Hello,
Can you please explain how this account was created? Also how can this be avoided? Because it's affected the logs
For reference please see CentralAuth
Thanks
alaa | |
Oct 12 2023, 8:15 PM |
F38217274: Screenshot 2023-10-12 231522.png | |
Oct 12 2023, 8:15 PM |
F38217267: Screenshot 2023-10-12 231214.png | |
Oct 12 2023, 8:15 PM |
Hello,
Can you please explain how this account was created? Also how can this be avoided? Because it's affected the logs
For reference please see CentralAuth
Subject | Repo | Branch | Lines +/- | |
---|---|---|---|---|
Add space-like and more invisible letters | mediawiki/libs/Equivset | master | +95 -7 |
ChatGPT as the best friend: https://chat.openai.com/share/8df51bc8-f0a5-413e-9355-aebfa4468692
Reference: https://www.compart.com/en/unicode/U+1164
ChatGPT is a bit off, it's actually a series of Hangul fillers (U+3164).
Equivset/Antispoof only groups together the Hangul filler with the half-width Hangul filler, which is not super useful. I guess we'd need an equivalence set of spacelike/invisible characters, so we can ban them at the beginning or end of a username?
Not really a problem with CentralAuth, in any case.
Change 1004323 had a related patch set uploaded (by Umherirrender; author: Umherirrender):
[mediawiki/libs/Equivset@master] Add more space-a-like and invisible letters
Change 1004323 merged by jenkins-bot:
[mediawiki/libs/Equivset@master] Add space-like and more invisible letters
The linked patch sets needs a new release of the equivset package, that could be happen in some months.
I have tested it with AntiSpoof and the error handling is not nice:
To prevent confusion, the username "ㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤ" cannot be used: Your provided username is too short. Please choose another username.
But at least it cannot be created.
The hangul filler is now replaced with spaces and AntiSpoof removed all spaces in the validation step, making the user name the empty string within the checks.