Page MenuHomePhabricator
Create Task
Maniphest T230796

Deploy countermeasures to stop ongoing spambot attack at es.wikiquote 2019-08-20 [public task]
Closed, ResolvedPublic
Actions

Description

https://es.wikiquote.org/wiki/Especial:CambiosRecientes is being, again, a target of spambot registration. Community complains at the Café.

Note: in fact, es.wikiquote is one of the projects on a sustained attack since a couple of months ago.

Logs prove a sustained spamming problem as well.

Details

SubjectRepoBranchLines +/-
Enable DNS blacklist for es.wikiquoteoperations/mediawiki-configmaster+1 -0
Restrict account creation on es.wikiquote to 1 day/IPoperations/mediawiki-configmaster+1 -0
Customize query in gerrit

Related Objects

Event Timeline

MarcoAurelio created this task.Aug 20 2019, 12:24 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptAug 20 2019, 12:24 PM
MarcoAurelio added a comment.Aug 20 2019, 12:28 PM

Proposal:

  • restrict account creation on es.wikiquote to one per day and IP.
  • add es.wikiquote to the var mentioned at: T227416#5319331.

I'll make a patch.

gerritbot added a comment.Aug 20 2019, 12:35 PM

Change 531169 had a related patch set uploaded (by MarcoAurelio; owner: MarcoAurelio):
[operations/mediawiki-config@master] Restrict account creation on es.wikiquote to 1 day/IP

https://gerrit.wikimedia.org/r/531169

gerritbot added a project: Patch-For-Review.Aug 20 2019, 12:35 PM
gerritbot added a comment.Aug 20 2019, 12:37 PM

Change 531171 had a related patch set uploaded (by MarcoAurelio; owner: MarcoAurelio):
[operations/mediawiki-config@master] Enable DNS blacklist for es.wikiquote

https://gerrit.wikimedia.org/r/531171

MarcoAurelio updated the task description. (Show Details)Aug 20 2019, 12:48 PM
MarcoAurelio updated the task description. (Show Details)Aug 20 2019, 12:53 PM
sbassett subscribed.EditedAug 20 2019, 3:34 PM

@MarcoAurelio - +1'd both of these. I should be able to security-deploy these sometime today. Re: it being a "dead" project, is it time to consider a project closure request?

gerritbot added a comment.Aug 20 2019, 3:45 PM

Change 531169 merged by jenkins-bot:
[operations/mediawiki-config@master] Restrict account creation on es.wikiquote to 1 day/IP

https://gerrit.wikimedia.org/r/531169

Daimona subscribed.Aug 20 2019, 3:48 PM

For a shorter-term and easier-to-implement solution, I'd suggest a (global?) AbuseFilter with the following rule: action === 'createaccount' & accountname rlike "[A-Z][a-z]+[A-Z][a-z]+[0-9]". If global, it could be used as tracking. If local, I wouldn't think twice about making it disallow or even block. According to the link in the description, 234/500 accounts would be caught.

Stashbot added a comment.Aug 20 2019, 3:59 PM

Mentioned in SAL (#wikimedia-operations) [2019-08-20T15:59:45Z] <urbanecm@deploy1001> Synchronized wmf-config/InitialiseSettings.php: 5ab38dc: Restrict account creation on es.wikiquote to 1 day/IP (T230796) (duration: 01m 00s)

gerritbot added a comment.Aug 20 2019, 4:05 PM

Change 531171 merged by jenkins-bot:
[operations/mediawiki-config@master] Enable DNS blacklist for es.wikiquote

https://gerrit.wikimedia.org/r/531171

Stashbot added a comment.Aug 20 2019, 4:08 PM

Mentioned in SAL (#wikimedia-operations) [2019-08-20T16:08:05Z] <urbanecm@deploy1001> Synchronized wmf-config/InitialiseSettings.php: fa903b7: Enable DNS blacklist for es.wikiquote (T230796) (duration: 00m 55s)

Urbanecm subscribed.Aug 20 2019, 4:10 PM

@MarcoAurelio: Deployed. Hope it helps!

Maintenance_bot removed a project: Patch-For-Review.Aug 20 2019, 4:10 PM
sbassett triaged this task as Medium priority.Aug 20 2019, 4:23 PM
MarcoAurelio added a comment.Aug 20 2019, 4:33 PM
In T230796#5425132, @sbassett wrote:

@MarcoAurelio - +1'd both of these. I should be able to security-deploy these sometime today. Re: it being a "dead" project, is it time to consider a project closure request?

@sbassett Thanks for the reviews. My choice of 'dead' was wrong now that I think about it. I meant dead in the sense that it doesn't seem to have frequent legit account creations of newbies. The project has low activity and has content, which bars project closure pursuant the current wording of the closing projects policy.

In T230796#5425253, @Urbanecm wrote:

@MarcoAurelio: Deployed. Hope it helps!

Thanks! I'm certainly not seeing further spambot registration for now. I intend to raise the account creation limit up to 4 in the next days.

MarcoAurelio added a comment.Aug 20 2019, 4:35 PM
In T230796#5425177, @Daimona wrote:

For a shorter-term and easier-to-implement solution, I'd suggest a (global?) AbuseFilter with the following rule: action === 'createaccount' & accountname rlike "[A-Z][a-z]+[A-Z][a-z]+[0-9]". If global, it could be used as tracking. If local, I wouldn't think twice about making it disallow or even block. According to the link in the description, 234/500 accounts would be caught.

This might be a solution for a brief period of time before it gets autothrottled by the system in cases of heavy spambot activity like the ones we had. It is also problematic per T152394. Thanks.

Urbanecm added a comment.Aug 20 2019, 6:19 PM
In T230796#5425316, @MarcoAurelio wrote:
In T230796#5425177, @Daimona wrote:

For a shorter-term and easier-to-implement solution, I'd suggest a (global?) AbuseFilter with the following rule: action === 'createaccount' & accountname rlike "[A-Z][a-z]+[A-Z][a-z]+[0-9]". If global, it could be used as tracking. If local, I wouldn't think twice about making it disallow or even block. According to the link in the description, 234/500 accounts would be caught.

This might be a solution for a brief period of time before it gets autothrottled by the system in cases of heavy spambot activity like the ones we had. It is also problematic per T152394. Thanks.

At worst, we can raise the throttle at any time.

Aklapper added a comment.Sep 16 2019, 9:52 AM

Four weeks later: Is more work needed here / is there a reason to keep this task open?

MarcoAurelio closed this task as Resolved.Sep 16 2019, 9:55 AM
MarcoAurelio claimed this task.

It's all good. Measures still in place at community request, and no issues reported.

Restricted Application added a project: User-MarcoAurelio. · View Herald TranscriptSep 16 2019, 9:55 AM
MarcoAurelio moved this task from unsorted/backlog to cabinet on the User-MarcoAurelio board.Sep 16 2019, 9:55 AM
Jcross moved this task from Incoming to Our Part Is Done on the Security-Team board.Sep 23 2019, 4:56 PM
Urbanecm added a comment.Dec 14 2019, 9:09 PM
In T230796#5495016, @MarcoAurelio wrote:

It's all good. Measures still in place at community request, and no issues reported.

is the account creation throttle rule to stay active?

chasemp added a project: Security.Feb 10 2020, 10:56 PM
chasemp removed a project: acl*security.Feb 20 2020, 8:16 PM
Zabe subscribed.Feb 21 2022, 1:43 AM
daniel mentioned this in T306878: TypeError: Argument 1 passed to MediaWiki\Auth\Throttler::__construct() must be of the type array or null, integer given .Apr 26 2022, 6:38 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL