Page MenuHomePhabricator
Create Task
Maniphest T188985

https://meta.wikimedia.org/wiki/Special:Contact/Stewards is being abused by spammers
Closed, ResolvedPublic
Actions

Description

https://meta.wikimedia.org/wiki/Special:Contact/Stewards and other metawiki contact pages have been a couple of times the target of spamming bots. This would flood the OTRS queues that handle the emails generated by the contact pages and cause significantly more work for the volunteer OTRS agents.

While tracking down the IP and stopping a specific incident was possible up to now since the ContactPage [1] extension is configured to add that to the subject of the outgoing email, the attackers have switched patterns and are now sending those emails from multiple IPs ,effectively making this a game of whac a mole[2].

Spam filters are also not useful since those emails are generated from our own infrastructure which is inherently trusted (and we don't want to change that currently)

We have ConfirmEdit enabled so we can use that in the longer term to thwart those kinds of attacks

[1] https://www.mediawiki.org/wiki/Extension:ContactPage
[2] https://en.wikipedia.org/wiki/Whac-A-Mole

Event Timeline

akosiaris created this task.Mar 6 2018, 11:05 AM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptMar 6 2018, 11:05 AM
Krd subscribed.Mar 6 2018, 11:06 AM
akosiaris triaged this task as Medium priority.Mar 6 2018, 11:06 AM

The above has been done in https://gerrit.wikimedia.org/r/#/c/416659/ and now the contact pages on metawiki have captchas enabled for non logged in users. I expect this to sufficiently address the problem.

OldUser02 subscribed.Mar 6 2018, 11:08 AM
HakanIST subscribed.Mar 6 2018, 11:15 AM
OldUser02 moved this task from Incoming to Backlog on the Znuny board.Mar 6 2018, 11:15 AM
MarcoAurelio added a project: Stewards-and-global-tools.Mar 6 2018, 11:31 AM
Trijnstel subscribed.Mar 6 2018, 12:05 PM
Stryn subscribed.Mar 6 2018, 2:48 PM
greg subscribed.Mar 6 2018, 9:47 PM
Rxy subscribed.Mar 7 2018, 4:46 PM
akosiaris added a comment.Mar 12 2018, 4:21 PM

No complaints in 6 days, I consider the problem resolved. I 'll keep this open for a few more days so that any problems reported find their way into this and then I 'll resolve the task as well.

JJMC89 closed this task as Resolved.Oct 3 2018, 12:22 AM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL