We're getting a referrer of "payments.wikimedia.org/index.php" a few dozen times per day. This only started with a trickle on May 27, and a flurry on June 1. Could be a fraudster.
Description
Description
Related Objects
Related Objects
Event Timeline
Comment Actions
Pretty sure this is the same issue as T139756, I broke the referrer filter and stopped storing referrer in session. Session fix should make it all better.