Page MenuHomePhabricator

Add option to block the user from editing their talk page when blocked by AbuseFilter
Closed, ResolvedPublic3 Story Points

Description

Otherwise, like T169165, the user can continue editing in their talk page, and use trial and error to find a way to evade the AbuseFilter.

Event Timeline

Huji created this task.Jul 7 2017, 8:33 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJul 7 2017, 8:33 PM
Huji triaged this task as High priority.Jul 7 2017, 8:33 PM

Marking as high priority due to potential for abuse (potential is a weak word, it is actually being abused as we speak).

Huji added a subscriber: Yamaha5.Aug 21 2017, 2:26 PM
Huji added a comment.Aug 21 2017, 2:42 PM

Okay this is getting out of hand. We have a troll actively abusing the lack of this feature. I am going to work on a patch shortly.

Between 05:55, 21 August 2017 and 05:56, 21 August 2017 Ip has done these try and errors:

05:56, 21 August 2017: 5.45.100.46 (talk | block) triggered filter 160, performing the action "edit" on User talk:5.45.100.46. Actions taken: Tag; Filter description: User is blocked (details | examine)
05:56, 21 August 2017: 5.45.100.46 (talk | block) triggered filter 160, performing the action "edit" on User talk:5.45.100.46. Actions taken: Tag; Filter description: User is blocked (details | examine)
05:56, 21 August 2017: 5.45.100.46 (talk | block) triggered filter 160, performing the action "edit" on User talk:5.45.100.46. Actions taken: Tag; Filter description: User is blocked (details | examine)
05:56, 21 August 2017: 5.45.100.46 (talk | block) triggered filter 160, performing the action "edit" on User talk:5.45.100.46. Actions taken: Tag; Filter description: User is blocked (details | examine)
05:56, 21 August 2017: 5.45.100.46 (talk | block) triggered filter 160, performing the action "edit" on User talk:5.45.100.46. Actions taken: Tag; Filter description: User is blocked (details | examine)
05:55, 21 August 2017: 5.45.100.46 (talk | block) triggered filter 160, performing the action "edit" on User talk:5.45.100.46. Actions taken: Tag; Filter description: User is blocked (details | examine)
05:55, 21 August 2017: 5.45.100.46 (talk | block) triggered filter 160, performing the action "edit" on User talk:5.45.100.46. Actions taken: Tag; Filter description: User is blocked (details | examine)
05:55, 21 August 2017: 5.45.100.46 (talk | block) triggered filter 160, performing the action "edit" on User talk:5.45.100.46. Actions taken: Tag; Filter description: User is blocked (details | examine)

Change 372844 had a related patch set uploaded (by Huji; owner: Huji):
[mediawiki/extensions/AbuseFilter@master] Add option to block user/IP from editing their talk page

https://gerrit.wikimedia.org/r/372844

This might be a short term solution, but I prefer this to be build with its parent T32024 in mind.

Huji added a comment.Aug 21 2017, 6:09 PM

Fully aware, and completely agree. But the amount of vandalism and AbuseFilter evasion occurring in this one project justifies it (at least for me) to ask for an interim solution to be implemented quickly.

Wouldn't it be possible to disallow the edits to his own talk page by another abuse filter as an interim solution?

Huji added a comment.Aug 21 2017, 6:24 PM

We are not talking about one user, but about a very active sock-master. Without specifying the user, an AbuseFilter cannot specifically block certain blocked users from editing their pages.

Change 372844 abandoned by Huji:
Add option to block user/IP from editing their talk page

Reason:
I have a much better idea. Will submit a new patch.

https://gerrit.wikimedia.org/r/372844

Huji claimed this task.Aug 22 2017, 5:36 PM

Change 373119 had a related patch set uploaded (by Huji; owner: Huji):
[mediawiki/extensions/AbuseFilter@master] Add option to block a user from editing their own talk page

https://gerrit.wikimedia.org/r/373119

Huji moved this task from Backlog to Filtering features on the AbuseFilter board.
TBolliger set the point value for this task to 3.Sep 8 2017, 7:08 PM

Are users who are blocked already prevented from editing their own user page, the sandbox, and any other talk page? It seems odd that after being blocked by AbuseFilter the only page they can edit is their own talk page.

Huji added a comment.Sep 28 2017, 2:48 PM

It seems odd that after being blocked by AbuseFilter the only page they can edit is their own talk page.

Why? A normal block (done by hand using default options) also have the same effect.

It seems odd that after being blocked by AbuseFilter the only page they can edit is their own talk page.

Why? A normal block (done by hand using default options) also have the same effect.

Interesting, well I didn't know that. :)

@dbarratt — This functionality exists to let users discuss/debate their block on their own talk page. However, not all blocked users will use this ability productively (spammers, blatant trolls, etc.) so admins have the option to disable it.

@dbarratt — This functionality exists to let users discuss/debate their block on their own talk page. However, not all blocked users will use this ability productively (spammers, blatant trolls, etc.) so admins have the option to disable it.

Ah that makes a lot of sense. Well the patch looks good to me, I tested it locally and it all works as expected. I gave it a +1, I'll let someone else review it as well.

dbarratt claimed this task.Oct 4 2017, 12:23 AM
dbarratt moved this task from Code Review to In progress on the Anti-Harassment (AHT Sprint 6) board.
Huji claimed this task.Oct 4 2017, 2:02 AM

I already have a patch for it, and you have reviewed it :) Will submit a new PS soon.

I already have a patch for it, and you have reviewed it :) Will submit a new PS soon.

Do you mind if I update the patch for you?

@Huji — If you want to own the task then we'll remove it from our sprint board. We're happy to help Code Review though!

Huji added a comment.Oct 11 2017, 7:45 PM

I don't mind relinquishing the ownership to anyone else if that makes the issue get fixed faster!

I also don't mind if someone updates my patch; if anything it helps me learn more.

Huji added a comment.Oct 11 2017, 7:46 PM

@dbarratt there is an obvious change that needs to be done to the code, I just have not had the time to set down and focus on it. Feel free to address that. I would be nothing but happy.

Huji added a comment.Oct 22 2017, 5:52 PM

@dbarratt the necessary change is now taken care of.

dbarratt added a subscriber: dmaza.Nov 8 2017, 4:30 AM

@dmaza Can you review the patch when you have a moment?

Melos added a subscriber: Melos.Nov 12 2017, 4:07 PM

As I have explained in gerrit imho the patch have to check $wgBlockAllowsUTEdit. If it's set to false you don't have to show the checkbox as in Special:Block

Huji added a comment.Nov 12 2017, 6:20 PM

As I have explained in gerrit imho the patch have to check $wgBlockAllowsUTEdit. If it's set to false you don't have to show the checkbox as in Special:Block

Done.

Change 373119 merged by jenkins-bot:
[mediawiki/extensions/AbuseFilter@master] Add option to block a user from editing their own talk page

https://gerrit.wikimedia.org/r/373119

Huji closed this task as Resolved.Feb 27 2018, 11:14 PM
Huji removed a project: Patch-For-Review.
Huji added a comment.Mar 4 2018, 10:26 PM

Any idea why ReleaseTaggerBot ignored this?

Huji moved this task from To Triage to Not ready to announce on the User-notice board.

For the text of user notice see my comment on T32024#4037347