From Meta, a Wikimedia project coordination wiki
Jump to navigation Jump to search
Report and discuss cross-wiki spam

Hi, welcome to the talk page of the antispam project!

Information we need to investigate promotional spam:

  • a list of the accounts involved in cross-wiki spam
  • the reasons you think there's cross-wiki spam, e.g. single-purpose accounts coordinating on closely related topics which don't meet notability guidelines and/or contain highly promotional content
  • have there been past community discussions on local projects? Have sockpuppet investigations been conducted?

We can investigate on other wikis, find new sockpuppets or suspicious edits and find new data to get the bigger picture. When a case is solved, we can inform local communities to ask for help with cleanup (e.g. by deleting pages or systematically removing promotional material).

We also keep an archive of past cases to keep track of and consolidated archives for minor cases and internal matters.

Report a new case


Hi, welcome everyone to the antispam project. Native English speakers, I am guilty for the terrible style. ;) Feel free to rephrase as you see fit. Best, Bédévore (talk) 15:30, 30 July 2021 (UTC)Reply[reply]

For the record, this project is born after this discussion (permalink) on en-wp. Best, — Jules* Talk 15:36, 30 July 2021 (UTC)Reply[reply]
@Bédévore and Jules*: How come all things frwiki-related just look so beautiful? This is great work, thank you so much for taking the time. I've given the landing page a major copyedit. Blablubbs (talk) 17:07, 30 July 2021 (UTC)Reply[reply]
Thank you @Blablubbs (twice)! — Jules* Talk 17:10, 30 July 2021 (UTC)Reply[reply]
Thanks Blablubbs! Bédévore (talk) 21:59, 30 July 2021 (UTC)Reply[reply]

Looking for contacts on Wikimedia projects[edit]


As discussed before, this wikiproject would be very useful to identify volunteers of other Wikimedia projects willing to help on cross-wiki promotion cases.

Bédévore and I will soon start contacting other wikis (using embassies or other means) to identify such volunteers, so they can join this project and list their names on Wikiproject:Antispam/Contacts. I suggest we list below which projects each of us did contact, in order to avoid any redundancy.

Regards, — Jules* Talk 16:35, 30 July 2021 (UTC)Reply[reply]

@Jules, could you also leave the invitation for volunteers among uk.wikipedia admins? Village pump (administration) page. Thanks. --Anntinomy (talk) 16:27, 6 September 2021 (UTC)Reply[reply]

About Pierre Malinowski[edit]


On fr-wiki we identified problematic spam on closely related topics:

SPI showed that: fr:Wikipédia:Vérificateur d'adresses IP/Requêtes/juillet 2021#Svetlana090, Foundation-french, Marija1st, BKTeaman, Yasinkovski, Jean-Dumoulin1, Jehanne-Sylvie - 24 juillet = is proxy and sockpuppets are:

I also blocked other SPAs:

The pages are also under extended protection (2 yrs)-see request to admins: [3] Affected wikis are:

  • commons++++
  • en-WP+++++
  • fr-WP++++++
  • ru-WP++++++
  • de-WP++
  • WD+++

I can't speak German or Russian to warn them about this spam by a bunch of SPAs. Best regards, Bédévore (talk) 14:40, 31 July 2021 (UTC)Reply[reply]

created the page on en.wp. I blocked them for spamming back in April, for creating w:Roman Bekmuradov. MER-C (talk) 12:29, 1 August 2021 (UTC)Reply[reply]

Self-promotion: Badr Rafiki[edit]

Lua error in package.lua at line 80: module 'Module:Wd/i18n' not found. (b. 1998), Moroccan singer. Articles in different languages (mostly deleted) and repeatedly uploads in Commons (commons:Category:Badr Rafiki). --Kolja21 (talk) 01:45, 2 August 2021 (UTC)Reply[reply]

On fr-wp, I extended the creation protection for one year, as it was about to expire. — Jules* Talk 06:55, 2 August 2021 (UTC)Reply[reply]
Still active as user "Rafiki Eoax" and as IP. New articles: si:බද්ර් රෆිකි, zh:巴德尔·拉菲基 etc. --Kolja21 (talk) 23:32, 18 October 2021 (UTC)Reply[reply]
All articles have been deleted, see d:Wikidata:Requests for deletions#Q107171297. --Kolja21 (talk) 16:58, 14 February 2022 (UTC)Reply[reply]
Yes check.svg Done --Kolja21 (talk) 16:21, 16 February 2022 (UTC)Reply[reply]

Hebert Neri[edit]

Deleted two times in German Wikipedia (de:Hebert Neri) as repeated posting of advertisements. See Lua error in package.lua at line 80: module 'Module:Wd/i18n' not found., Lua error in package.lua at line 80: module 'Module:Wd/i18n' not found. and Lua error in package.lua at line 80: module 'Module:Wd/i18n' not found. (Requests for deletions). --Kolja21 (talk) 22:05, 10 August 2021 (UTC)Reply[reply]

This appears to be a more complex case which focuses on Hebert Neri on multiple wikis but not exclusively. Following accounts are associated with it:
Mark1340 (CA · xwiki · COIBot report) created article de:Hebert Neri on 7 August 2021 with another edit on 10 August, no other contributions
Monicanunez13 (CA · xwiki · COIBot report) uploaded File:Hebert Felipe Neri.jpg (6 May 2021) and File:Kiarablay.jpg (12 May 2021), account was locked by steward Stanglavine on 1 August 2021
Jsmithn22 (CA · xwiki · COIBot report) uploaded File:Hebertneri.jpg on 2 November 2018 (same picture as File:Hebert Felipe Neri.jpg which was later uploaded by Monicanunez13)
More sockets of Jsmithn22 are documented at Wikipedia:Sockpuppet investigations/Jsmithn22/Archive. This account created en:Hebert Neri on 22 October 2018 (see log) which was subsequently moved to en:Draft:Hebert Neri on 5 November 2018 and finally deleted on 30 March 2020. In addition (see log), Jsmithn22 created also an article for en:Jennifer Lobo on 8 October 2018 and uploaded pictures of Herbert Neri, Jennifer Lobo, and Fabiano de Abreu. The other confirmed sockets are:
Paulojunior34 (CA · xwiki · COIBot report) created pt:Hebert Neri on 19 April 2019 (see log)
Marcospontes73 (CA · xwiki · COIBot report)
ImperadorPalpatine99 (CA · xwiki · COIBot report) created es:Hebert Neri on 4 July 2019. Later, pt:Hebert Neri was created on 21 September and 7 December 2019 and pt:Hebert Felipe Neri on 10 April 2020 (see log)
From es:wp we come to the next sockpuppet:
JuanRojas22 (CA · xwiki · COIBot report) re-created es:Hebert Neri on 7 October 2020 and pt:Hebert Neri on 14 October 2020. I addition, this account created an article for pt:Rabino Avraham Franco on 19 October 2020 which was subsequently deleted.
--AFBorchert (talk) 13:53, 15 August 2021 (UTC)Reply[reply]
I found more related wikidata links: Jennifer Lobo (Q58099779), Fabiano de Abreu (Q31847105). --AFBorchert (talk) 14:11, 15 August 2021 (UTC)Reply[reply]

Wiki PR, Status Labs[edit]

Notable - literally, because they have articles written about them - spammers with a lengthy history. There's a lot of residual cross-wiki cleanup that needs to be performed, plus some of the spam seems to have returned in the intervening years since this case was investigated. MER-C (talk) 17:17, 17 August 2021 (UTC)Reply[reply]

List of articles pasted at User:MER-C/Spam/WikiPR. @Jules*: there's a couple for you to nuke. MER-C (talk) 16:38, 21 August 2021 (UTC)Reply[reply]
Yes check.svg Done @MER-C: maybe it would be useful to open an archive subpage (with the links above)? best, — Jules* Talk 09:49, 22 August 2021 (UTC)Reply[reply]
P.-S. : if it can help to discover other socks, @MER-C:, MonsieurJohannes (who created fr:Freshworks listed on your subpage):
— Jules* Talk 09:58, 22 August 2021 (UTC)Reply[reply]
Okay, so, some other articles to delete not on your list:
Ping @Itti and MarioGom:. (We have no contact for it-wp.) — Jules* Talk 11:09, 22 August 2021 (UTC)Reply[reply]
Yay, untagged socks. The CU data was too cloudy, but there is little doubt these accounts are affiliated. Sigh. See en:Wikipedia:Sockpuppet investigations/Japanelemu/Archive for the untagged accounts. I also created Wikiproject:Antispam/Archives/2021/Wiki PR but someone needs to complete the research. There are a lot more discussions than this. MER-C (talk) 14:27, 22 August 2021 (UTC)Reply[reply]
There is also:
— Jules* Talk 15:51, 22 August 2021 (UTC)Reply[reply]
@MER-C: en:Wikipedia:Sockpuppet investigations/Boskit190/Archive may also be Wiki PR/Status Labs: Keke1970 (CA · xwiki · COIBot report · ja · en), who created ja:SnatchBot and ja:PMインターナショナル, has been blocked on en-wp as a sock of Boskit190.
I also found out new and more recent (2020-2021) accounts, not blocked nor locked, via ja:チェーザレ・カターニア (found with ja:利用者:Keke1970/sandbox), which led me to wikidata:Q56141864:
— Jules* Talk 16:36, 22 August 2021 (UTC)Reply[reply]
Found another SPI: en:Wikipedia:Sockpuppet investigations/Fatima 77/Archive. New articles added to User:MER-C/Spam/WikiPR. MER-C (talk) 18:12, 22 August 2021 (UTC)Reply[reply]
Tagged es:SnatchBot and es:Ben Heine for deletion. is notable and someone already did some clean up. It might need further review though. Action still pending for VhuroMu2 (CA · xwiki · COIBot report · es). MarioGom (talk) 20:21, 22 August 2021 (UTC)Reply[reply]

About KapitalBrand (frwp, commons, enwp)[edit]


KapitalBrand is an e-reputation company based in Morroco and they hire freelance editors to write on wikis. They use a lot of sockpuppets to edit articles about their clients (to get the "upper hand" in debates and to publish articles, sometimes cheating on typo to bypass protections). They never declare their conflicts of interest or their sockpuppets. They are banned on fr-wp. Typically, a freelance writes a draft and another dude publishes the draft.

Sockpuppets page is here: fr:Wikipédia:Faux-nez/KapitalBrand. They operate mainly on fr-wp and commons however a few of them are on en-wp.

Best, Bédévore (talk) 08:52, 23 August 2021 (UTC)Reply[reply]

Olga Vaganova[edit]

Olga Vaganova [stalktoy] – [cross-wiki edits] (Ольга Ваганова in Russian) is a founder of ukrainian PR agency (article in russian about starting agency). Edits in uk, ru, en concern clients mainly, ignoring paid editing template. --Anntinomy (talk) 08:36, 4 September 2021 (UTC)Reply[reply]

Thanks for the information, @Anntinomy. On fr-wp, I only found one old (2011) creation: fr:PrivatBank. It used a promotional style, but it has been edited by an experienced user since. — Jules* Talk 20:38, 5 September 2021 (UTC)Reply[reply]
She has disclosure on English Wikipedia. So there is no issue here so far. MarioGom (talk) 07:48, 29 October 2021 (UTC)Reply[reply]

Unknown multilingual UPE sockfarm[edit]

I found en:Mikhail Valerievich Lifshitz in my fortnightly suspicious article list. This was created by Straycatgirl (CA · xwiki · COIBot report) who has 13k edits on uk.wp but their creations on en.wp are spewing red flags for UPE. Barvenkov (CA · xwiki · COIBot report) created uk:Лифшиц, Михаил Валерьевич.

The obvious publicity photo File:Mikhail Lifshitz.jpg in this article was uploaded by Jackrosse (CA · xwiki · COIBot report) and sourced to this Flickr profile hxxps:// engaged in obvious license laundering. The Flickr profile contains three images, the second File:Dr Amine Issa.jpg also being uploaded by Jackrosse for d:Q106809433 (Mobalytics).

The third image File:Michael Baczor.jpg was uploaded by Vladmedv (CA · xwiki · COIBot report). They substantially edited d:Q89453053 (Michael Baczor).

This Wikidata item was created by Momarfish (CA · xwiki · COIBot report). They uploaded File:Netskope Headquarters.jpg, sourced from another license laundering profile on Flickr hxxps:// (one image only), made en:Netskope a lot more spammy and created en:Nexthink, en:Lily Jay (both spam) and en:Martin Devergie.

Momarfish also substantially contributed to d:Q23672838 (Roobee). This yields three articles:

And this is where it starts to get complicated. MER-C (talk) 12:16, 4 September 2021 (UTC)Reply[reply]

This is getting old for this sock farm, so I will stop here. @DarwIn: please delete the images on Commons. MER-C 09:41, 5 September 2021 (UTC)Reply[reply]

PR Olaf Kosinsky[edit]

Olaf_Kosinsky (CA · xwiki · COIBot report) Subteno (CA · xwiki · COIBot report)

A German TV show showed a PE connection between user Olaf Kosinsky and Subteno a disposable sock. This was confirmed by CU. Olaf Kosinsky was involved in many projects. It is reasonable to assume that he also enriched many articles there with advertising. --Itti (talk) 12:28, 4 September 2021 (UTC)Reply[reply]

en:Wikipedia talk:WikiProject Articles for creation notified. MER-C (talk) 16:35, 4 September 2021 (UTC)Reply[reply]
Filed en:Wikipedia:Sockpuppet investigations/Olaf Kosinsky. MER-C 08:53, 5 September 2021 (UTC)Reply[reply]
  • frwiki: @Jules*: frwiki is also involved, for example: fr:Bianca Arndt, fr:Günter Henle, fr:Patrick Sensburg and more
    Yes check.svg Done for fr-wp. I'm sad I don't know german, to understand the TV show and how it revealed the UPE. — Jules* Talk 15:33, 5 September 2021 (UTC)Reply[reply]
    @Itti: Sorry to bother you with that, but I'm trying to understand the whole case in order to report about it on fr-wp. I'm reading de:Wikipedia Diskussion:WikiProjekt Umgang mit bezahltem Schreiben/Verdachtsfälle/Olaf Kosinsky with machine translation and there is something I don't get: was the de-wp community aware of paid edits of this experienced user? It seems he had a PR website under his own name, but I don't see any disclosure of PE on his de-wp user page. — Jules* Talk 15:57, 5 September 2021 (UTC)Reply[reply]
    @Jules*: here a short list de:Wikipedia:WikiProjekt Umgang mit bezahltem Schreiben/Verdachtsfälle/Olaf Kosinsky. I did not know. It may be that someone had seen it before, but in principle it was not known. Olaf Kosinsky was active, he organized and carried out the state parliament projects where MPs were photographed. Also in the EU Parliament. He must have used this contact and probably the idea with the PE has grown over time. It became obvious when Jan Böhmermann (quite popular in de), after doing some research, tried to get in touch with the PR agency of Kosinsky and then commissioned three rather stupid additions. They did that, he delivered with the sock and on Friday it was broadcast in the evening program. I hope to have explained it clearly. Many greetings --Itti (talk) 17:04, 5 September 2021 (UTC)Reply[reply]
    Thank you very much @Itti: Previously, I did not understand that it was the journalist who asked for the three additions made by Subteno; it's very clear now! Best, — Jules* Talk 19:54, 5 September 2021 (UTC)Reply[reply]

Regards --Itti (talk) 09:32, 5 September 2021 (UTC)Reply[reply]

@AFBorchert and DarwIn: c:Commons:Volunteer Response Team/Noticeboard#Tickets verified by Olaf Kosinsky. MER-C 10:10, 5 September 2021 (UTC)Reply[reply]
Reported to eswiki: es:Wikipedia:Tablón de anuncios de los bibliotecarios/Portal/Archivo/Miscelánea/Actual#Olaf Kosinsky. TaronjaSatsuma: could you look at the cawiki side? MarioGom (talk) 11:13, 5 September 2021 (UTC)Reply[reply]
reported in :ca.--TaronjaSatsuma (talk) 12:42, 5 September 2021 (UTC)Reply[reply]
Blocked on Commons: c:Commons:Administrators' noticeboard#Case Olaf Kosinsky. MER-C 13:02, 5 September 2021 (UTC)Reply[reply]
Wikidata checkuser request made: d:Wikidata:Requests for checkuser/Case/Olaf Kosinsky. MER-C 13:10, 5 September 2021 (UTC)Reply[reply]
blocked on -jkb- 14:39, 5 September 2021 (UTC)Reply[reply]
  • Inevitably there will need to be some sort of cleanup for the UPE here – how do we intend to go about this? Do we treat all of his contributions as UPE, or a select few? If so, how would we determine which? Thanks, Giraffer (talk) 18:08, 5 September 2021 (UTC)Reply[reply]
@Giraffer: Olaf Kosinsky was a very prolific and experienced editor and a significant part of his contributions were apparently not paid for. As far as I can see, Olaf Kosinsky was using sockpuppets for paid editing but used his main account to support these activities by moving articles from draft to main space (at en:wp, example), by reviewing new articles (at de:wp, example), and by processing VRT tickets which were related to his paid activities ([example). The problem is that we just know some of the socks but there are probably more which did not come up in the CU results at de:wp as they weren't used in the last three months. --AFBorchert (talk) 09:49, 6 September 2021 (UTC)Reply[reply]
Nothing extra found in the en.wp sockpuppet investigation. MER-C 17:11, 7 September 2021 (UTC)Reply[reply]
Thanks, AFBorchert. I think I'm just gonna go through the sockpuppets' contributions and then whatever interaction the main account had with them (on enwiki). Thanks for your help. Regards, Giraffer (talk) 21:24, 7 September 2021 (UTC)Reply[reply]

Improving tools for monitoring and response[edit]

I commented on wikimedia-l that it seemed there's much more that could be done to support this work. Including:

  • Monitoring the market for UPE
    Work with groups that are in the market and completely transparent about their work to maintain a sense of rates and volume
    Search general contracting sites, general search engines, and specific reputation brokers for new options; maintain a catalog
    Spot-check and commission work. last week Jan Böhmermann spent under 500 Euros and identified two German UPE networks
  • Building better tools for tracking and countering UPE
    Tracking: automated scoring (seems like some of this exists but not everyone uses it?)
    Countering: tools to coordinate work, making it more satisfying + collaborative to tackle organized UPE networks. Especially for often-targeted categories (politicians + companies)
    Both: Focus on tools for detecting large farms/networks over time, and cleaning up the mess they leave. (how automated is this now?)

Thanks @MarioGom: for pointing me here. I am curious how much of this tooling and automation exists already, and how to make it ore visible to editors on individual projects (who might not know about cross-wiki antispam efforts).

And I recognize that we don't have a uniform definition for the heart of the challenge -- Spam, COI, UPE (constituting a kind of hidden COI), and sock- and meat-puppet networks: all are slightly different contexts + scopes. How do you think about those in relation to one another? –SJ talk  20:52, 8 September 2021 (UTC)Reply[reply]

Hi SJ: thank you for bringing this up here. Here's some thoughts:
Monitoring the market for UPE
  • Work with groups that are in the market and completely transparent about their work to maintain a sense of rates and volume
    • Disclosed paid editors (DPE) are a tiny fraction of paid editing. Both in terms of number of accounts and edit volume. Some may be collaborative, like Beutler Ink (ping WWB Too), but I'm not sure that would be very useful for tackling UPE. If you refer to groups who are transparent about their work and rates off-wiki but don't disclose on-wiki, that probably only covers some Upwork freelancers, who are also just a small part of the market. Large actors rarely disclose rates, clients, and often not even the fact they offer Wikipedia services.
  • Search general contracting sites, general search engines, and specific reputation brokers for new options; maintain a catalog
    • We currently do some monitoring on English Wikipedia (see en:Wikipedia:List of paid editing companies), I think French Wikipedia does something similar (ping Jules*). Some editors also monitor sites like Upwork, and some results can be seen at en:WP:COIN. However, public disclosure can be in conflict with harassment policies (en:WP:OUTING), functionaries and some admins have access to more information on evidence discovered this way. A Volunteer Response Team queue exists at, but only functionaries have access, and as far as I know, it is severely understaffed.
  • Spot-check and commission work. last week Jan Böhmermann spent under 500 Euros and identified two German UPE networks
    • Some people did this on French Wikipedia too, also uncovering some cross-wiki UPE operation in France (see en:Wikipedia:Wikipedia Signpost/2020-05-31/News and notes). There seems to be some disputes about how mystery shopping and our policies interact, especially on English Wikipedia. If we want more of this, we'd need a framework to ensure that mystery shoppers who are members of our community know the do's and dont's to avoid policy issues.
Building better tools for tracking and countering UPE
  • Unlike ORES, it is usually easier to detect UPE editors than isolated UPE edits. A (insufficient) number of tools exist, for example. MER-C's suspcious new articles report (see en:Wikipedia talk:WikiProject Spam#Suspicious new articles). We usually conceal operational details of such tools (en:WP:BEANS). Publicly disclosing all detection heuristics would be like publishing a manual on how to do UPE and get away with it. Anyway, I'll list here some categories of tooling I'm aware of:
    • General discovery: Tools that help finding UPE editors in general (not a specific sockfarm). MER-C's report fall into this category. I use some heuristics that yield around a 20%-35% verifiable true positive rate among the discovered accounts. I don't publish the results of this tool to avoid harm to innocent users, but a number of accounts I report come from these results after manual research.
    • Specific discovery: Tools to discover new accounts of known sockfarms. These include things as simple as watching recent changes on articles heavily targeted by specific sockfarms (e.g. en:User:MarioGom/TOPCOI/Bx), as well as more targeted heuristics to detect a known behavioral fingerprint. This works for some big UPE operations (e.g. Yoodaba SPI).
    • Attribution/Verification: Tools to check a suspicious account and attribute it to a known sockmaster. This is also quite feasible for some large operations (e.g. Yoodaba SPI, CharmenderDeol SPI, Jaktheladz SPI).
    • Investigation: Tools for behavioral sockpuppetry investigation, such as toolforge:spi-tools, toolforge:sigma, toolforge:xtools. Tooling is particularly lacking when it comes to research of cross-wiki UPE operations.
Other than that, the recent creation of Wikiproject:Antispam has been a good step in terms of cross-wiki coordination.
About cleaning up the mess, it's a quite lacking area. We have organized some ad hoc clean ups on enwiki (en:User:Blablubbs/Wolfram, en:User:MarioGom/LoboReview, en:User:MarioGom/KazakhReview), but there is still nothing formal or systematic.
Nosebagbear has a collaborative sandbox for UPE proposals (see en:User:Nosebagbear/UPE Proposals), which is worth the attention of anyone interested in moving some proposal forward. --MarioGom (talk) 10:45, 9 September 2021 (UTC)Reply[reply]
@MarioGom: on fr-wp, we have information on paid editing companies, but disseminated. I took the initiative to create fr:Projet:Antipub/Agences de communication today (we still have to complete it); it will help us to centralize the information. We also intend to trap again some agencies in the future, in order to find socks they use, as we did in May 2020. Best, — Jules* Talk 16:56, 10 September 2021 (UTC)Reply[reply]
Interesting, thanks to you both. @MarioGom: I think the number of larger orgs involved in en:WP:CREWE is enough that we could get a rough estimate of market rates and volume. Even one or two active PR agencies will have a better sense of it than most editors, and comparisons over time will be useful even if they see a biased subset. –SJ talk  16:29, 14 September 2021 (UTC)Reply[reply]
Our anti-abuse tools are a pile of garbage and the API is actually worse by virtue of having random missing functionality. Once we have a working CAPTCHA, all anti-abuse tools in MediaWiki and extensions used on WMF sites have dedicated maintainers, the technical debt in the anti-abuse tools is gone, the API has been audited for missing functionality (phab:T192023, phab:T20104, phab:T188672, phab:T261752 are all material impediments) and that functionality provided, the spam blacklist is still public and infinitely scalable, PageTriage is available for all wikis and in a much improved way, ..., then we can discuss improvements. I want to focus on finding spam, not fighting the WMF's bad software and bad management decisions.
That said, if someone wants to put together a training set that would be great. I know what I am looking for, it's just a matter of weeding out the false positives. The better I can do this, the less I can rely on behavior. MER-C 17:42, 9 September 2021 (UTC)Reply[reply]
MER-C Helpful ideas and links, thank you. I'm not sure what the right way is to bundle these up and push for prioritization; is it helpful to have an umbrella ticket for this that we can all add our +1's to? –SJ talk  16:29, 14 September 2021 (UTC)Reply[reply]
The state of the admin tools is so bad that any improvement to anti-abuse tools in MediaWiki is welcome. Anti-spam is not the only problem we face - a general improvement in anti-abuse tools will make progress against several problems. If I were to pick one for quick wins, it would be the deleted title search in the API and UI improvements for the deleted title search so that they are available in new page patrol and other scripts. There's no escaping the massive pile of work that is phab:T20493 though. MER-C 18:25, 14 September 2021 (UTC)Reply[reply]
  • SJ: I have surveyed data from various major UPE companies and they charge $500-$2,500, with median probably around $1,500. With respect to volume, after some back-of-the-envelope estimates, I would say that UPE page creations on English Wikipedia are in the hundreds per year (conservative), possibly in the thousands. It's hard to know for sure, since there's a long tail of UPE editors beyond the few major UPE companies. MarioGom (talk) 12:54, 28 January 2022 (UTC)Reply[reply]
Thank you for looking into it. That's substantive, and good context for improving related tools. –SJ talk  21:01, 29 January 2022 (UTC)Reply[reply]

Reduction + diversion of misapplied energy[edit]

Another thought: have we looked into ways to reduce or divert demand for paid editing into constructive channels? The demand for run-of-the-mill publicity helps hide malicious manipulation. To limit this, we might create an (off-WP) space for freely-licensed intermediate steps along the path towards an on-WP proposed edit. And make the above even clearer by having all commercial paid editing start in this space instead, w/ its own tools and assumptions and expectations:

  1. Define (or create) a preferred site for sharing free knowledge about the 80% of this that is non-deceptive but still out of scope: self-curated statements by subjects, possibly-NN summaries, related media (less of an issue, given Commons' policies)
  2. Build tools to make it easy to create + transfer drafts there, streamlining deletion + migration processes.
  3. Observe activity there -- likely w/ meaningful correlation to UPE on Wikipedia.

As an example: sharing freely licensed media intended? proposed? for use in a paid article is easy, b/c Commons has fewer steps to follow, and is set up in a way that it doesn't suggest reputation or notability by associationn -- so its pages aren't very good targets for astroturfing; but are a mechanic for releasing media w/ metadata under a free license. An equivalent for nominally-factual statements (or self-reported statements) about verifiable entities could similarly narrow the subset of such edits that hit RC. –SJ talk  16:24, 14 September 2021 (UTC)Reply[reply]

Hammering UPE operations does divert some demand into constructive channels. I have observed a few companies switching to in-house, policy-compliant, disclosed paid editors after the agency they hired was banned, exposed, and their customers appeared connected to it.
As for other venues, you can look at Wikitia and Everipedia. BLP and companies there are often correlated with UPE on Wikipedia. These are wikis they can use to freely dump all the promotional garbage they want.
On English Wikipedia we do have drafts, which is where commercial paid editing is supposed to go. For simple, hard facts, Wikidata is friendly to COI and paid editing, disclosed or undisclosed. Commons is also a relatively safe place unless they incur in copyvio (which is often the case). I'm not sure I fully grasp the kind of solution you're proposing here. MarioGom (talk) 16:43, 14 September 2021 (UTC)Reply[reply]
Widely publicise examples of paid editing backfiring.
Unfortunately I've seen some diversion towards the Simple English Wikipedia. MER-C 18:29, 14 September 2021 (UTC)Reply[reply]
Thanks, good examples. Wikitia and Everipedia could perhaps be such a place. [Update: it seems not.] They both still claim to be curated third-party encyclopedic content... even though they have neutrality and balance problems that far exceed our own. What I mean is
1. identifying a specifically recommended autobio-index -- a channel for a) freely-licensed, b) sourced + verifiable, self- or pr-descriptions of possibly non-notable entities, which explicitly states that it makes no claims of independence, balance, or neutrality, and does not present itself as an "encyclopedia".
2. sending commercial-PE (paid or otherwise) to such a channel to update a page there. away from the RC or on-wiki process here.
3. while all editors can use Drafts here to develop articles, commercial-PE should just post a link to this other site; from which a page or section could be imported if appropriate.
4. building tools to easily transfer pages to that channel and remove them from WP. self-promotions or articles by sock farms (that might one day be WP-suitable, if cleaned up) could be more readily deleted + migrated; and we might impose a higher standard of balance + notability for CPE, or a policy of bulk deletion/migration of articles created by UPE. All of this might be easier / less controversial if we know this isn't removing free knowledge from the web, but rather removing it from the search-engine-visibility and implicit curatorial approval of being on WP.
Do you think we could do the above w/ a pointer to Wikitia? Do you see value in trying to move CPE away from using drafts, and adding specific "delete and migrate" tools? @MarioGom: I haven't thought through the implications in detail, but that's roughly what I meant. –SJ talk  17:07, 15 September 2021 (UTC)Reply[reply]
Do not ever consider Wikitia (but Everipedia is OK). Wikitia is a shady site documented in the MediaWiki spam blacklist. It is operated by Avoof [6], an Indian SEO company in Udaipur, Rajasthan that is well documented on en:WP:PAIDLIST. Avoof employees are the only users who are allowed to edit Wikitia. The main operators are Himank Seth [7] and Sonali Kavdia, who are highly active spammers on LinkedIn and Upwork and actively spam their own profiles all over the Internet to promote themselves. They regularly scrape articles off Wikipedia and charge clients a few hundred dollars to publish on Wikitia. Probably only 5% of the pages showing up on Wikitia are Avoof's clients.
They evidently have poor English skills as this confusing jumble of words on Wikitia's main page shows.

The community at Wikitia is limited to only specialized editors who are experts in their fields and can helping in building verified content by the continuous efforts. All articles and pages on Wikitia are protected to provide verified encyclopedic content by controlling the substandard edits by all users, who dont have knowledge in that industry or field.

Unlike Wikipedia, we believe that just negativity or controversial content are not a qualification for a page, which has garnered a lot of attention and mostly hate crime content is highlighted and not the positive work.

Dealing with this requires close monitoring of anything related to Wikitia that shows up on the Internet, such as job ads relating to Wikitia pages. Jwindleberg (talk) 02:28, 11 October 2021 (UTC)Reply[reply]
Thanks @Jwindleberg:, so it sounds like that one is not a good option. Again suggesting we might want to set up our own venue, which rejects spam and abuse, but supports permanent rough drafts and not-yet-notable material. –SJ talk  12:51, 12 October 2021 (UTC)Reply[reply]
Everipedia is a very good venue for "permanent rough drafts and not-yet-notable material." Larry Sanger, one of the co-founders of Wikipedia, was active in founding and managing Everipedia. The site looks well managed and has a very supportive community. On the other hand, there is no way that Wikitia can be viable option since it's completely controlled by shady Indian spammers. Jwindleberg (talk) 17:34, 12 October 2021 (UTC)Reply[reply]

Obviously the top priority is to first hunt down the big-time harassers and extortionists. They are the ones causing the biggest damage to WMF projects. All the other small-time spammers who don't do extortion or blackmailing are just annoying but not diabolic. We should get rid of those online gopnik gangs like first. Jwindleberg (talk) 17:45, 12 October 2021 (UTC)Reply[reply]

++ That makes sense to me. –SJ talk  16:03, 13 October 2021 (UTC)Reply[reply]

Sophisticated (Eastern) European paid editing rings[edit]

At Wikiproject:Antispam we see highly sophisticated paid editing syndicates operating mainly from Europe, especially Ukraine and Russia but with a smattering of US, French and German operators. On en-wp, the main actors are low-skilled spammers from India, Pakistan and Bangladesh who usually do not display much sophistication and largely confine their activities to en-wp. Starting off with a list of known sockfarms and their countries of origin listed at meta,

  • Çelebicihan - Ukraine
  • Wikibusiness - Ukraine
  • Serghiy Hrabarook - Ukraine
  • Olga Vaganova - Ukraine
  • Pierre Malinowski - Russia and France
  • Wiki PR, Status Labs - US
  • Ross kramerov - US, of Russophone origin
  • Olaf Kosinsky - Germany
  • Prix Versailles - France
  • KapitalBrand - Morocco
  • UA85 - Pakistan
  • Xenen1970 - Nigeria

Quite a different situation from en-wp which gets overwhelmed with clueless unsophiscated spammers from developing Anglophone countries such as India, Pakistan, Bangladesh, Sri Lanka, Nigeria, Ghana and the likes, as observed at en:WP:SPI. See this observation by Bri on en:Wikipedia:Wikipedia Signpost/2020-05-31/Recent research,

I've been working in this arena for a while, and in fact have a credit in the paper for contributing labeled data that was used to train the model. We aren't sure how sophisticated some of these operations are but my feeling is there's a distinct break between the activities of the outfits catering to well-funded Global North entities (in particular corporations and their executives, entertainers/entertainment companies, and politicians and political groups) – probably what you mean by the "professionals" – and the rest. I wouldn't be surprised if the former are highly aware of the investigative techniques used on-Wiki, and adapt to whatever metrics and techniques we apply, but the latter are unable to, at least quickly. But the greatest volume of stuff that has to be dealt with is due to the less sophisticated group, and it would still be useful to have tools that willow that away so human effort can be focused on the remainder.

This means we may need different strategies and tools to deal with, for instance, sophiscated Ukrainian paid editing rings vs. noob-type Indian freelancers. A pattern emerging now is that sophisticated x-wiki spam tends to come out of Ukraine, Russia and to some extent Western Europe, but the mostly monolingual Americans and British are typically occupied only with en-wp. Jwindleberg (talk) 02:28, 11 October 2021 (UTC)Reply[reply]

For what it's worth, fairly sophisticated UPE operations are run from the US, UK, and Israel too. At least on English Wikipedia. Also some bigger operations are internationalized, e.g. primarily run from the US with additional teams in Philippines or Hong Kong. MarioGom (talk) 21:06, 5 November 2021 (UTC)Reply[reply]

Ross kramerov[edit]

Upwork freelance spammer (not their real name) that has polluted multiple wikis. Ongoing abuse. Falsely claims authorship of at least two articles on their Upwork profile.

Residual articles:

Cleanup is mostly complete but there is another sockpuppet investigation pending. MER-C 18:40, 17 September 2021 (UTC)Reply[reply]

Linkspam online casinos et. al.[edit]

We are currently investigating accounts in dewiki which are involved in cross-wiki spamming, there was an SPI on enwp uncovering lots of socks. The accounts usually make a few edits verifying wayback archive links and then they add valid content with a reference to an unsuitable commercial website (online gambling, hair replacement, etc.).

Completed/ongoing investigations:

Other affected wikis:

--Count Count (talk) 10:55, 19 September 2021 (UTC)Reply[reply]

Sites spammed on en.wp:

Unblocked sockpuppets found:

SPI renewed. MER-C 14:18, 19 September 2021 (UTC)Reply[reply]

I endorsed a CU-check for sleepers on enwiki; I'm basically certain that – at least on en – these are all operated by the same person. I also had a go at a (private) abuse filter. Spam blacklist might be something to consider as well(?), though I have little experience with that. Blablubbs (talk) 18:03, 21 September 2021 (UTC)Reply[reply]
No new domains found on en.wp. Someone needs to gather up all of the domains and send them to Talk:Spam blacklist - but that can only be done once the German and Spanish investigations are completed. MER-C 19:11, 21 September 2021 (UTC)Reply[reply]

Some more socks that we found on and then xwiki:

They're probably related to these old accounts: Marcooo671 (CA · xwiki · COIBot report), Blixa8519berlin (CA · xwiki · COIBot report), and Smith8519berlin (CA · xwiki · COIBot report) which edited w:it:LeoVegas the same way User:AnnaAmiar did. Sites spammed on and (炸裂) 19:47, 25 September 2021 (UTC)Reply[reply]

Dewiki CU-results are in (w:de:Special:Diff/215891560). I requested locks for the unlocked accounts. Blablubbs (talk) 21:52, 25 September 2021 (UTC)Reply[reply]

Additional accounts found:

MER-C 09:24, 26 September 2021 (UTC)Reply[reply]

More. MER-C 15:13, 26 September 2021 (UTC)Reply[reply]

Domains mentioned here nominated for blacklisting. MER-C 10:47, 3 October 2021 (UTC)Reply[reply]
All blacklisted. Dirk Beetstra T C (en: U, T) 12:48, 3 October 2021 (UTC)Reply[reply]
LuchoCR: Some of the accounts listed in this case edit eswiki, maybe you can have a look? Thanks! MarioGom (talk) 07:55, 5 October 2021 (UTC)Reply[reply]
@MarioGom:: None of the accounts have activity in the last 90 days, son can't run a verification. --LuchoCR (talk) 18:51, 5 October 2021 (UTC)Reply[reply]
Next CU on dewiki: de:Wikipedia:Checkuser/Anfragen/Supercars08 --Itti (talk) 13:09, 22 January 2022 (UTC)Reply[reply]

These links were used by recent sockpuppets related to this spam. --Johannnes89 (talk) 13:56, 22 January 2022 (UTC)Reply[reply]

+ enWP [8] --Johannnes89 (talk) 21:31, 22 January 2022 (UTC)Reply[reply]

Rohit Mehta[edit]

Affects en.wp, simple.wp, hi.wp, Commons and Wikidata. Spam for Rohit Mehta and his website. MER-C 08:35, 20 September 2021 (UTC)Reply[reply]


I have enabled COIBot's tracking capabilities to this page (diff). That means that COIBot will create reports for link additions for links reported in {{LinkSummary}}/{{XWikiSummary}} templates and users reported in {{UserSummary}}/{{IPSummary}} templates, and that COIBot will track the diffs where the links/users were reported here. Overall that makes it easier to trace back evidence to blacklistings if every they get challenged, or future requests to earlier observations. Dirk Beetstra T C (en: U, T) 13:23, 21 September 2021 (UTC)Reply[reply]

Awesome, thank you Beetstra! I was just thinking about that this morning when I queued a bunch of reports via IRC for domains listed on this page. GeneralNotability (talk) 15:04, 21 September 2021 (UTC)Reply[reply]


See w:en:Wikipedia:Sockpuppet investigations/CharmenderDeol. A large sockfarm working on simple, Commons and enwiki; accounts are usually either segregated between wikis or have a strong focus on one. Per enwiki CU, there is proxy use involved, so I suspect additional local checks may uncover additional accounts. Any assistance with filing relevant investigations and cleanup would be appreciated. Blablubbs (talk) 09:18, 25 September 2021 (UTC)Reply[reply]

Thanks, at Commons speedy deletions have been initiated for File:DAO Minh Quan.jpg, File:Michael Obeng.jpg and File:Luis Marti.jpg. In addition, a couple of regular DRs were opened: c:Commons:Deletion requests/Files uploaded by ImmaDie, c:Commons:Deletion requests/File:Griffin Lotson.jpg, c:Commons:Deletion requests/File:Richard Bohannon.jpg, c:Commons:Deletion requests/File:AQUILES ESTE.jpg, c:Commons:Deletion requests/Files uploaded by Nirmaln404. --AFBorchert (talk) 23:34, 25 September 2021 (UTC)Reply[reply]
I ran into SabrinaMaze (CA · xwiki · COIBot report · simple · en) while working on the enwiki SPI case. They are stale on en, but based on their creation of simple:Aquiles Este they are probably related to this farm (see en:Draft:Aquiles Este, c:File:AQUILES ESTE.jpg). CU on simplewiki might be helpful. Spicy (talk) 01:30, 26 September 2021 (UTC)Reply[reply]
@Ferien: see above. MER-C 10:00, 26 September 2021 (UTC)Reply[reply]
I've sent that page to requests for deletion.. Eptalon, could you take a look at the sockpuppetry stuff? Thanks, Ferien (talk) 10:12, 26 September 2021 (UTC)Reply[reply]

UA85 and related[edit]

  • Affected wikis: Wikidata, pnb.wp (Western Punjabi), en.wp, fr.wp, no.wp, hi.wp (Hindi), ur.wp (Urdu), pl.wp, es.wp, bn.wp, Commons.

UA85 claims to be Umair Ahmad. Originally limited to this subject, they have since engaged in both UPE and link spamming. There is also likely a spam company behind all of this. Ongoing abuse. MER-C 20:01, 25 September 2021 (UTC)Reply[reply]

Most of the sockpuppets did not have any contributions at Commons. Most of the uploads are already deleted, File:Jeans Explosion.jpg is one of the surviving files with VRT permission (appears to be genuine). --AFBorchert (talk) 22:36, 25 September 2021 (UTC)Reply[reply]

Needs a flush out on Commons, Urdu and Punjab Wikipedias. MER-C 17:01, 16 April 2022 (UTC)Reply[reply]

@TheAafi: there are at least a few spam pages on the Urdu Wikipedia awaiting elimination. User:MER-C/Spam/UA85 may be helpful. MER-C 17:12, 25 April 2022 (UTC)Reply[reply]
MER-C Been in travel since last night. Gimme sometime and I'll get this done. ─ The Aafī (talk) 03:41, 26 April 2022 (UTC)Reply[reply]
I deleted several articles under UA85 tag, and will check all others once I reach back home. ─ The Aafī on Mobile (talk) 03:54, 26 April 2022 (UTC)Reply[reply]
{@MER-C:, I deleted a bunch of articles and removed the spam links from several others. I'll likely move few of these through AfD because I'm not sure whether to keep these or to delete them, so I'd seek consensus from the local community. Everything else is Yes check.svg Done. ─ The Aafī (talk) 14:38, 26 April 2022 (UTC)Reply[reply]


These accounts have been blocked for socking and spamming on enwiki (see en:Wikipedia:Sockpuppet investigations/Trane007), but the first two are also active on frwiki. Articles that have been created or heavily edited by them include:

Trane007 was previously warned for UPE on frwiki [9]. There also seems to be some related logged-out editing on 2001:8A0:E80A:B200::/64 - see en and fr contribs. This might go back further than this - Barbapapa888 (CA · xwiki · COIBot report · fr), though stale, is likely related based on editing interests and username.

Thanks, Spicy (talk) 12:21, 1 October 2021 (UTC)Reply[reply]

Hi @Spicy. Thanks for the info. I blocked accounts on fr-wp, deleted some articles, marked the other for UPE, and asked for a SPI: fr:Wikipédia:Vérificateur d'adresses IP/Requêtes/octobre 2021#Trane007, Honesty888 - 1 octobre. (You can ping me when cases are related to fr-wp.) Best, — Jules* Talk 13:03, 1 October 2021 (UTC)Reply[reply]
That was fast - thanks. Will do in the future re. pings. Spicy (talk) 14:39, 1 October 2021 (UTC)Reply[reply]

Locks requested. MER-C 17:09, 9 October 2021 (UTC)Reply[reply]

@Spicy, MER-C, and Jules*: Mardit1 (talk · contribs) has started editing about AFRO on enwp. Blocked locally. Blablubbs (talk) 15:25, 28 October 2021 (UTC)Reply[reply]

Split-project UPE for Dave Sidhu among likely others[edit]

I got a set of users that are likely socks of one another, with single-project editing largely being limited to one of each account. What follows is the behavioral evidence that links them. I'm already working on making sure the enwiki editor gets blocked since it's pretty blatant.

User/Link summaries