Difference between revisions of "OrbiterWiki:Village pump"

From OrbiterWiki
Jump to navigation Jump to search
 
(17 intermediate revisions by 6 users not shown)
Line 1: Line 1:
 
Just a page for general OrbiterWiki discussions (for keeping the [[Talk:Main Page]] related to the main page).  
 
Just a page for general OrbiterWiki discussions (for keeping the [[Talk:Main Page]] related to the main page).  
  
View archived discussions for [[OrbiterWiki:Village pump/Archive 2005-2007|2005-2007]], [[OrbiterWiki:Village pump/Archive 2008-2010|2008-2010]].
+
View archived discussions for [[OrbiterWiki:Village pump/Archive 2005-2007|2005-2007]], [[OrbiterWiki:Village pump/Archive 2008-2010|2008-2010]], [[OrbiterWiki:Village pump/Archive 2011-2013|2011-2013]].
  
 
<span class="plainlinks">[{{fullurl:OrbiterWiki:Village pump|action=edit&section=new}} Add a new thread]</span>
 
<span class="plainlinks">[{{fullurl:OrbiterWiki:Village pump|action=edit&section=new}} Add a new thread]</span>
  
== Server move and stuff ==
+
== Recent updates ==
  
* OrbiterWiki has moved servers. Please report any and all issues you observe, preferably by email.
+
Hi! OrbiterWiki is on a new server again, and should be a bit faster now. It's also running the latest software now. Among notable improvements is improved support for high-DPI screens (or zooms above 100% on any screen). In particular, thumbnails will now be sharp as long as the source image is large enough, and MediaWiki Math equations are rendered nicely for such devices.
* I am planning to upgrade to the most recent MediaWiki version shortly. Will notify when that's done.
 
* I'd like to try out the new default MediaWiki skin, which is the skin Wikipedia uses now. Any objections should be expressed here.
 
* I'm still hoping to switch case-insensitivity for titles back on. One day...
 
--[[User:RaMan|RaMan]] 12:50, 16 February 2011 (UTC)
 
  
: Updated to MediaWiki v1.16.2; a couple of extensions got upgraded too. --[[User:RaMan|RaMan]] 03:54, 20 February 2011 (UTC)
+
I've modified the main page slightly; if anyone wishes to trim down the list of links, suggestions are welcome.
: Enabled Vector skin. [[Media:SkinOld.png|Old skin]] vs [[Media:SkinNew.png|New skin]]. Hope you like! --[[User:RaMan|RaMan]] 18:00, 20 February 2011 (UTC)
 
  
== Loose gun policy for bans from a special subnet ==
+
Finally, I'm thinking about switching the default font for the entire site; if done, the site will look like this: [http://i.imgur.com/YY8bii9.png low DPI] [http://i.imgur.com/DDVtRS3.png high DPI]. Speak up now if you have objections!
  
I just noticed some more similarities among the recent spambot activity here: Ten spambot accounts with two name patterns since December came from 118.101.0.0/16, one half of the Internet provider "TELEKOM MALAYSIA BERHAD" (There is no spam from the other /16 of this provider). I suspect that we have a single source behind varying IP addresses there. Since this still means a 640/650 chance that somebody is not a spammer from this network, I would propose the following guideline for next 3 months: All new user accounts that are registered from this network with the pattern
+
--[[User:RaMan|RaMan]] ([[User talk:RaMan|talk]]) 17:52, 20 October 2014 (IST)
  
<Letter> + <Random First Name> + <Random Common Family Name> + <Letter>
+
== Fighting the spam ==
  
should be banned instantly and for infinite time. IP-Bans should be avoided, since a /16 network of DHCP addresses seems like a poor target for IP-bans. Better target the business model and prevent search engine optimization. I don't see any reason to use this user name pattern here anyway. Another pattern had been the "-Steamer" type, but I don't think this alone is a good way to identify a spammer. If it comes from the same subnet though, it would be with very high certainty a spammer. We have no legal edits from the whole /16 subnet (Booo!).
+
Can we enable the [https://www.mediawiki.org/wiki/Extension:ConfirmEdit ConfirmEdit] extension of Mediawiki? I am overwhelmed with the amount of spam we get and if this is properly configured, it might reduce this a lot. --[[User:Urwumpe|Urwumpe]] ([[User talk:Urwumpe|talk]]) 10:03, 18 December 2020 (UTC)
 +
: It's done! --[[User:RaMan|RaMan]] ([[User talk:RaMan|talk]]) 23:37, 27 April 2021 (UTC)
  
[[User:Urwumpe|Urwumpe]] 18:23, 30 January 2012 (UTC)
+
== Maintenance ==
 +
Last year we moved to a new server and upgraded MediaWiki, and a bunch of extensions got disabled in the process, and the move was generally left unfinished.
  
PS: Yes, that means that new users should better not use this name pattern, if they would like to prevent getting under general suspicion here. It is not nice, but since 2 hours of reaction time is enough to infect a few thousand PCs with malware, a fair price IMHO. "JohnSmith" would still be legal. "GJohnSmithj" would be dubious.
+
It is finally finished, I've done some much needed maintenance, everything is looking much happier now!
  
: I suppose this sounds reasonable. No problem with this. Good effort noticing this! [[User:RaMan|RaMan]] 13:34, 2 February 2012 (UTC)
+
* Burninated all of the spam. If anything's gone that shouldn't be, let me know, I have backups.
 +
* Fixed all of the anti-spam extensions that were disabled during 1.34 upgrade. We now have: AbuseFilter, SpamBlacklist/TitleBlacklist, hcaptcha for signups, Nuke, CheckUser.
 +
* Fixed the caching settings; everything is faster.
 +
* Fixed email
 +
* Fixed rendering of SVG previews
 +
* Fixed rendering of MathML
 +
* Installed the Citizen skin, though it's less amazing than I hoped - check it out in your user preferences. It has a dark mode.
 +
--[[User:RaMan|RaMan]] ([[User talk:RaMan|talk]]) 23:37, 27 April 2021 (UTC)
  
About another special customer here, can I suggest being a tiny bit more unfriendly to IP addresses belong to [http://www.spamhaus.org/sbl/listings.lasso?isp=hostnoc.net hostnoc.net]? They are getting a bit annoying and banning them for one year would be long enough until things escalated far enough to remove these guys from the IP range. The current main ranges for them are 184.82.0.0/16, 64.120.128.0/17 and 184.22.96.0/20. But there seem to be a lot more, judging the whois records. The lack of any company presentation or new customer registration is a bit strange there. [[User:Urwumpe|Urwumpe]] 07:07, 10 March 2012 (UTC)
+
::I can't log-in anymore, there seem to be some problems with the CSRF tokens. -- Urwumpe
 +
::: Could you try again? I have seen it a few times but never consistently. I think it may only be an issue the first time. If it's still not working please try clearing your cookies? After that, if it ever returns please let me know. --[[User:RaMan|RaMan]] ([[User talk:RaMan|talk]]) 13:52, 28 April 2021 (UTC)
 +
::::Same problem, despite erasing all cookies and restarting the browser session, in case there is a bad CSRF token hanging around. Happens also when using different browsers. Tried Edge, Chrome and Firefox now. It complains about the CSRF protection in a red box, maybe that is a hint. --Urwumpe
 +
::I've tweaked the settings again. It was weird: worked for a day before breaking; any time I touch the settings, it starts working again - and then breaks again later. User sessions are now stored in the DB instead of the PHP cache so hopefully this is now fixed for good? --[[User:RaMan|RaMan]] ([[User talk:RaMan|talk]]) 17:59, 3 May 2021 (UTC)
  
: OK, let’s do it. [[User:RaMan|RaMan]] 09:50, 10 March 2012 (UTC)
+
It worked, I’m in. So far so good. RaMan and Urwumpe, thanks for all the work you’ve done to get this fixed. Hopefully, it stays.[[User:Arvil|Arvil]] ([[User talk:Arvil|talk]]) 20:52, 3 May 2021 (UTC)
  
==Increase Autoblock time==
+
I am back again as well, looks fine now :) [[User:Urwumpe|Urwumpe]] ([[User talk:Urwumpe|talk]]) 09:51, 6 May 2021 (UTC)
 
 
I just noticed that the automatic IP block when blocking a registered user and his IP is just 24 hours, which explains why it was so ineffective against spambots in the past. I would suggest increasing this timespan to a week. That is still pretty short for our cases, and should also work against retries from dedicated hosts. [[User:Urwumpe|Urwumpe]] 17:52, 24 February 2012 (UTC)
 
 
 
: OK, I think I've changed it now - let me know if this doesn't seem to have effect. By the way, do you want to receive an email every time someone edits anything at all? That's a lot of emails, but nothing a filter rule can't fix :) --[[User:RaMan|RaMan]] 22:07, 24 February 2012 (UTC)
 
 
 
:: The RSS feed for Recent Changes does the job well for me. :D [[User:Urwumpe|Urwumpe]] 23:59, 24 February 2012 (UTC)
 
 
 
== Filter for uploads ==
 
 
 
Would it be possible to have a filter for the uploads, so that all files like "Epsom salt 9999.jpg" would be refused and logged? I don't yet know why such images are included by the spambots, but I fear the worst, if they could be droppers. Not having them uploaded in first place, could be better than erasing the files. [[User:Urwumpe|Urwumpe]] 12:38, 10 March 2012 (UTC)
 
 
 
: Seems to work. Full documentation [http://www.mediawiki.org/wiki/Extension:TitleBlacklist here], feel free to add new rules. The current configuration includes the rules from [http://meta.wikimedia.org/w/index.php?title=Title_blacklist&action=raw this list]. [[User:RaMan|RaMan]] 10:38, 11 March 2012 (UTC)
 
 
 
::Damn, that tool sure looks powerful. Should help getting a few spam bots out of business here, luckily we have a very limited dictionary. [[User:Urwumpe|Urwumpe]] 12:03, 11 March 2012 (UTC)
 
 
 
== Filter "https?://" in article name? ==
 
 
 
Would it be possible to simply forbid creating pages with "http://" in them, like by the regular expression "https?://"? We don't really have them except as spam, why delete them if it is impossible to create them in first place... [[User:Urwumpe|Urwumpe]] 15:09, 13 July 2012 (UTC)
 
:Good idea, should be blocked now. Also, I suggest we start blocking first-time spammer IPs for 1 month initially, and if we see a second offence we block it for 6 months straight away (earlier blocks are displayed when you try to block the IP). Given the low volume of real edits we get, chances of blocking a legitimate one are really low I reckon. --[[User:RaMan|RaMan]] 15:31, 13 July 2012 (UTC)
 
 
 
::Sadly yes, but that is also a problem with the advertisement department... I should be selling the wiki more on O-F. :S [[User:Urwumpe|Urwumpe]] 15:35, 13 July 2012 (UTC)
 
 
 
== Spam ==
 
 
 
No idea why we've started getting so much spam after upgrading to v1.19.2 - all the measures seem to be working as before. I think we need a new plan. How about this:
 
 
 
* Disable editing for new users until they've confirmed their email (but still allow edits from IP)
 
* Install [http://www.mediawiki.org/wiki/Help:Extension:FlaggedRevs FlaggedRevs]
 
* Create a "known good users" group
 
* Allow known good users to edit directly and confirm pending edits
 
* All edits by unknown users will be "pending edits", not visible until moderated. If the edit is not spam, we immediately mark the user as "known good user".
 
 
 
I think I'll set this up over the next week or so, unless there are objections or any other comments. --[[User:RaMan|RaMan]] ([[User talk:RaMan|talk]]) 13:56, 21 October 2012 (UTC)
 
 
 
:: From now on, new users have the same rights as anonymous users. This means they'll be asked to solve the captcha to do most things. They will no longer be bugged after a certain number of days + edits. An alternative is to confirm the email address, which will stop the captchas straight away. --[[User:RaMan|RaMan]] ([[User talk:RaMan|talk]]) 12:25, 26 October 2012 (UTC)
 
 
 
:::What about simply resetting the password for doubtful user names? It doesn't harm legitimate users that much (but is annoying, I know), but could be pretty annoying for spambot software. --[[User:Urwumpe|Urwumpe]] ([[User talk:Urwumpe|talk]]) 18:08, 14 November 2012 (UTC)
 

Latest revision as of 09:51, 6 May 2021

Just a page for general OrbiterWiki discussions (for keeping the Talk:Main Page related to the main page).

View archived discussions for 2005-2007, 2008-2010, 2011-2013.

Add a new thread

Recent updates[edit]

Hi! OrbiterWiki is on a new server again, and should be a bit faster now. It's also running the latest software now. Among notable improvements is improved support for high-DPI screens (or zooms above 100% on any screen). In particular, thumbnails will now be sharp as long as the source image is large enough, and MediaWiki Math equations are rendered nicely for such devices.

I've modified the main page slightly; if anyone wishes to trim down the list of links, suggestions are welcome.

Finally, I'm thinking about switching the default font for the entire site; if done, the site will look like this: low DPI high DPI. Speak up now if you have objections!

--RaMan (talk) 17:52, 20 October 2014 (IST)

Fighting the spam[edit]

Can we enable the ConfirmEdit extension of Mediawiki? I am overwhelmed with the amount of spam we get and if this is properly configured, it might reduce this a lot. --Urwumpe (talk) 10:03, 18 December 2020 (UTC)

It's done! --RaMan (talk) 23:37, 27 April 2021 (UTC)

Maintenance[edit]

Last year we moved to a new server and upgraded MediaWiki, and a bunch of extensions got disabled in the process, and the move was generally left unfinished.

It is finally finished, I've done some much needed maintenance, everything is looking much happier now!

  • Burninated all of the spam. If anything's gone that shouldn't be, let me know, I have backups.
  • Fixed all of the anti-spam extensions that were disabled during 1.34 upgrade. We now have: AbuseFilter, SpamBlacklist/TitleBlacklist, hcaptcha for signups, Nuke, CheckUser.
  • Fixed the caching settings; everything is faster.
  • Fixed email
  • Fixed rendering of SVG previews
  • Fixed rendering of MathML
  • Installed the Citizen skin, though it's less amazing than I hoped - check it out in your user preferences. It has a dark mode.

--RaMan (talk) 23:37, 27 April 2021 (UTC)

I can't log-in anymore, there seem to be some problems with the CSRF tokens. -- Urwumpe
Could you try again? I have seen it a few times but never consistently. I think it may only be an issue the first time. If it's still not working please try clearing your cookies? After that, if it ever returns please let me know. --RaMan (talk) 13:52, 28 April 2021 (UTC)
Same problem, despite erasing all cookies and restarting the browser session, in case there is a bad CSRF token hanging around. Happens also when using different browsers. Tried Edge, Chrome and Firefox now. It complains about the CSRF protection in a red box, maybe that is a hint. --Urwumpe
I've tweaked the settings again. It was weird: worked for a day before breaking; any time I touch the settings, it starts working again - and then breaks again later. User sessions are now stored in the DB instead of the PHP cache so hopefully this is now fixed for good? --RaMan (talk) 17:59, 3 May 2021 (UTC)

It worked, I’m in. So far so good. RaMan and Urwumpe, thanks for all the work you’ve done to get this fixed. Hopefully, it stays.Arvil (talk) 20:52, 3 May 2021 (UTC)

I am back again as well, looks fine now :) Urwumpe (talk) 09:51, 6 May 2021 (UTC)