spammers on pypi
robert.kern at gmail.com
Mon Jun 8 15:39:39 EDT 2009
On 2009-06-08 14:32, Jesse Noller wrote:
> On Mon, Jun 8, 2009 at 3:14 PM, Robert Kern<robert.kern at gmail.com> wrote:
>> On 2009-06-08 07:44, Skip Montanaro wrote:
>>> On Jun 5, 1:39 pm, joep<josef.p... at gmail.com> wrote:
>>>> Is there a way to ban spammers from pypi?
>>> Can you provide some examples? It's possible that we can apply
>>> to PyPI submissions in much the same way that we apply it in other non-
>> I suspect he might talking about all of the "1.0.1" releases of projects on
>> June 5th from "v y p e r l o g i x . c o m" or "p y p i . i n f o"
>> (obfuscated to avoid helping them out). Most of them appear to be removed,
>> now. These chuckleheads even have a blog post complaining about it. I can
>> collect a list from my Cheeseshop RSS history if you like.
>> I don't think a SpamBayes approach will work for this particular guy. It's
>> not like completely fake metadata was uploaded with links to spam sites.
>> There actually is Python code for some of them. Maybe even some that is
>> marginally useful. But only marginally (Linked Lists for Python? Really?).
>> All of the code appears to use their proprietary, unreleased package.
> None of the code was useful, and I swear it all seemed like one giant
> ruse to bump google rankings for his pay-for-play sites and downloads.
> It was all just series of URLs back linking to his crap-sites.
Come now! I'm sure pyLotto has some measurable (but tiny!) amount of expected
value to it. :-)
The main point is that the code isn't gibberish. It might even do what it claims
to do if one had the dependencies. Only a human examining it could determine
that the code was actually useless and part of a spam-like campaign.
"I have come to believe that the whole world is an enigma, a harmless enigma
that is made terrible by our own mad attempt to interpret it as though it had
an underlying truth."
-- Umberto Eco
More information about the Python-list