Page MenuHomePhabricator
Create Task
Maniphest T392754

Installing the UserPageEditProtection extension on jawiki
Open, Stalled, Needs TriagePublicRequest
Actions

Description

The Japanese Wikipedia has an abuse filter that prohibits IPs and new users who have not yet reached a certain number of edits or days since joining from editing other users' user pages with some exceptions. However, since around June 2023, vandals have been abusing this filter mechanism by repeatedly attempting to edit pages in the User: (利用者:) namespace in a short time, filling the filter log with records of their actions and disrupting monitoring (e.g. 1, 2). Semi-protection has been implemented for pages targeted by vandals, but they keep changing their targets, resulting in a cat-and-mouse game. Therefore, in order to prevent vandals from accessing the editing screen of any page in the User namespace (except for their own user pages) in the first place, I would like to request the following changes to the wiki settings:

  • Install the extension UserPageEditProtection.
  • Grant the editalluserpages permission (provided by the extension) to autoconfirmed and confirmed user group.
  • Transfer the authority to grant and remove the confirmed user group from bureaucrat to accountcreator and sysop.

Restricting access to the edit screen of other users' user pages is intended to be limited to IPs and users who have not been autoconfirmed. The last change is intended as a relief measure for bona fide users who may be restricted by the introduction of the extension.

After sufficient announcement and nearly two months of discussion on the page linked below, the community has reached a consensus. For further details, please see the discussion at the village pump:

Related Objects
Search...

Event Timeline

Yushu-kasai created this task.Apr 26 2025, 11:38 AM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptApr 26 2025, 11:38 AM
Nemoralis added a project: Wikimedia-Extension-setup.Apr 26 2025, 12:08 PM
Nemoralis subscribed.

This extension has not been deployed to any Wikimedia wiki, so it has not been tested for security or performance. Therefore, even if the request is accepted, it will take a long time.

Pppery added projects: Wikimedia-extension-review-queue, Moderator-Tools-Team.Apr 26 2025, 12:15 PM
Pppery subscribed.

Adding Moderator-Tools-Team as the WMF team most likely to steward this extension per the first step on https://www.mediawiki.org/wiki/Writing_an_extension_for_deployment

Nemoralis unsubscribed.Apr 26 2025, 1:18 PM
Aklapper changed the task status from Open to Stalled.Apr 26 2025, 3:38 PM

Please see the checklist of requirements at https://www.mediawiki.org/wiki/Writing_an_extension_for_deployment

Scardenasmolinar subscribed.May 1 2025, 5:20 PM

Due to the fact that this extension has not gone through security and performance testing, we will not consider stewarding this extension until further notice.

Scardenasmolinar removed a project: Moderator-Tools-Team.May 1 2025, 5:20 PM
Yushu-kasai added a comment.May 3 2025, 8:54 AM

Is there anything else we, as the jawiki community, need to do in the future to make this request a reality?

Pppery unsubscribed.May 3 2025, 12:44 PM
Aklapper added a comment.May 6 2025, 10:30 AM

@Yushu-kasai See my previous comment: Please see the checklist of requirements at https://www.mediawiki.org/wiki/Writing_an_extension_for_deployment

Blablubbs subscribed.May 9 2025, 11:19 AM
Pppery added a comment.EditedMay 10 2025, 4:11 AM

Due to the fact that this extension has not gone through security and performance testing, we will not consider stewarding this extension until further notice.

You're creating a chicken or the egg problem here. There's no incentive for anyone to take the extension through the required security and performance reviews unless some WMF team agrees to steward it. For example see how T355161 has stalled.

(To be clear, my motivation is not to blame anyone here, nor to make anyone feel obligated to do anything, but instead to highlight the fact that the processes here are broken for reasons that aren't anyone here's fault. See more ranting about this at T355150#10001057 and T379526)

Pppery subscribed.May 10 2025, 4:11 AM
Pppery moved this task from Backlog to Blocked on development on the Wikimedia-Site-requests board.May 20 2025, 1:56 PM
Soda subscribed.Thu, Nov 20, 3:37 PM

Given that the code inside this extension can legitimately fit into a Phabricator comment, and to my understanding does not impact any major performance-sensitive components, I don't see why this couldn't/shouldn't be upstreamed into MediaWiki. For what it's worth, I think meta (and a few other projects) already monkey-patch this in using AbuseFilters.

Soda created subtask T410654: Upstream UserPageEditProtection to MediaWiki core.Thu, Nov 20, 4:00 PM
Soda created subtask T410655: Add the ability to grant the confirmed userright to admins and account creators on jawiki.Thu, Nov 20, 4:03 PM
Soda added a comment.Thu, Nov 20, 4:05 PM

@Yushu-kasai I assume jawiki is still interested in this being implemented?

Yushu-kasai added a comment.Fri, Nov 21, 2:06 PM

Thank you, @Soda. I personally still believe that a change in the system, including introducing this extension, may be necessary to solve the jawiki problem. However, I am not entirely sure whether other users’ opinions have changed or whether new issues have emerged over time. If possible, could you give me a week or two so that I can re-examine whether this change is truly needed, just to be sure?

Soda added a comment.Fri, Nov 21, 4:01 PM

Sure!

Dragoniez subscribed.Sat, Nov 22, 6:52 AM
Yushu-kasai added a comment.Sat, Dec 6, 2:57 PM

I have properly re-announced the topic to the jawiki community to the jawp community for two weeks, and no objections have been raised (please see the village pump subpage). Therefore, I believe we can move forward with this system change.

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits