself, we even had a WikiProject to use lists from that site to create biographies here. While not all of the additions were made by bad faith editors, the site is undeniably unreliable as a source, it obviously isn't "official" to any of the biographies in question, and in every instance I've found so far, it adds nothing of value as an external link that someone couldn't otherwise find through a very simple Google search.

The worrying part is that there are literally thousands of biographies that are using this site as either an external link or a reference. Is there a bot that can be tasked with removing specific spam links identified by the Spam WikiProject (in addition to blacklisting to prevent future additions)? user: j (talk)  20:43, 16 January 2013 (UTC)
 * If deemed appropriate mass removal shouldn't be that difficult. Werieth (talk) 20:56, 16 January 2013 (UTC)


 * While the bios themselves are usually not RS, it also has many gravestone photos, which are pretty much self-verifying and quite useful. The findagrave bios also will (sometimes) provide citations to obscure sources that can then be used to verify their content. In short, dismissing them out-of-hand could be a mistake. LeadSongDog come howl!  22:15, 21 January 2013 (UTC)

Waterland Outdoor Pursuits Spamming

 * Accounts
 * Accounts
 * Accounts

--Hu12 (talk) 19:36, 21 January 2013 (UTC)

clbooks.com



 * Accounts
 * Accounts

--Hu12 (talk) 19:52, 21 January 2013 (UTC)

Projify (software)

 * Article spam


 * Accounts
 * Accounts

--Hu12 (talk) 03:50, 22 January 2013 (UTC)

growiktionary.org
Odd series of edits by User:Prilanket‎ and User:Gresta--no edit summaries, often marked as minor edits--linking to subdomains of growiktionary.org. These are purporting to be references but this appears to be an unreliable source. Note that I've deleted all the ones I could find. Logical Cowboy (talk) 06:31, 22 January 2013 (UTC)

heightincreasinginsoles.net

 * Previous incidents
 * Wikipedia talk:WikiProject Spam/2012 Archive Dec 1


 * Sites spammed


 * Spammers

86.142.76.14 felt the need to post this. MER-C 13:08, 22 January 2013 (UTC)

NDatabase COI Spamming
Jacek Spólnik
 * Article spam
 * Article spam
 * Article spam
 * Article spam


 * Accounts
 * Accounts

--Hu12 (talk) 22:10, 22 January 2013 (UTC)

cakewalk.com
Found a completely irrelevant link to this site while editing the Kevin Kern page, and turns out it's on a ton of music-related pages.

 - down  load  ׀  talk  06:13, 23 January 2013 (UTC)

thoughtmaybe.com

 * Accounts
 * Accounts

--Hu12 (talk) 06:14, 19 January 2013 (UTC)
 * Werieth (talk) 02:02, 24 January 2013 (UTC)

ParkLex85, LLC Spamming



 * Accounts
 * Accounts

BankProbe.com is a product of ParkLex85, LLC--Hu12 (talk) 03:48, 24 January 2013 (UTC)

Global Leadership Foundation Spamming



 * Article
 * Article


 * Accounts
 * Accounts

--Hu12 (talk) 04:29, 24 January 2013 (UTC)

billtrack50.com

 * Previous incidents
 * Wikipedia talk:WikiProject Spam/2012 Archive Nov 1


 * Spam pages


 * Sites spammed


 * Spammers
 * boothmarketing.com: "Glenn Booth"
 * boothmarketing.com: "Glenn Booth"
 * boothmarketing.com: "Glenn Booth"




 * See also
 * Articles for deletion/BillTrack50

From :
 * You're here to improve Wikipedia -- not just to funnel readers off Wikipedia and onto your site, right? (Hu12)
 * Ok. I understand. Won't happen again. (Legination)

So they hire a SEO guy instead... MER-C 12:52, 19 January 2013 (UTC)
 * Not a very wise move...✅--Hu12 (talk) 19:19, 20 January 2013 (UTC)
 * Article is nominated for deletion at Articles for deletion/BillTrack50. MER-C 11:17, 24 January 2013 (UTC)

ROBLOX userpage spam
ROBLOX, "Online Building Toy"


 * Article
 * Article


 * Accounts
 * Accounts

There is an unmanageable amount of these throw away accounts using their pages for this ROBLOX thing...--Hu12 (talk) 05:47, 24 January 2013 (UTC)
 * Enjoy. MER-C 10:48, 24 January 2013 (UTC)

asianaffairs.in



 * Spammers
 * Bolding existing links is not a sign of good faith.
 * Bolding existing links is not a sign of good faith.
 * Bolding existing links is not a sign of good faith.
 * Bolding existing links is not a sign of good faith.
 * Bolding existing links is not a sign of good faith.
 * Bolding existing links is not a sign of good faith.
 * Bolding existing links is not a sign of good faith.
 * Bolding existing links is not a sign of good faith.

MER-C 11:15, 24 January 2013 (UTC)

Possible mass page creation for spam purposes


This user has been here since January 8th, and in that time, has created close to 70 new pages. All of them are about Hungarian artists, few give anything in the way of notability, and they all in the 'external links' section links contain links to budapestauction.com and hung-art.com, specifically to sections where the artist's work can be bought at auction. InShaneee (talk) 11:16, 24 January 2013 (UTC)
 * Yep, that's spam. Not only that, but this user's edits are full of copyvio. I'm going to escalate this to ANI -- WP:ANI. MER-C 11:37, 24 January 2013 (UTC)

TopCashBack

 * Registration No. Z1905336
 * Registration No. Z1905336


 * Articles
 * Articles
 * Articles
 * Articles


 * Articles for deletion/Top CashBack
 * Accounts
 * Articles for deletion/Top CashBack
 * Accounts


 * topcashback.co.uk/ref/rickb

topcashback.co.uk moderator His marketing isn't limited to Wikipedia but promoting elswhere by comment spamming, forum spam and all over the internet--Hu12 (talk) 18:56, 24 January 2013 (UTC)

Capstone Associated Services, Ltd



 * Articles
 * Articles


 * Articles for deletion/Capstone Associated Services
 * (redirect)
 * Accounts
 * (redirect)
 * Accounts

--Hu12 (talk) 20:10, 24 January 2013 (UTC)

AP Archive COI



 * Accounts
 * Accounts

Username change  --Hu12 (talk) 03:25, 25 January 2013 (UTC)

Mathias Fischedick





 * Article
 * Article


 * de:Mathias Fischedick deleted as no relevance, POV, advertising
 * Accounts
 * Accounts

vanity spam--Hu12 (talk) 03:53, 25 January 2013 (UTC)
 * de:Special:Contributions/Rod Barowski

Ecodesk


I found it in external links for Cognis. It has a rather lame article: Ecodesk, and notability may be in question. I didn't remove the link and an AfD on the article may settle the notability question. Not my field of expertise and I believe in "Log it, burn it, pave it!" So I would be POV on the issue. Is there a bot that can find all the other corporate articles that may have it in external links? It may be as notable as IMBD for actors unless there is another database that can be linked to company articles that keeps track of how many trees they hug or cut down. If it is the best database out there we may create its notablity by accepting its data linked on Wikipedia as we do with IMBD. Like IMBD I don't think the data can be claimed as RS though. See also: Carbon accounting --Canoe1967 (talk) 18:39, 26 January 2013 (UTC)

ImamFaisal.com Spamming

 * Accounts
 * Accounts

Link vandalism, tripping the spam filter and inapropriate replies to standard spam warnings such as; ...are never signs of good faith --Hu12 (talk) 19:57, 26 January 2013 (UTC)
 * "You ought to keep your atheistic and secular opinions to yourself,'
 * "do not delete the link you are discriminating and violating the rules"

HTTP 1.0 / 1.1 Redirect Spam
At the Wikipedia talk:WikiProject Spam entry, I have documented a spammer who is serving up different content to HTTP 1.0 and HTTP 1.1 browsers. What I don't know is how common this is or how we at Wikipedia can guard against this technique. As you can see, multiple Wikipedia editors looked at the page and it looked fine to them. Is this an isolated incident or are we linking to a bunch of spam sites without knowing it?

One way to test for this would be to have a bot crawl through our pages and test links to see if the content is different with HTTP 1.0 and HTTP 1.1. We wouldn't have to check all of Wikipedia; a few thousand would be enough to tell us whether this is an isolated incident. Does anyone else have any other suggestions for handling this issue? --Guy Macon (talk) 20:27, 27 January 2013 (UTC)
 * I don't know if this is relevant, but I've noticed a few cases of spammers using a technique involving buying a domain name that is a typo of a bookseller's domain name, such as "barnesadnoble.com" (just an example) and at first redirecting it to the actual website's page on the book. After they've added the link into an article and it appears to have been reviewed it appears that they change the redirect on the website.   -  down  load  ׀  talk  02:45, 28 January 2013 (UTC)

auditiondate.in

 * Fairly active spammer nailed close to 75 pages before being caught including ANI report Werieth (talk) 16:04, 28 January 2013 (UTC)
 * Fairly active spammer nailed close to 75 pages before being caught including ANI report Werieth (talk) 16:04, 28 January 2013 (UTC)
 * Fairly active spammer nailed close to 75 pages before being caught including ANI report Werieth (talk) 16:04, 28 January 2013 (UTC)

Earliz promotion



 * Article
 * Article


 * Accounts
 * Accounts

--Hu12 (talk) 19:38, 29 January 2013 (UTC)
 * fr.linkedin.com/in/olivierhory
 * Founder of Earliz.com

DASH Industry Forum COI spam

 * Wikipedia talk:Articles for creation/DASH Industry Forum
 * Accounts
 * Accounts

--Hu12 (talk) 01:20, 30 January 2013 (UTC)
 * linkedin.com/in/michaelluby
 * board member of the DASH Industry Forum

WP:CITESPAM by Bent Flyvbjerg

 * Wikipedia_talk:WikiProject_Spam/2010_Archive_Oct_1
 * Sockpuppet investigations/Sonderbro/Archive
 * books.google.co.uk/books?id=yVBXPf50EV0C
 * books.google.com/books?id=yVBXPf50EV0C
 * books.google.com/books?vid=ISBN0521009464
 * books.google.com/books?vid=ISBN0226254518
 * Vanity Articles
 * books.google.co.uk/books?id=yVBXPf50EV0C
 * books.google.com/books?id=yVBXPf50EV0C
 * books.google.com/books?vid=ISBN0521009464
 * books.google.com/books?vid=ISBN0226254518
 * Vanity Articles
 * books.google.com/books?vid=ISBN0226254518
 * Vanity Articles


 * Accounts
 * Accounts
 * Accounts
 * Accounts
 * Accounts
 * Accounts
 * Accounts
 * Accounts
 * Accounts

--Hu12 (talk) 02:37, 30 January 2013 (UTC)

International Fibrodysplasia Ossificans Progressiva Association
The International Fibrodysplasia Ossificans Progressiva Association website at http://www.ifopa.org/ has been compromised by spammers. For example "Product and Services Database" on the first page is now "Product and purchase generic viagra Services Database".

Especially hard hit is http://www.ifopa.org/fop-skeleton.html -- a page that gets links from Wikipedia.

Alas, I don't see a good solution to this problem. Any ideas? --Guy Macon (talk) 22:12, 24 January 2013 (UTC)


 * It's their problem to solve &mdash; and they seem to have solved it. I don't see any vandalism now. If it's a persistent problem, then from our end, I'd say, deny spammers their traffic by commenting out those links. Or replace those references with links to archive.org. ~Amatulić (talk) 22:57, 24 January 2013 (UTC)


 * I am still seeing the vandalism at [ http://www.ifopa.org/fop-skeleton.html ], and [ http://www.ifopa.org/ ] (cleared my cache and tested with Firefox and Chrome). What are you seeing as the bold blue text that starts with "Product" and ends with "Database"? --Guy Macon (talk) 23:52, 24 January 2013 (UTC)


 * I am going to comment out the links now. --Guy Macon (talk) 19:56, 26 January 2013 (UTC)


 * I don't see the spam looking at the site now. Any site can be compromised briefly... why not restore it? Wnt (talk) 03:45, 27 January 2013 (UTC)


 * I sent an email to the contact info on the website and waited 48 hours before posting my original question above. Please go to [ http://www.ifopa.org/ ] and tell me exactly what words you see as the bold blue text that starts with "Product" and ends with "Database". I am seeing the same thing on Firefox, Chrome, Opera and IE. --Guy Macon (talk) 04:31, 27 January 2013 (UTC)


 * I don't see a compromised website, certainly nothing about viagra. Here's what I see:
 * "Product and Services Database Search this rich product and service catalog for resources that can help caregivers and family members."
 * I don't think there is any action to take here. Binksternet (talk) 05:02, 27 January 2013 (UTC)

Sorry, but the website is indeed compromised. Once somebody answered my question and I knew that someone else was seeing an uncompromised version, I stated doing some detective work to see how they are doing it.

Here are the raw HTTP headers when I send an HTTP 1.0 request:

GET / HTTP/1.0 Accept: */* User-Agent: WebBug/5.0 HTTP/1.1 302 Found Date: Sun, 27 Jan 2013 06:07:03 GMT Server: Apache Location: http://www.server285.com/ Content-Length: 209 Connection: close Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> 302 Found Found The document has moved here.

And here it is with HTTP 1.1:

GET / HTTP/1.1 Host: www.ifopa.org Connection: close Accept: */* User-Agent: WebBug/5.0

HTTP/1.1 200 OK Date: Sun, 27 Jan 2013 06:10:00 GMT Server: Apache

P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" X-Powered-By: TMX-194.19 Expires: Mon, 1 Jan 2001 00:00:00 GMT Cache-Control: post-check=0, pre-check=0 Pragma: no-cache Set-Cookie: ca565f6e2059dc6fd822a132c14d48f2=41e288885b9a2a31e50491f1e966d48c; path=/ Set-Cookie: lang=deleted; expires=Sat, 28-Jan-2012 06:09:59 GMT; path=/ Set-Cookie: jfcookie=deleted; expires=Sat, 28-Jan-2012 06:09:59 GMT; path=/ Set-Cookie: jfcookie[lang]=deleted; expires=Sat, 28-Jan-2012 06:09:59 GMT; path=/ Last-Modified: Sun, 27 Jan 2013 06:10:01 GMT Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=utf-8

800d <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">        Welcome to The IFOPA

...and so on, serving up an uncompromised web page to you and anyone else who uses HTTP 1.1. Which, BTW, includes Googlebot. Also, that server285.com site is doing all sorts of tricks with serving different content to different users

BTW, I did a full virus and malware scan on this PC and then tried this on another PC just to make sure my system is not itself compromised. --Guy Macon (talk) 06:39, 27 January 2013 (UTC)


 * Update: I reported the trick they are using to Google. --Guy Macon (talk) 08:12, 27 January 2013 (UTC)


 * Thanks for the detective work! I downloaded WebBug and tried and I am seeing the same result for HTTP 0.9/1.0 redirecting to the spam server and 1.1 giving a normal version. Wnt (talk) 19:02, 27 January 2013 (UTC)


 * (The following is copied from Talk:International FOP Association‎ to keep conversation in one place) --Guy Macon (talk) 19:19, 27 January 2013 (UTC)


 * I would encourage anyone with IFOPA to follow [the link to this page] - thanks to Guy Macon's detective work (using WebBug) it appears that a spam-compromised version is being served up to some browsers looking at a version 0.9 or 1.0 HTTP, but not others with HTTP 1.1. I wonder if this is a site hack and that the operators happen to be viewing with 1.1, as does Google and myself and doubtless many others. Wnt (talk) 18:59, 27 January 2013 (UTC)


 * The above rules out two unlikely possibilities (both my Linux and my Windows PC being compromised / the DNS nameservers at my ISP being compromised) and allows me to now say with certainty exactly what is going on with this website.


 * The spammers compromised the site's .htaccess file. It doesn't look like they got anything else, but the webmaster should reload everything from a known good copy just to be sure.
 * The .htaccess file is password protected -- probably done by the spammers -- and thus I cannot examine it, but I am confident that the following is true:
 * The .htaccess file uses MOD_REWRITE to redirect any HTTP 0.9 or 1.0 request to a website they fully control. This website then serves up a clone of the real website with spam links inserted. That other website does further redirect tricks that I didn't bother documenting.
 * There is a good chance that this is being done with inline HTML in the .htaccess file and not a separate html file (perhaps the spammer couldn't get to those?). When you use inline HTML in .htaccess you get Content-Type: text/html; charset=iso-8859-1 and no Content-language.
 * The added spam links are to sites that pay for incoming clicks. Those sites are the real victims who are being cheated out of money. The trick here is to stop Google from seeing the spam links and removing the site from search results, but allowing users who happen to have HTTP 1.0 browsers to see the links and click on them. Googlebot uses HTTP 1.1.
 * We can ignore the HTTP 0.9 results. Anyone who is still using an HTTP 0.9 browser cannot see the vast majority of websites that use shared-IP, so 0.9 is pretty much extinct.
 * I would imagine that when I sent my original email to IFOPA, they looked, didn't see anything, and concluded that I was a kook. Which I pretty much am -- ask anyone who knows me. :)
 * This should be enough for their webmaster to fix the problem, but if anyone at IFOPA needs any help on this please feel free to use the Wikipedia email link on my talk page to contact me. --Guy Macon (talk) 20:08, 27 January 2013 (UTC)

(The following was copied from User talk:Malcolm C Munro to keep conversation in one place)

I have contacted IFOPA; their web hosting company has completed addressing the issues. I will now restore the ifopa link removed. Thanks very much for your assistance with this. Much appreciated. Malcolm C Munro (talk) 18:20, 29 January 2013 (UTC)Malcolm Munro.


 * Please have IFOPA contact me. Either you got some bad info or their web hosting company is incompetent. The problem has not been fixed. Reverting your change to the IFOPA page now. --Guy Macon (talk) 18:35, 29 January 2013 (UTC)


 * (...Sound of crickets...) --Guy Macon (talk) 02:53, 31 January 2013 (UTC)


 * BTW, the spammers appear to have removed the spam links in an attempt to evaid detaction, but the page is still compromised, and an HTTP 1.0 request still redirects to a page controlled by the spammers. --Guy Macon (talk) 02:53, 31 January 2013 (UTC)


 * It still redirects to a malicious website. All attempts at contacting IFOPA have failed. --Guy Macon (talk) 00:40, 19 May 2013 (UTC)


 * Update: ifopa.org still redirects to a malicious website. Also see External links/Noticeboard/Archive 12. --Guy Macon (talk) 03:48, 28 June 2013 (UTC)


 * Update: ifopa.org still redirects to a malicious website. The malicious website is dead at the moment, but it is still not safe until ifopa fixes the problem. All attempts to reach ifopa have failed. --Guy Macon (talk) 08:18, 8 November 2015 (UTC)

Stock Footage, Inc Spamming



 * Article
 * Article


 * Accounts
 * Accounts

--Hu12 (talk) 04:22, 31 January 2013 (UTC)

atropedia.net

 * links


 * accounts

A non-notable wiki being repeatedly added to. The content of several of their articles appear to themselves be taken from Wikipedia articles on the incidents, or to use Wikipedia as a reference. --- Barek (talk • contribs) - 17:48, 31 January 2013 (UTC)