Page MenuHomePhabricator
Create Task
Maniphest T304111

Set StopForumSpam to enforce on beta cluster
Closed, ResolvedPublic
Actions

Description

  • Logging looks good on beta now in that we're getting plenty of report-only data there, according to beta-logs.wmcloud.org/mwlog01.deployment-prep.
  • Over the past week (ending 3/17/2022) we're averaging about 6,671 filter trips per day. Which... is possibly a lot for the beta cluster? But we won't really have a great sense of the true false positive rate until we set to enforce and people start to complain.
  • Just looking at the code again, there's probably some logspam/redundancy as this logging technically isn't guarded by the report-only global. And basically the same thing will now also get logged here.
  • Let's merge this on a Monday?

Details

SubjectRepoBranchLines +/-
Set StopForumSpam to enforce on the beta clusteroperations/mediawiki-configmaster+0 -1
Set StopForumSpam to enforce on the beta clusteroperations/mediawiki-configmaster+0 -1
Customize query in gerrit

Related Objects
Search...

Event Timeline

sbassett triaged this task as Low priority.Mar 17 2022, 8:00 PM
sbassett created this task.
sbassett removed a project: User-notice.
sbassett moved this task from Incoming to In Progress on the Security-Team board.
sbassett updated the task description. (Show Details)
sbassett updated the task description. (Show Details)Mar 17 2022, 8:08 PM
gerritbot added a comment.Mar 17 2022, 8:13 PM

Change 771696 had a related patch set uploaded (by SBassett; author: SBassett):

[operations/mediawiki-config@master] Set StopForumSpam to enforce on the beta cluster

https://gerrit.wikimedia.org/r/771696

gerritbot added a project: Patch-For-Review.Mar 17 2022, 8:13 PM
sbassett mentioned this in T273220: Deploy StopForumSpam extension to production.Mar 17 2022, 8:27 PM
gerritbot added a comment.Mar 21 2022, 3:55 PM

Change 771696 merged by jenkins-bot:

[operations/mediawiki-config@master] Set StopForumSpam to enforce on the beta cluster

https://gerrit.wikimedia.org/r/771696

Stashbot added a comment.Mar 21 2022, 3:56 PM

Mentioned in SAL (#wikimedia-operations) [2022-03-21T15:56:35Z] <reedy@deploy1002> Synchronized wmf-config/CommonSettings-labs.php: T304111 (duration: 00m 50s)

Maintenance_bot removed a project: Patch-For-Review.Mar 21 2022, 4:10 PM
sbassett updated the task description. (Show Details)Mar 21 2022, 4:22 PM
sbassett added a comment.Mar 21 2022, 9:11 PM

Revert was pulled to deployment but not synced (2a37e70fc7ba63209264b890aa36b5b6c19e028d)

sbassett added a comment.Mar 22 2022, 3:36 PM

It looks like SFS enforce mode might have worked fine, but that it either broke logs being sent to beta-logs.wmcloud.org, or that coincidentally broke at about the same time as this config patch was deployed. There are definitely logs from today (2022-03-22) on deployment-mwlog01:/srv/mw-log and likely were yesterday. But I was using beta-logs to monitor and didn't think to check on the server. And channel:StopForumSpam is still not reporting anything on beta-logs.

Anyhow, I still want to refactor Hooks::onGetUserPermissionsErrorsExpensive - basically reduce redundant logging and better organize and log around the early returns. That'll be a new bug that I'll file soon. Then we can likely re-enable SFS enforce mode and deal with the beta-logs issue later.

sbassett added a comment.Mar 22 2022, 7:03 PM

Upon further review of the StopForumSpam beta logs (/srv/mw-log) for 2022-03-01, about 841 out of 8,490 lines look to be enforcing actions (i.e. not "user tripped...") So this did appear to work properly, but for some reason it also broke channel:StopForumSpam in beta-logs, where it still appears to be broken.

sbassett mentioned this in T304519: ext:StopForumSpam config seemingly broke channel:StopForumSpam within beta-logs.wmcloud.org.Mar 23 2022, 2:48 PM
gerritbot added a comment.Mar 23 2022, 8:32 PM

Change 773340 had a related patch set uploaded (by SBassett; author: SBassett):

[operations/mediawiki-config@master] Set StopForumSpam to enforce on the beta cluster

https://gerrit.wikimedia.org/r/773340

gerritbot added a project: Patch-For-Review.Mar 23 2022, 8:32 PM
sbassett mentioned this in T304563: Refactor logging logic within Hooks::onGetUserPermissionsErrorsExpensive.Mar 23 2022, 8:45 PM
sbassett moved this task from Backlog to In Progress on the user-sbassett board.Mar 25 2022, 6:39 PM
gerritbot added a comment.Mar 28 2022, 8:58 PM

Change 773340 merged by jenkins-bot:

[operations/mediawiki-config@master] Set StopForumSpam to enforce on the beta cluster

https://gerrit.wikimedia.org/r/773340

sbassett added a comment.Mar 28 2022, 9:04 PM

SAL for second-attempt deploy (should be fine now).

Maintenance_bot removed a project: Patch-For-Review.Mar 28 2022, 9:10 PM
sbassett added a comment.EditedMar 29 2022, 3:03 PM

Ok, this seems to be working well and we don't appear to have a coincidental beta-logs outage either :) Stats since yesterday's config sync:

  • 2,299 total channel:StopForumSpam events on the various *.beta.wmflabs.org sites
  • 2,207 active blocks of users/IPs
  • 92 exemptions from either sfsblock-bypass or autoblock exemptions
sbassett closed this task as Resolved.Mar 29 2022, 6:56 PM
sbassett moved this task from Backlog to Done on the MediaWiki-extensions-StopForumSpam board.
sbassett moved this task from In Progress to Done on the user-sbassett board.
sbassett moved this task from In Progress to Our Part Is Done on the Security-Team board.
sbassett removed a project: Wikimedia-Extension-setup.
sbassett mentioned this in T273238: Write a script to parse StopForumSpam logs and make some stats.Mar 29 2022, 7:02 PM
sbassett mentioned this in T299629: Test disabling the captcha on some Wikimedia wikis.May 2 2022, 9:07 PM
sbassett added a comment.EditedMay 9 2022, 8:20 PM

As of 2022-05-09:

  • 71,590 blocked user actions on beta cluster over the past 30 days
  • 21,569 IP-based exemptions from SFS blocking actions over the past 30 days
  • 6 cases where an IP address was not able to be obtained (not sure how/why this happens)
TheresNoTime awarded a token.May 9 2022, 8:24 PM
MarioGom subscribed.May 10 2022, 7:12 AM
sbassett mentioned this in T309900: Determine initial wikis for production deployment of ext:StopForumSpam.Jun 3 2022, 9:05 PM
sbassett added a comment.EditedJun 3 2022, 9:23 PM

From 2022-05-18 to 2022-06-03, according to beta-logs:

  • 91,735 blocked user actions on beta cluster
  • 20,267 IP-based exemptions from SFS blocking actions
  • 6 cases where an IP address was not able to be obtained (not sure how/why this happens)
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL