OrbiterWiki:Village pump/Archive 2011-2013

From OrbiterWiki
Jump to: navigation, search
This page contains archived discussions from the OrbiterWiki:Village pump page. Please do not edit this page.

Server move and stuff[edit]

  • OrbiterWiki has moved servers. Please report any and all issues you observe, preferably by email.
  • I am planning to upgrade to the most recent MediaWiki version shortly. Will notify when that's done.
  • I'd like to try out the new default MediaWiki skin, which is the skin Wikipedia uses now. Any objections should be expressed here.
  • I'm still hoping to switch case-insensitivity for titles back on. One day...

--RaMan 12:50, 16 February 2011 (UTC)

Updated to MediaWiki v1.16.2; a couple of extensions got upgraded too. --RaMan 03:54, 20 February 2011 (UTC)
Enabled Vector skin. Old skin vs New skin. Hope you like! --RaMan 18:00, 20 February 2011 (UTC)

Loose gun policy for bans from a special subnet[edit]

I just noticed some more similarities among the recent spambot activity here: Ten spambot accounts with two name patterns since December came from 118.101.0.0/16, one half of the Internet provider "TELEKOM MALAYSIA BERHAD" (There is no spam from the other /16 of this provider). I suspect that we have a single source behind varying IP addresses there. Since this still means a 640/650 chance that somebody is not a spammer from this network, I would propose the following guideline for next 3 months: All new user accounts that are registered from this network with the pattern

<Letter> + <Random First Name> + <Random Common Family Name> + <Letter>

should be banned instantly and for infinite time. IP-Bans should be avoided, since a /16 network of DHCP addresses seems like a poor target for IP-bans. Better target the business model and prevent search engine optimization. I don't see any reason to use this user name pattern here anyway. Another pattern had been the "-Steamer" type, but I don't think this alone is a good way to identify a spammer. If it comes from the same subnet though, it would be with very high certainty a spammer. We have no legal edits from the whole /16 subnet (Booo!).

Urwumpe 18:23, 30 January 2012 (UTC)

PS: Yes, that means that new users should better not use this name pattern, if they would like to prevent getting under general suspicion here. It is not nice, but since 2 hours of reaction time is enough to infect a few thousand PCs with malware, a fair price IMHO. "JohnSmith" would still be legal. "GJohnSmithj" would be dubious.

I suppose this sounds reasonable. No problem with this. Good effort noticing this! RaMan 13:34, 2 February 2012 (UTC)

About another special customer here, can I suggest being a tiny bit more unfriendly to IP addresses belong to hostnoc.net? They are getting a bit annoying and banning them for one year would be long enough until things escalated far enough to remove these guys from the IP range. The current main ranges for them are 184.82.0.0/16, 64.120.128.0/17 and 184.22.96.0/20. But there seem to be a lot more, judging the whois records. The lack of any company presentation or new customer registration is a bit strange there. Urwumpe 07:07, 10 March 2012 (UTC)

OK, let’s do it. RaMan 09:50, 10 March 2012 (UTC)

Increase Autoblock time[edit]

I just noticed that the automatic IP block when blocking a registered user and his IP is just 24 hours, which explains why it was so ineffective against spambots in the past. I would suggest increasing this timespan to a week. That is still pretty short for our cases, and should also work against retries from dedicated hosts. Urwumpe 17:52, 24 February 2012 (UTC)

OK, I think I've changed it now - let me know if this doesn't seem to have effect. By the way, do you want to receive an email every time someone edits anything at all? That's a lot of emails, but nothing a filter rule can't fix :) --RaMan 22:07, 24 February 2012 (UTC)
The RSS feed for Recent Changes does the job well for me. :D Urwumpe 23:59, 24 February 2012 (UTC)

Filter for uploads[edit]

Would it be possible to have a filter for the uploads, so that all files like "Epsom salt 9999.jpg" would be refused and logged? I don't yet know why such images are included by the spambots, but I fear the worst, if they could be droppers. Not having them uploaded in first place, could be better than erasing the files. Urwumpe 12:38, 10 March 2012 (UTC)

Seems to work. Full documentation here, feel free to add new rules. The current configuration includes the rules from this list. RaMan 10:38, 11 March 2012 (UTC)
Damn, that tool sure looks powerful. Should help getting a few spam bots out of business here, luckily we have a very limited dictionary. Urwumpe 12:03, 11 March 2012 (UTC)

Filter "https?://" in article name?[edit]

Would it be possible to simply forbid creating pages with "http://" in them, like by the regular expression "https?://"? We don't really have them except as spam, why delete them if it is impossible to create them in first place... Urwumpe 15:09, 13 July 2012 (UTC)

Good idea, should be blocked now. Also, I suggest we start blocking first-time spammer IPs for 1 month initially, and if we see a second offence we block it for 6 months straight away (earlier blocks are displayed when you try to block the IP). Given the low volume of real edits we get, chances of blocking a legitimate one are really low I reckon. --RaMan 15:31, 13 July 2012 (UTC)
Sadly yes, but that is also a problem with the advertisement department... I should be selling the wiki more on O-F. :S Urwumpe 15:35, 13 July 2012 (UTC)

Spam[edit]

No idea why we've started getting so much spam after upgrading to v1.19.2 - all the measures seem to be working as before. I think we need a new plan. How about this:

  • Disable editing for new users until they've confirmed their email (but still allow edits from IP)
  • Install FlaggedRevs
  • Create a "known good users" group
  • Allow known good users to edit directly and confirm pending edits
  • All edits by unknown users will be "pending edits", not visible until moderated. If the edit is not spam, we immediately mark the user as "known good user".

I think I'll set this up over the next week or so, unless there are objections or any other comments. --RaMan (talk) 13:56, 21 October 2012 (UTC)

From now on, new users have the same rights as anonymous users. This means they'll be asked to solve the captcha to do most things. They will no longer be bugged after a certain number of days + edits. An alternative is to confirm the email address, which will stop the captchas straight away. --RaMan (talk) 12:25, 26 October 2012 (UTC)
What about simply resetting the password for doubtful user names? It doesn't harm legitimate users that much (but is annoying, I know), but could be pretty annoying for spambot software. --Urwumpe (talk) 18:08, 14 November 2012 (UTC)
I'm not entirely sure how we could do that. I have, however, installed the AbuseFilter extension and set up the first rule. Now if a user adds an external link in their very first edit, the action is prevented and the user is instantly blocked indefinitely.
I suggest we go very conservative with AbuseFilter; I'd hate to autoblock indefinitely a legitimate user. I hope the rule I've added will take care of a very significant chunk of the spam we get; as for the rest, we first need to see if there are clearly identifiable patterns.
One thing still on my to-do list is to automatically block idle users that have never edited, or at the very least get a list of such users for manual blocking. Lastly, I'd love to add a single click button which would delete the page and ban its creator (indefinite if it's a user, 1/3/6 months for IPs/repeated IPs). Not sure when I'll get round to this or how difficult it'll be. --RaMan (talk) 20:30, 16 November 2012 (UTC)
Would it be possible to also add a regex match of the username to the rules? This could also help preventing some damage. Also creating a new article with links is a more likely spam edit. --Urwumpe (talk) 23:32, 16 November 2012 (UTC)

Looks like the spammers have found a way to bypass our new user link policy. The pattern seems to be: Example link, Some, <a title="And one more example" href="http://www.google.com">Another example link. usually the Wiki should not allow such edits at all, but it seems like this complex pattern crashes the link filter function. Any idea how to fix this? --Urwumpe (talk) 08:18, 1 June 2014 (UTC)

Orbiterwiki Mainpage renovations:round 1[edit]

Okay guys (pretty sure youre both guys), my first round of edits for the main page is up. If you can spare a minute from fighting off the hordes of spambots, please take a look and give me some feedback. I also assume both of you have noticed our two submissions for a new Orbiterwiki logo posted on the Forums. Is there interest in changing that as well?

Changes to the main page

  • Simpits link moved to Orbiter Addons. Not a good place for a beginner to be poking around IMO, and probably closer to addon development anyways
  • Deleted one of our "Common terms" type pages, as they appeared a little redundant
  • Removed the Astrodynamics link back to Wikipedia. Anything of that nature should only link to Wikipedia as a supplement to an "in-house" page on the subject. That way it can be specifically geared towards Orbiter, and linked as such, which we cant do without aggravating the wikipedia staff. Just a flexibility thing you know ;).
  • Same idea for the "About Orbiter" link and the one in the page header.
  • 50/50 width split between the two centre page columns. Not really sure what works better right now.
  • Various attempts at bettering the captions, titles, etc. Does having the titles bolded seem to look better? I think it appears a lot more organized/accesible just because of that, but maybe its just my imagination.

Issues

  • Is there any way to change the box backgrounds? (ie teal blue to something else?). If its in the source I dont recognize it.
  • would really like to get rid of "Too quickly asked questions - unanswered questions from Orbiter chatrooms ".

It just comes off as a way to shame people, and it only has one stinking post in it, but I dont want to get rid of the "companies" section.

So, how'd I do?

Hey, such a shame I missed this back when you posted it. I personally have no objections to most of these changes. I also want to get rid of "Too quickly asked questions". I think there definitely needs to be a space around the hyphens. Also I kind of liked having different colors for the left and right panes. --RaMan (talk) 11:12, 24 May 2013 (UTC)

Unblocked IP addresses[edit]

I've unblocked a few hundred IP addresses that had indefinite blocks on them. We may see a wave of spam, but I'll try to quickly re-block any IPs that still spam. The reason for this is that over the past few years I've been blocking IPs for 1 month, then reblocking repeat offenders for 6 months, and I am yet to encounter a single time when someone blocked for 6 months re-offends (apart from the 108.62 subnet, which remains range-blocked). --RaMan (talk) 11:15, 24 May 2013 (UTC)