Make sure anti-vandalism features are up to snuff
Open, MediumPublic
Actions

Assigned To

None

Authored By

	• flimport
	Apr 17 2014, 5:53 PM

Description

Tasks filed in previous upstream:

Possibility to delete comments in Maniphest (closed as WONTFIX)
Potentially related: Create a log for Maniphest batch edits (renamed to "Maniphest batch editor can affect far too many tasks")
Provide tools to combat and recover from abuse

Details

Reference: fl146

Related Objects
Search...

Status	Subtype	Assigned	Task
Open		None	T84 Make sure anti-vandalism features are up to snuff
Resolved		Aklapper	T158 Phabricator should let admins delete comments in Maniphest
Declined		None	T1185 Rate limit or restrict access to comment removal
Declined		Aklapper	T819 Restricting modification of tasks when they enter sprints
Declined		Qgil	T1178 Policy to define who can move cards in a workboard
Resolved		Qgil	T1292 Limiting Batch Edits to certain users
			Restricted Task
			Restricted Task
			Restricted Task
			Restricted Task
			Restricted Task
			Restricted Task
Resolved		Aklapper	T265723 Restrict creation of calendar items due to spam
			Restricted Task
			Restricted Task
			Restricted Task
			Restricted Task
			Restricted Task
			Restricted Task
			Restricted Task
			Restricted Task
Stalled	Feature	Aklapper	T330794 Disable Audit application in Phabricator
Resolved		Paladox	T361915 Adjust (or disable) H108
Resolved		Galahad	T361914 Disable H225
			Restricted Task
			Restricted Task
Resolved		brennen	T358610 Update wmf/stable to Phorge upstream's 2023.49 stable release
Resolved		Aklapper	T341604 Change "Edit Policy" of {older \| newer} existing projects from {"All Users" \| "Trusted-Contributors"} to ACL tags {Trusted-Contributors \| aclphabricator \| aclProject-Admins \| WMF-NDA}
			Restricted Task
			Restricted Task
			Restricted Task
Resolved		Aklapper	T361006 Restrict activity options (commenting, editing) related to merged commits in Diffusion
			Restricted Task
Resolved		LSobanski	T364043 ProbeDown - phab1004
Resolved		Jelto	T364489 ProbeDown - phab1004
Resolved		Jelto	T364701 ProbeDown (phab1004)
			Restricted Task
Resolved		Jelto	T364807 ProbeDown (phab1004)
Resolved		Jelto	T364817 ProbeDown (phab1004)
			Restricted Task
			Restricted Task

Event Timeline

There are a very large number of changes, so older changes are hidden. Show Older Changes

https://phabricator.wikimedia.org/p/Qse24h/ just mass-closed many tasks as duplicates.

Base subscribed.May 9 2017, 10:57 AM

2017-06-17: Registriation of dozens of accounts from a large variety of IP addresses, upload of illegal material and creation of dozens of tasks (see https://phabricator.wikimedia.org/T168142 )

zhuyifei1999 subscribed.Jun 17 2017, 8:56 PM

For the records, first "support help desk" spam appearance on this instance in https://phabricator.wikimedia.org/T167009#3380778, from an Indian "Airtel Broadband" IP.

I could, theoretically, write a tool which walks a user's transaction history and systematically reverts every action of the user during a given time period...

More vandalism examples:
https://phabricator.wikimedia.org/p/Ptrpov mass-merged a bunch of tasks on 20171201.
https://phabricator.wikimedia.org/p/FiZie/ on 20171208
https://phabricator.wikimedia.org/p/IZoid/ setting a huge number of parent tasks by editing a single task on 20171209. Related: Could not find a way to fully delete profile images.
https://phabricator.wikimedia.org/p/Sandraramirez3888/ on 20171209.
https://phabricator.wikimedia.org/p/1978Gage2001/ massmoved tasks from one column to another column on 20171211.
https://phabricator.wikimedia.org/p/Popsicleface048/ mass-losing numerous tasks as declined on 20171213
https://phabricator.wikimedia.org/p/ithinker143/ mass-emptying open UBN tasks on 20171214 (same user as https://phabricator.wikimedia.org/p/FiZie/ )

Aklapper mentioned this in T177409: Allow users to edit saved filters instead of having to edit and replace.Feb 21 2018, 6:57 PM

https://phabricator.wikimedia.org/p/238482n375/ - Sweeping changes to a collection of tasks. Biggest impact was setting bugs to secure only and removing subscribers, essentially hiding bugs from projects.

Teles subscribed.Jun 15 2018, 9:19 AM

jhsoby subscribed.Jun 15 2018, 9:27 AM

• Tbayer subscribed.Jun 15 2018, 10:34 AM

In T84#3592783, @mmodell wrote:

I could, theoretically, write a tool which walks a user's transaction history and systematically reverts every action of the user during a given time period...

Please! That would be fantastic

Aklapper mentioned this in T197456: Remove security vandalism of various tasks (2018-06-15).Jun 15 2018, 3:15 PM

matmarex subscribed.Jun 15 2018, 3:45 PM

MusikAnimal subscribed.Jun 15 2018, 7:02 PM

Dalba subscribed.Jun 16 2018, 6:23 AM

Nirmos subscribed.Jun 16 2018, 11:55 AM

Ltrlg subscribed.Jun 17 2018, 7:00 PM

Aklapper added a subtask: Restricted Task.Jun 20 2018, 11:18 AM

Malyacko subscribed.Jun 20 2018, 11:22 AM

Aklapper added a subtask: Restricted Task.Jun 20 2018, 12:34 PM

Aklapper added a subtask: Restricted Task.Jun 20 2018, 12:43 PM

Qgil unsubscribed.Jun 22 2018, 6:53 AM