We are being attacked by trolls


#1

I know we are not supposed to report spammers and just let them do their damage until spambrainz is ready, but I’d argue that trolls are different. Their aim is not to leave some spam here or there, but to wreak havoc.

It seems like they are hacking into old - never really active - accounts whenever another account gets exposed.
These are the ones I found so far:

https://musicbrainz.org/user/12121212
https://musicbrainz.org/user/bbbbbbbb
https://musicbrainz.org/user/xxxxxx
https://musicbrainz.org/user/admin

They seem to mostly target Evanescence and Nine Inch Nails.

I have no idea how, but they must be stopped.


#2

Is there any way of bulk reverting all of the edits of people like this? When accounts are being hacked that is a lot of damage that seems to have happened. no point in just attempting to vote no as that doesn’t get all the edits that already passed through.

Good to see @Freso stopping any further edits…

Maybe it is time to pull on the “who else logged in from that IP Address” list? I bet they have a few other accounts there for abuse

Well spotted @paulakreuzer


#3

There is a more serious issue with the user https://musicbrainz.org/user/admin in your list. Look at their “website”. That is a link to a very dodgy looking website. (I have not checked it fully, but I would not follow that if you don’t want someone probing your browser… first thing I was seeing was a lot of hacking type references…)

A MB admin needs to go and remove the URL from that page otherwise it will damage reputations here at MB.

Just by half looking at that link it is clear the MB logs will have more than one reference to this little trolling sod. There will be a pattern to his attacks. May need to reset some passwords on the accounts he is using.

Let me guess - the password for user 1212121212 was 12121212?


#4

The 4 accounts I found quieted down for now and I think I queued reverses for all their edits.
But if they hacked other accounts and only did auto edits on other (maybe lesser known) artists it might take a long time to find those.


#5

Looking at the names it appears to be some sort of test accounts from real early. Maybe the first few inactive accounts from that period could be blocked with a reference to contact an admin in case someone wants in?

With all the standard password lists around the web it is really a matter of time before the site is tested for entry.


#6

What @michelv says seems logical to me. Someone is clearly targeting the low lying fruit. Has anyone compared the logs and the IP Address used to see if that same IP Address has logged in any where else?

And can an admin please urgently sort out that website address in user https://musicbrainz.org/user/admin personal details. Leaving a link like that around is dangerous and once Google crawls it then the “dodgy links” warnings will get plastered over MB search results.