User:Pathoschild/Scripts/StewardBot

From Meta, a Wikimedia project coordination wiki
This bot is named "stewbot" on IRC, and is entirely distinct from the bot named "StewardBot" on IRC whose source code is mirrored on GitHub.


StewardBot is a Python script which idles in several channels on the freenode IRC network as "stewbot" when Pathoschild is around, including #stewardbotconnect and #wikimedia-stewardsconnect. It accepts commands and performs utility operations related to steward tasks.

Secret agenda[edit]

Popular wikis are often abused to publish attacks on users or persons. This bot aims to defeat such attempts, particularly with regards to the registration of usernames containing attacks or private information. This method was particularly nefarious, because it was virtually impossible to remove this information after the account was created.

Fortunately, recent developments in the MediaWiki software make it possible to counter this, and even erase past attacks. This bot was primarily created to facilitate this. Specifically...

  1. The bot automates the process of blocking a malicious user globally and locally, and if necessary removing it from logs and edit histories. A new account processed this way effectively disappears. Since the process is almost entirely automated, it takes longer for malicious users to create such accounts than it takes to suppress them.
  2. By automatically scanning locked global accounts' local edits, operators are notified about hidden vandalism and page creations, avoiding the possibility that an attack page will be created on a small wiki and be indexed by search engines.

User access & security[edit]

Commands are divided into three access groups: unrestricted commands may be issued by anyone; whitelist commands may be issued by users in the bot's whitelist; and operator commands which will be accepted only from the operator. Whitelisted users may also issue op commands, but will require operator approval using !commit.

The bot only processes sensitive commands from authorized users. Its authorization is based on explicitly whitelisted Wikimedia cloaks, and its security is paranoid and handled at a code path bottleneck at the parser level. In addition, it is only running when Pathoschild is near its terminal to intervene if needed, and all its commands are reversible.

Only Pathoschild has operator access.

Current commands[edit]

Unrestricted commands[edit]

Documentation
!help
!help command
Displays concise documentation about the bot, or the specified command.
!help keyword Displays details about the bot:
  • !help access: information about command access, and a list of whitelisted users and operators.
  • !help commands: a list of commands, sorted by access level.
  • !help status: information about the bot's IRC and web connections and configuration.
Utility
!activity domain
!activity dbprefix
display dates of last edit, and last local sysop & bureaucrat actions by local users on the specified wiki.
!links ip
!links username
Provide relevant links for IPs or global accounts.
!lookup language_code Looks up an ISO-639 1–3 language code in iso639db.
!scanedits name Scan for edits by a global account; privately send links to contributions for wikis with edits, or link to a sandbox list if there too many edited wikis.
!showrights name@wiki List the specified user's local and global right-groups.
!steward Ping available stewards, for emergency situations where a steward is needed immediately.
Disabled by default; enable with "!config > stewardping > 1".
!translate text Uses Google translation tool to detect the language the text is written in and outputs the English translation if available.
  • !translate source language > text : Translates text from source language to English.
  • !translate source language > target language > text : Translates text from source language to target language.
Frivolous
!bash
!bash literal search terms
!bash id
Display a randomly-selected quote from bash or bugzilla quips, the first quote containing the search string, or the quote selected by queue ID.
!debug Print a random quote from Pathoschild's three-year-old niece (except when debugging).

Whitelisted guest commands[edit]

!config option > value Changes runtime configuration:
  • [operators only] disablerestricted > 0|1: disable processing of all restricted commands at the parser level, for even more paranoid security during operator absence.
  • redundantconfirm > 0|1: toggle confirmation messages for wiki actions (normally redundant with another IRC bot).
  • stewardping > 0|1: toggle response to "!steward" command (normally redundant with another IRC bot).
!exit
!exit reason
Disconnect from IRC and end process.
!reset
!reset reason
Delete web cookies and log back in, disconnect from IRC and reconnect.

Operator commands[edit]

Wiki-targeted commands
!block user@wiki
!block user@wiki > expiry
!block user@wiki > expiry > reason
Block the user on the specified wiki (with email disabled). Wiki can be 'global' or a db_prefix, and expiry can be 'never'.
!blockhide user@wiki
!blockhide user@wiki > reason
Block the user on the specified wiki (with email disabled), and oversight the account name in edit histories and log entries. Wiki can be 'global' or a db_prefix.
!unblock user@wiki
!unblock user@wiki > reason
Unblock the user on the specified wiki. Wiki can be 'global' or a db_prefix.
!checkuser target@wiki [operators only] Assign checkuser access to the requesting user, and link to the checkuser form prefilled with the specified user.
!setrights user@wiki > +right1,right2
!rights user > right1,-right2 > reason
Adds or removes the specified user's right-groups, where wiki is a db_prefix. Groups are listed with commas, with '+' or '-' before a name switching between addition and removal of subsequent groups (default is addition).
CentralAuth commands
!lock name
!lock; name > reason
Lock a global account.
!hide name
!hide name > reason
Hide a global account.
!lockandhide name
!lockandhide name > reason
Lock and hide a global account.
!unlock name
!unlock name > reason
Unlock a global account.
!unhide name
!unhide name > reason
Unhide a global account.
Other global commands
!gblock address > expiry > reason Globally block an IP address or CIDR range, anonymous-users only.
!gunblock address > reason Globally unblock an IP address or CIDR range.
!stab user Lock & hide the global account, scan its edits on every wiki, and block all local accounts.
!stabhide user Lock & hide the global account, scan its edits on every wiki, block all local accounts, and oversight name in local logs and edit histories.
!wikiset wikiset_id > +wiki1,-wiki2
!wikiset id > wiki1,wiki2 > reason
Add or remove the wikis to the wiki set. Wikiset_id is the numeric wikiset ID (type "!help > wikiset" for a list). Wikis are database prefixes listed with commas, with '+' or '-' before a name switching between addition and removal of subsequent groups (default is addition).
Command commands
!commit id
!commit all
[operators only] Executes the specified user restricted command (or all uncommitted user commands).
!cancel id
!cancel all
[operators only] Removes the specified user restricted command without executing it (or all uncommitted user commands).
!requeue [operators only] List IDs in uncommitted queue (awaiting !commit or !cancel).
!requeue view > commit_id
!requeue edit > commit_id > arg_id > value
[operators only] View or modify the queue of commands awaiting !commit or !cancel. commit_id is the command's numeric ID in the queue; arg_id is the numeric count from one of the argument you want to modify; value is the value to set for that argument.
!withlist url > command
!withlist url > command > arg1 > ...
Parse a plaintext list of values at the given URL, and queue "!command > value > arguments" for each value (!commit needed). Valid with commands: block, blockhide, lock, hide, lockandhide, unlock, unhide, gblock, gunblock, setrights, stab, stabhide, unblock, wikiset, setrights.

See also[edit]