Page MenuHomePhabricator
Create Task
Maniphest T194664

Add some basic spam protection measures to Wikibase Registry
Closed, ResolvedPublic
Actions

Description

We're drowning in spam already.

Related Objects

Event Timeline

Daniel_Mietchen created this task.May 14 2018, 3:47 PM
Restricted Application added a project: User-Addshore. · View Herald TranscriptMay 14 2018, 3:47 PM
Restricted Application added a subscriber: Aklapper. · View Herald Transcript
Daniel_Mietchen added a comment.May 14 2018, 3:51 PM

So far, spam seems to go exclusively to the main namespace, so perhaps it's worth restricting edits there to autoconfirmed users.

Daniel_Mietchen added a comment.EditedMay 16 2018, 6:00 PM

Still hundreds of spam pages at https://wikibase-registry.wmflabs.org/wiki/Special:AllPages , and I don't see how to get rid of them at scale.

Addshore removed Addshore as the assignee of this task.May 24 2018, 12:53 PM
Addshore added a subscriber: Addshore.
Daniel_Mietchen mentioned this in T195725: Add Extension:Nuke on Wikibase bundle docker image.May 27 2018, 10:30 PM
matej_suchanek added a subscriber: matej_suchanek.May 28 2018, 6:48 PM

See also T176391: remove and prevent spam on lexeme test system.

Addshore added a comment.May 30 2018, 5:32 PM

As a first pass here I removed the write / edit rights from the * group.
So now at least users have to register....

T195725: Add Extension:Nuke on Wikibase bundle docker image would be great for clearing the spam
T195989: Add Extension:ConfirmEdit to the wikibase bundle would enable us to stop it in the first place.

Once locked down I'll go through and purge the spam from the DB.

Addshore closed this task as Resolved.May 30 2018, 6:02 PM
Addshore claimed this task.

I added Nuke and ConfirmEdit, neither are yet in the bundle image of wikibase yet but this will do for wikibase-registry for now.
I'll work on cleaning up the spam.

Stashbot added a subscriber: Stashbot.May 30 2018, 6:03 PM

Mentioned in SAL (#wikimedia-cloud) [2018-05-30T18:03:15Z] <addshore> clone and mount the ConfirmEdit extension into wikibase service and configure and restart - T194664

Daniel_Mietchen added a comment.May 30 2018, 6:33 PM

Thanks for working on this, @Addshore . Looking forward to see this resolved - had to cancel a demo of it due to the spam interfering.

Addshore added a comment.May 30 2018, 6:46 PM

I just deleted all spam user pages and content pages, still not blocked or deleted all of the spambot accounts yet though.

Addshore added a comment.EditedMay 30 2018, 6:50 PM

Lastly I added a new group and the real users currently on the site to the group.
These are the only users that are able to edit the main and user namespaces (where all the spam appears)

# Only trusted users can edit the main and user namespaces
# This is the main in route for spam bots....
$wgNamespaceProtection[NS_MAIN] = [ 'Trusted' ];
$wgNamespaceProtection[NS_USER] = [ 'Trusted' ];
$wgNamespaceProtection[NS_USER_TALK] = [ 'Trusted' ];


# Create a Tursted user group
$wgGroupPermissions['Trusted'] = $wgGroupPermissions['user'];

We can play around with this at a later stage if this gets in the way at all...
Maybe we should allow people with the Trusted right to give other people the Trusted right or something similar?

Addshore added a comment.EditedMay 30 2018, 7:06 PM

I also made the final change, members of the 'Trusted' group can add other users to the 'Trusted' group.

Also there is now also a captcha for page creation for users not in the group.

And I actually changed the namespace protection to allow all autoconfirmed users...

Addshore added a comment.May 30 2018, 7:35 PM

Just removed all but 3 of the spam users from the DB entirely and also removed all of the spam pages / revisions from the DB :)

Daniel_Mietchen awarded a token.May 30 2018, 8:45 PM
Addshore moved this task from Unsorted 💣 to Closing ✔️ on the User-Addshore board.Jun 6 2018, 8:49 AM
matej_suchanek removed a subscriber: matej_suchanek.Jun 6 2018, 8:57 AM
Vvjjkkii renamed this task from Add some basic spam protection measures to Wikibase Registry to zzcaaaaaaa.Jul 1 2018, 1:09 AM
Vvjjkkii reopened this task as Open.
Vvjjkkii removed Addshore as the assignee of this task.
Vvjjkkii triaged this task as High priority.
Vvjjkkii added projects: CheckUser, Connected-Open-Heritage-Batch-uploads (RAÄ-KMB_1_2017-02), Tamil-Sites, Gamepress, Hashtags, Jade, KartoEditor, Language-2018-Apr-June, New-Editor-Experiences, Mail, TCB-Team (now WMDE-TechWish).
Vvjjkkii updated the task description. (Show Details)
Vvjjkkii removed a subscriber: Aklapper.
CommunityTechBot renamed this task from zzcaaaaaaa to Add some basic spam protection measures to Wikibase Registry.Jul 2 2018, 4:12 PM
CommunityTechBot closed this task as Resolved.
CommunityTechBot assigned this task to Addshore.
CommunityTechBot raised the priority of this task from High to Needs Triage.
CommunityTechBot updated the task description. (Show Details)
CommunityTechBot removed projects: TCB-Team (now WMDE-TechWish), Mail, New-Editor-Experiences, Language-2018-Apr-June, KartoEditor, Jade, Hashtags, Gamepress, Tamil-Sites, Connected-Open-Heritage-Batch-uploads (RAÄ-KMB_1_2017-02), CheckUser.
CommunityTechBot added a subscriber: Aklapper.
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL