Stewards' noticeboard

From Meta, a Wikimedia project coordination wiki
Jump to navigation Jump to search
Stewards Stewards' noticeboard Archives
Welcome to the stewards' noticeboard. This message board is for discussing issues on Wikimedia projects that are related to steward work. Please post your messages at the bottom of the page and do not forget to sign it. Thank you.
  • This page is automatically archived by SpBot. Threads older than 30 days will be moved to the archive.
Stewards
Wikimedia steward Icon.svg
Requests
For stewards
Noticeboards
Filing cabinet icon.svg
SpBot archives all sections tagged with {{Section resolved|1=~~~~}} after 2 days and sections whose most recent comment is older than 30 days.

Special:Abusefilter/194 to limit editing of stewards' requests archives[edit]

I have noticed that there has been a little "creative" editing of the archived subpages of "Stewards requests". To maintain those archives in their preferred form, I have created an abuse filter that limits editing of those pages to users with the autopatrolled right. I have tested it against the existing recentchanges with no false positives, though I will keep an eye on it for any unintended consequences. I hope that is convenient to you.  — billinghurst sDrewth 09:38, 22 December 2018 (UTC)

I have inserted a custom message fwiw, though yet to check whether the hyperlink works, will get to that when I am next in a no-permissions account, unless I find a volunteer with no permissions/test account.  — billinghurst sDrewth 15:06, 22 December 2018 (UTC)
@Billinghurst: seems to work, got the link to the 'parent page' and could follow it. — xaosflux Talk 15:15, 22 December 2018 (UTC)
I tried using my public account and yes, it does work as per Xaosflux.--Cohaf (talk) 07:03, 26 December 2018 (UTC)
Can we get higher limit than autopatrol? Seems like autopatrol is too lenient to prevent posting on wrong venue. I'd propose limiting to sysop + bot + steward. — regards, Revi 06:18, 7 January 2019 (UTC)
I have changed it and utilised "noratelimit" as described at special:listgrouprights which is a little broader than your list, though I think favourably. That may be imperfect, however, we can have that discussion, for instance we could add "rollback" if we wanted broader latitude.  — billinghurst sDrewth 09:28, 7 January 2019 (UTC)
@-revi: Noting that if we are maintaining this level, I probably should just merge 133 and 194 as they are new replicating each other.  — billinghurst sDrewth 12:52, 7 January 2019 (UTC)
If the above is implemented, could patroller be at least allow to edit just in case we find some hidden vandalism somewhere.--Cohaf (talk) 08:11, 7 January 2019 (UTC)
I tested today on the archives of talk pages of stewards requests, I wonder why it isn't extended to them too? --Cohaf (talk) 07:20, 10 January 2019 (UTC)

Spambot activity and temporary filters to manage[edit]

Hi to all. The spambots are having a merry time having created, and trying to create accounts. We have a temporary gross filter in place Special:AbuseFilter/195 to try to manage the damage, though with a filter such as this we know that it was overly effective early. We have since refined the filter with observation and testing, though know it will still have false positives. We are also seeing that a challenge alone is holding without a disallow, though that may change.

We are working with #wikimedia-operations in IRC to see if we can do anything.

If you were one of these false positives, then please try again though with a longer or shorter username.

Thanks. Please leave any comments or questions below.  — billinghurst sDrewth 14:09, 28 December 2018 (UTC)

On the rate limit's supposed failure: are they all from different IP addresses? The authentication metrics show a surge in captchas displayed but not in failures, so they've clearly solved all the captcha images (which are being a pain only for humans as usual). --Nemo 14:17, 28 December 2018 (UTC)
Significant resources were thrown at this yesterday for a couple of hours. The latest batch was all thrown at mediawikiwiki, and about 16k creation attempts, the latter were unsuccessful, and the script bot creation script went through some metamorphosis. We think that it is sufficiently managed. We had replicated our local filter to mediawikiwiki and it was taken more actioins than we allow the global filters to do. I have inactivated the mediawikiwiki filter as the meta global can do the same management, and I will soon look to degrade that filter to watch and not act.  — billinghurst sDrewth 06:53, 29 December 2018 (UTC)

Comment Comment This filter has appeared to being effective to lessen the impact of our standard spambots, and comment has been made on my user talk page of its effectiveness, and the desire for the filter to remain. This filter was constructed to deal with emergency situation, and I would be loathe to continue it run without due consideration from the community.

The filter is aimed at a target character range of our typical spambot accounts. It was designed with challenge though it has been set to monitor more recently (other defence means were implemented which means that meta could just watch). It looks to be showing success in the logs, as accounts are shown there, though not created. This could be a bit of filter misrepresentation as I believe that the CAPTCHA test is the cause of the non-creation, as the filter should do nothing beyond record.

If we truly wish for this filter to push back against the spambots it sees, then we need to have the filter challenge the creation of the account, which would mean they get the challenge message, and have to put in password again (twice) and solve the CAPTCHA. If we do not wish to do that, then we should probably turn off the filter as its logging is not an accurate representation of its actuality.  — billinghurst sDrewth 12:13, 9 January 2019 (UTC)

If I understand correctly the accounts flagged in the log by the filter that do not end up becoming accounts are in fact the result of them not being able to solve the captcha. I agree that showing these is not very helpful. But I still have the gut feeling that a significant part of our "new users" are in fact sleeping accounts of spammers. If these accounts just pose a risk to nl.wiktionary, we are probably able to cope with them. I find the risk of cross wiki spamming harder to gauge. I hope a more experienced spamfighter will enlighten me. --MarcoSwart (talk) 20:23, 10 January 2019 (UTC)
@MarcoSwart: Abusefilter/195, as coded at this moment, is flagging the creation attempts for the pattern and circumstance stated in the filter. [1] Abuse filters precede the actuality, and this filter is not set to any intervention actions. [2] So if spambot/user solves the CAPTCHA the account is created,[3] and if they do not, it is not created. [4] Discussions about SUL accounts and their locations is a larger topic of conversation, though my observations about current spambots is that they are single-wiki focused and their current behaviour is not xwiki spam at the account level.[5] At the IP or IP range level, there is xwiki spam, either directly or indirectly through multiple accounts. To that latter observation the stewards are probably better able to recount their current observations.  — billinghurst sDrewth 01:01, 11 January 2019 (UTC)
  1. [Noting that the actions that we choose to occur in these filters are to what I was intimating above, and at the moment it is flag with no intervention.]
  2. [What is evident is that abusefilter actions for creation therefore precede CAPTCHA actions in the mechanisms of mediawiki systems.]
  3. [and shows in RC as an account creation]
  4. [and no further evidence exists]
  5. [The current is the worse case situation, having xwiki spambots by account would actually be easier to manage IMNSHO.]
Thanks, this is useful information. If we don't need to worry about possible cross wiki spam, these sleeper accounts are merely a statistical problem inflating our user base. Due to the nature of our project, removing spam is easy and it poses probably little value to the spammer anyway. My guess is that we sometimes just serve as a testing ground. On that note, we probably are better off without any information from filter 195, because its messages crowd out the filters that do require follow-up. Of course it would be valuable to have it available against attempts to create lots of accounts in a limited amount of time, which is the original use case. --MarcoSwart (talk) 10:15, 11 January 2019 (UTC)
I have deactivated the filter globally as other changes by developers has improved the problems somewhat. We can reactivate as necessary, and I would suggest that if we wish to do that, that we move to utilise the challenge setting to see how effective it can be.  — billinghurst sDrewth 10:36, 11 January 2019 (UTC)
Slight change of mind, I have changed this to be a local only filter that monitors. This should then ignore the spambot creation attempts that are unsuccessful, and only then only log those that are successful.  — billinghurst sDrewth 10:55, 11 January 2019 (UTC)