Page MenuHomePhabricator
Create Task
Maniphest T302640

Harden Special:Random and API:Random to automatically adjust in certain ways during on-wiki incidents
Open, Needs TriagePublic
Actions

Description

Given some recent unpleasantness (T302047) along with past incidents (T257687), it would be nice to add some functionality to Special:Random and API:Random to reduce their efficacy in allowing certain actors a quick and easy means of finding random wiki pages. There are a number of ways this could be triggered (block activity, AF activity, a mediawiki GUI setting, etc.) and a number of ways Special:Random and API:Random could have their behavior adjusted (throttle, return a small subset of pages, noop, etc). Yes, this can be handled by writing ad-hoc code within PS.php, but it would be nice to facilitate a quicker response time that didn't involve a production deployment. And yes, there are other ways for an actor to generate a large list of random wiki pages, but the aforementioned methods are well-known and easy to use.

Event Timeline

sbassett created this task.Feb 25 2022, 10:30 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptFeb 25 2022, 10:30 PM
Zabe subscribed.Feb 25 2022, 10:33 PM
DannyS712 subscribed.Feb 26 2022, 3:18 AM

Perhaps the behavior adjustment could be to only return protected pages, or similar, so that its not obvious that the randomness is restricted, but it is harder to use for vandalism

Reedy edited projects, added SecTeam-Processed; removed Security-Team.Feb 28 2022, 4:45 PM
TheresNoTime subscribed.Mar 8 2022, 6:24 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL