UDWiki talk:Administration/Vandal Banning/Bots

From The Urban Dead Wiki
Jump to navigationJump to search

Archives

Talk Archives

Vandal Banning Archive

2006 Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec
2007 Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec
2008 Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec
2009 Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec
2010 Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec
2011 Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec
2012 Jan Feb Mar Apr May Jun Q3 Q4
2013 Q1 Q2 Q3 Q4
Years 2014 2015 2016 2017 2018 2019
2020

General Discussion Archives


Bots Discussion

Regarding the New Header

So the way the new header is set up it rolls up a week every Saturday and the Day counter runs from 0-6. That way we can visibly keep track of when the page should be purged without actually having to go through too much trouble of browsing the votes beforehand. Should make things a little bit easier while making this page take up less space in A/VB's ToC and page. --Karekmaps?! 23:12, 11 April 2011 (BST)

Of course, it gets purged much more often than one week at this point in time. I've been purging every couple of days to keep it from breaking A/VB with unclusion calls ({{vndl}} and sigs).I like the idea, though. I think it would help if we all deciding to put all new reports at either the top or the bottom. ~Vsig.png 22:29, 12 April 2011
It can't/shouldn't now. That was because of stuff added to both this page and the A/VB archive page that I removed and had less to do with large amounts of page use. Generally new reports have always been at the top for all admin pages.--Karekmaps?! 02:42, 13 April 2011 (BST)
We'll see. We had a lot of vandal cases in March b/c of jokes and actual legitimate vandalism. We're half way through April and already quite a bit of vandal data and the bots aren't letting up. As the month progresses both the bot page and the a/vb archive will be competing for inclusion size. Plus it looks neater if there aren't 40 bot reports. But I am willing to do the once a week purge to see how it goes. ~Vsig.png 03:37, 13 April 2011
Case in point: if you check UDWiki:Administration/Vandal_Banning/Archive/2011_03 at this very moment, it is broken due to inclusion calls. I've made a template - {{bot}} which should be a smaller inclusion size. This might help and might also trim down on the clutter. It is basically {{vndl}} without bot talk page, vandal data, or discussion links. ~Vsig.png 16:12, 13 April 2011

Adbot section

Anyone have an actual problem with putting the adbot section back on the main page, and not archiving them for more than a few days? It's the way we used to treat adbot permas, and it was mistakenly left off the page when it was upgraded (see Hagnat's fist VB case for the month) -- boxy talkteh rulz 14:52 15 July 2009 (BST)

I will only agree to it if you put it through an arduous policy process.--xoxo 14:53, 15 July 2009 (BST)
I unironically agree with J3D. --CyberbobPOST HERE 14:54, 15 July 2009 (BST)
Repairs to pages that were messed up don't need to go through A/PD unless there are some real objections to the actual changes -- boxy talkteh rulz 15:02 15 July 2009 (BST)
Obviously there's no "need" but it sets a much nicer precedent because you just know how much the "give an inch take a mile" deal is played out around here. Putting this thing onto A/PD should be the number 1 choice because it safeguards against any more accidental changes of this nature as well as dealing with the precedent issue, but I would have been happy with at least some kind of attempt to open a dialogue about it first. --CyberbobPOST HERE 15:06, 15 July 2009 (BST)

A spambot edit creates a page which then spawns at least 3 more (A/VB report, User Page to issue a warning? and then a record of the ban) How is that really useful or sensible? What is wrong with the idea of just report and ban in such obvious cases? --Honestmistake 15:10, 15 July 2009 (BST)

They don't get recorded on A/VD, just VB (whichever system we use). I think the creation of the user page just for the adbot template may have been so that people could easily tell that the spambot had already been dealt with, so avoiding multiple reports. But I don't see that as much of an issue, when A/VB is so quite these days. In any case, I don't see any reason whatsoever for archiving of the report -- boxy talkteh rulz 15:16 15 July 2009 (BST)
Once this drama is settled, and I have the energy I'll go back and delete the reports made plus the adbots' pages from the last few months (no matter who "wins" the old system will be in place because we all agree on that front I think). --CyberbobPOST HERE 15:18, 15 July 2009 (BST)
Agreed. --RosslessnessWant a Location Image? 15:50, 15 July 2009 (BST)
Will the bots bans be archived? or just removed weekly? DANCEDANCEREVOLUTION (TALK | CONTRIBS) 03:19, 16 July 2009 (BST)
Removed weekly, from my reading of it. Linkthewindow  Talk  03:36, 16 July 2009 (BST)
How irritating, it requires the same work (because either way, you are making a record of your ban of the bot) but with the added annoyance of having to come to A/VB every week and remove them. DANCEDANCEREVOLUTION (TALK | CONTRIBS) 04:06, 16 July 2009 (BST)
You're worried about having to edit A/VB once a week? The wiki is seldom that peaceful. In practice, they'll just be wiped whenever someone notices (and it doesn't even have to be a sysop, other users making new reports can do it). I think you're just pissed because of your spimbot game :p -- boxy talkteh rulz 10:09 16 July 2009 (BST)
Oh my god I forgot about that, now I'm angrier than ever! --ϑϑℜ 10:14, 16 July 2009 (BST)

Spambots

So, are any of these doing anything for you? Does it make you want to buy those stuffs? They really seem to like this wiki for some reason. --  AHLGTG THE END IS NIGH! 18:48, 14 July 2009 (BST)

They attack most wikis. I'm on a few at the moment who have had some troubles with them. See main page for an extra comment- if they don't agree to our demands, I shall rally a counter-spam unit to spam their contact desk. Mwa ha ha. You in? DANCEDANCEREVOLUTION (TALK | CONTRIBS) 18:58, 14 July 2009 (BST)
I will prepare my Nekkid Romping Gnome division (NRG) for this assault. --  AHLGTG THE END IS NIGH! 19:09, 14 July 2009 (BST)

adbot user pages

should we have a schedule deletion discussion about the removal of adbot user pages ? or is it covered any of the current criteria ? IMHO, creating user pages for adbot was always stupid, and we should remove them and any reference to them from the wiki. --People's Commissar Hagnat [talk] [wcdz] 17:03, 15 July 2009 (BST)

You should read. I've already said I'll delete all instances of the adbot template as well as the cases going back a few months. It will most likely happen either tomorrow or on the day after. --CyberbobPOST HERE 17:07, 15 July 2009 (BST)
I did read, but what if you fail to delete them all ? what if they are created in the future ? shouldnt there be a criterion to deal with them ? --People's Commissar Hagnat [talk] [wcdz] 17:21, 15 July 2009 (BST)
I can't fail to delete them all because I simply went off "What Links Here" from the template page. Durr. As for the rest, I don't see why not. I'll go make the scheduled vote right now. --CyberbobPOST HERE 17:26, 15 July 2009 (BST)
If you do so, remember to add a seld-delete clause on the deletion request itself once it gets approved. Nothing to be left behind of an adbot accuont. --People's Commissar Hagnat [talk] [wcdz] 17:40, 15 July 2009 (BST)
(scheduled deletions aren't the same thing as speedy deletions) --Cyberbob 17:41, 15 July 2009 (BST)

Wait.

Why does this need to be a whole separate templated page again? The only reason we use templates for admin pages is because it makes them easier to archive and this section isn't going to be archived. Surely it would be simpler just to have it as a separate heading on A/VB itself? --CyberbobPOST HERE 17:13, 15 July 2009 (BST)

then you'd have to check A/VB, which i believe most users dont. When they have the current month on their watchilist, they simply check it. This also make it easier to identify what this page is about, leaving the other pages to be edited by content that is relevant for those pages --People's Commissar Hagnat [talk] [wcdz] 17:19, 15 July 2009 (BST)
Everyone has A/VB on their watchlist anyway, or should. --ϑϑℜ 10:04, 16 July 2009 (BST)
It's a lot better off at the top of the monthly archives, it's the one that is edited the most, and where people get sent after editing one of the VB cases. No point making people go to the A/VB main page as well, just to deal with adbots. But it could be simply added to the A/VB header that gets added to the monthly archives -- boxy talkteh rulz 10:26 16 July 2009 (BST)

Bot Rush

With the current bot rush, what about changing the way bots are filed in order to cut down space that gets eaten? We could for instance use the day as header and then file the vndl-templates underneath along with the sig of the serving op. -- Spiderzed 12:38, 28 March 2011 (BST)

Maybe just use sig of the op and day as the sig says, as me and i think vapor have been doing. it's only a formality for accountability etc. not really important -- ϑanceϑanceevolution 14:00, 28 March 2011 (BST)
I used my own header for a bit but then just started adding to the top header. At the rate they're coming in, they're being cycled a day or two later so it doesn't matter much. We honestly could do without headers and just stack the {{vndl}} template with timestamp to reduce clutter. At least for the time being. ~Vsig.png 14:22, 28 March 2011
Cut away headers, file the newest on the top with vndl and sig? Sounds like a plan to me. I'll change it tomorrow unless someone produces an outcry. -- Spiderzed 22:17, 28 March 2011 (BST)
I dig that. As long as the headers aren't stinking up the main A/VB contents then I'm happy. -- ϑanceϑanceevolution 00:41, 29 March 2011 (BST)
Might just want to link to bot user pages rather than using tl:vndl. Too many template calls were killing A/VB. Had to cycle everything except today's bots. ~Vsig.png 01:14, 29 March 2011

Othpeli

I'm amused that Othpeli created a page advertising for jobs In Christian education on a website that is about a zombie apocalypse. Granted, it is probably automated and was trawling for wikis, but it's still funny. --Akule Maker of fine, hand-crafted UDWiki sass since 2006 -- Akule School's back in session™ 01:16, 15 April 2011 (BST)

Extensions

We should totally ask for Extension:SpamBlacklist. After all, we got an update this month: why not strike while the iron's hot? ᚱᛁᚹᛖᚾ 15:26, 27 April 2011 (BST)

We have the Username Blacklist extension. Could this help in our spambot related problem?

—~Vsig.png 19:33, 27 April 2011

Not really; not only is it obsolete, but the bots are using random names which can't really be filtered. Updating to the replacement Extension:TitleBlacklist would probably help, but only somewhat. Still, every measure we can get in place will do some good. ᚱᛁᚹᛖᚾ 02:20, 28 April 2011 (BST)
Hmm. Well I suppose we could add it to the list of things we'd like Kevan to fix. We also have the ConfirmEdit extension which I believe can be configured by syspos without the need to access the backend. If I'm reading correctly, it can be configured to require capcha when URLs are added and has options to whitelist certain URLs, whitelist groups (like UDWiki:Autoconfirmed Users), and whitelist users with confirmed emails. There is a similar line of discussion happening on UDWiki_talk:Administration/Policy_Discussion/Semi-protection#Ideas_for_implimentation this policy discussion. ~Vsig.png 06:11, 28 April 2011
The default configuration for ConfirmEdit has it display a CAPTCHA for adding a URL, creating an account, and messing up a login. I don't recall ever seeing any of these. Might be time to create a test account and see if any of them come up…
The only thing listed as sysop-editable for ConfirmEdit is a URL whitelist, everything else requires sysadmin privs. Our Username Blacklist is sysop-editable, but I defy you to come up with any regex that will match the bots we've been getting.
Extension:Check Spambots looks very nice… ᚱᛁᚹᛖᚾ 08:02, 28 April 2011 (BST)

Spam Page

Relevant conversation moved from main page.

Got. Would you mind using the {{Spam Page}} template on them? -- boxy 07:08, 1 May 2011 (BST)

mmmk so instead of posting here? any reason? i mean i don't even look at the page to begin with. i just spot the bot in RC and report it.-- Boobs.sh.siggie.gif   bitch  00:02, 2 May 2011 (utc)
This is why. ᚱᛁᚹᛖᚾ 02:58, 2 May 2011 (BST)
Also post a report here. But I'd like to see the pages wiped as soon as possible so that they don't get picked up by search bots. You don't even have to put the template on, a simple page wipe would do -- boxy 03:56, 2 May 2011 (BST)
Only if the template doesn't look like a user template but actually a notice. --Karekmaps 2.0?! 13:48, 2 May 2011 (BST)
so let me get this straight so i don't muck it up? post on the bots page with the {{bot|user}} thing, add {{Spam Page}} to the page and wipe it? seems like a lot of work. which would make me prone to not even bother anymore.-- Boobs.sh.siggie.gif   bitch  13:57, 2 May 2011 (utc)
It's two more clicks pretty much. Although the template should be moved to {{BP}} probably. Spaces in templates are needlessly confusing.--Karekmaps 2.0?! 13:59, 2 May 2011 (BST)
It's not a big deal. Do it, or don't do it. Just a suggestion. Just keep reporting them if we miss 'em and I'll be happy Yes.gif -- boxy 07:18, 3 May 2011 (BST)

Hitting Special:NewPages and/or Special:Contributions/newbies works as a quickie check, by the way. That is all. --  AHLGTG THE END IS NIGH! 22:54, 3 May 2011 (BST)

I've changed my mind... don't mess with the spam pages, just report the bots here. It seems to be leading to sysops banning those who try to help out, rather than the actual spambot :( -- boxy 15:26, 29 May 2011 (BST)

DOH!--User:Sexualharrison19:39, 29 May 2011 (bst)

I have been so out of the loop. This is what I get for not checking here for a couple weeks. Sorry about whatever confusion my template has been causing... So, do we get rid of it?-- †  talk ? f.u. 04:46, 30 May 2011 (BST)

It's not the templates fault... just human error, is all -- boxy 13:16, 30 May 2011 (BST)

Rangeblocks

I've been using CheckUser to take a look at the IPs for a few of the spambots. To take a random sample, the last 3 I banned were from China, Bangladesh, and Brazil, probably from compromised machines.
Assuming we can't get any of the special-purpose DNSBLs loaded, I think it might be a good idea to rangeblock some of the ISPs/countries we're getting the most spam from, and leave a note to anyone who's caught by such a ban that they can request an account be created for them.
As long as we only block account creation, existing users should be unaffected.
Thoughts? ᚱᛁᚹᛖᚾ 02:15, 6 May 2011 (BST)

Shouldn't be too hard. There's plenty of sources for the ranges of a bot network once you have a few of the IPs. --Karekmaps 2.0?! 02:38, 6 May 2011 (BST)
Aye.
Z.Kick.gif
Was just struck by another thought: am I the only one to find it extremely appropriate that we are under siege by a zombie botnet? ᚱᛁᚹᛖᚾ 04:20, 6 May 2011 (BST)
I stopped finding things appropriate when the old ones started playing with rainbows. --Karekmaps 2.0?! 04:50, 6 May 2011 (BST)

Question

I refuse to read all the above, but has anyone asked Kevan to simply edit the wiki code to prevent page creation - outside the userpage - for users with < 1 edit? This would make it so you had to discuss something, edit an existng page, etc. before you had the "right" to make a new page. I mean... how many legitimate users actually sign up, then create a fully-formed page as their first act? Kevan's a smart guy, he can find and change one line of code to include "if less than one edit, disallow page creation". -- Amazing(UD + WTF = HR) 05:56, 14 May 2011 (BST)

Short answer? Yes. Long answer? YEEEEEEEEEEEEEEEEEEEEEEEES. ᚱᛁᚹᛖᚾ 06:25, 14 May 2011 (BST)
The autoconfirmed group doesn't actually implement this: It's only designed for protecting specific pages from new users and doesn't restrict the ability to create newpages.
Such a restriction could be put in place by removing the "createpage" permission from the 'user' group, setting up a new group with the permission, and then using the $wgAutopromote setting.--The General T Sys U! P! F! 19:32, 29 May 2011 (BST)

Policy on pre-emptively banning spambots?

I was just wondering what the feeling was on banning new accounts where the ips resolve to those used by spambots before they've actually made any edits? To give an example: I noticed the latest spambot earlier to day; googling the ip came back as a known spammer. Would it have been acceptable to pre-emptively ban the account?--The General T Sys U! P! F! 18:00, 25 May 2011 (BST)

Banning known bot IPs has never been an issue in the past. Conn and myself have fairly large banned IP lists due to pre-emptively banning known bot IPs or TOR access points. --Karekmaps 2.0?! 21:28, 25 May 2011 (BST)
I knew that banning proxies was allowed, just wanted to check on pre-emptively banning users who weren't actually using proxies. Glad to know that common sense prevails.--The General T Sys U! P! F!
so it's okay to add them to the bot list early? i've gotten pretty good at spotting them.--User:Sexualharrison00:37, 26 May 2011 (bst)
Normally we use preexisting bot lists in cases like that to avoid accidentally banning real users but, yeah if you can verify beyond a doubt that it's a bot go for it. --Karekmaps 2.0?! 02:24, 26 May 2011 (BST)
May be just ban the IP, rather than the user? -- boxy 13:18, 30 May 2011 (BST)
i can't verify anything as i have no shiny check user buttons, nor would I want it. i just go with if it's a random sounding name. 9/10 times i've been right.--User:Sexualharrison13:23, 30 May 2011 (bst)
Well, if it looks like a bot then feel free to add it and just include a note that it hasn't actually made any edits yet; we'll be sure to checkuser it before banning.--The General T Sys U! P! F! 13:45, 30 May 2011 (BST)

The Great Flood

It's spiraling pretty hard out of control in last couple of days. At this rate it's going to overwhelm us sooner than later, even though we currently have one of the largest pool of sysops since the wiki's inception. There's been talk over several different solutions but as far as I can tell nothing has been pushed through yet. Most solutions seem to need Kevan's assistance though, so how about trying to get it in his head that this spam problem is turning into a pretty serious issue? -- Cat Pic.png Thadeous Oakley Talk 18:25, 7 June 2011 (BST)

Flood? Out of control? Mate, what we got here is just a trickle - THIS is what a spam flood looks like, and as one of two active sysops on that wiki, I had to clean pretty much all of it all up. Then the wiki owner finally got off his arse after going AWOL for a few years and disabled anonymous edits, which helped to say the least. But seriously, I'd say we have more than enough sysops to deal with this little flurry. ~~ Chief Seagull ~~ talk 18:44, 7 June 2011 (BST)
yeah. This. Twenty edits a day, needing 40 edits to clear and ban them. Ive had to deal with twice that on wikis as the only sop. --Rosslessness 18:47, 7 June 2011 (BST)
Probably due to my vanishing. I assume. Anyways, yeah. Given a bit of time so we can get a good enough idea of what specific bot sets this is we can actually pre-emptively block the set. So it's not really that big of a worry. --Karekmaps 2.0?! 21:21, 7 June 2011 (BST)
Final Solution: Deathcamps. Also, as the above. The various spin off browser game wikis get loads more (Hell rising gets none, so obviously what Amazing does works, btw)--Yonnua Koponen T G P ^^^ 22:16, 7 June 2011 (BST)
So far there's nothing remotely consistent in the IPs that I've seen. What pattern are you planning to block?--The General T Sys U! P! F! 23:26, 7 June 2011 (BST)
I was more referring to the fact that once we have the means to be sure of the bot's source there are, in fact, ways to find out ips controlled by the same bot source. --Karekmaps 2.0?! 01:56, 8 June 2011 (BST)

Here's a specific suggestion BTW (already posted on Kevan's talk page): Update parser functions. It won't necessarily help genuinly distinct bots, but it might help with identification and blocking.--The General T Sys U! P! F! 23:26, 7 June 2011 (BST)


The flood seems to have relented some..       14:50, 30 June 2011 (BST)

You were saying? ~Vsig.png 18:16, 30 June 2011 (UTC)
Well I was referring to the fact you can see bots on the page from a few days ago. Where as a few weeks ago it seemed as if the list needed cleared hourly to keep it's length reasonable.       03:38, 1 July 2011 (BST)

Spam.jpg Bits

I would like to add the spam image to the Bot section of A/VB and to the discussion header of this section. The example of how it would look and function is in this subheading. --Akule Maker of fine, hand-crafted UDWiki sass since 2006 -- Akule School's back in session™ 22:46, 7 June 2011 (BST)

it should say^--User:Sexualharrison01:02, 8 June 2011 (bst)
Works for me. --Akule Maker of fine, hand-crafted UDWiki sass since 2006 -- Akule School's back in session™ 01:08, 8 June 2011 (BST)

Since no one objected... --Akule Maker of fine, hand-crafted UDWiki sass since 2006 -- Akule School's back in session™ 23:59, 20 June 2011 (BST)

I'm objecting now. I think it's ridiculous to put an image in the header of an admin page without good reason. I'll wait to see what other people think, but I'm leaning on the side of removing it.--Yonnua Koponen T G P ^^^ 01:14, 21 June 2011 (BST)
Heh. I just saw the discussion too. I agree with Yon, it just is not good enough reason to change the header. Nice try, though. I lol'd. ~Vsig.png 01:32, 21 June 2011 (UTC)
Well, we did have a consensus of two. I'm glad you enjoyed it though. --Akule Maker of fine, hand-crafted UDWiki sass since 2006 -- Akule School's back in session™ 01:55, 21 June 2011 (BST)
If you want to reverse it until more people weigh in on the discussion, I am fine with that. I just figured that putting a small spam icon in the header wouldn't hurt anything. For example, the wiki lists this section as *40px Bits* on each edit, and is not present at all in the TOC, so it doesn't hurt any links to the individual header. --Akule Maker of fine, hand-crafted UDWiki sass since 2006 -- Akule School's back in session™ 01:52, 21 June 2011 (BST)
It hurts the links from recent changes and from the page history. I hate it here, I hate it on the suburb pages. It reduces functionality -- boxy 02:52, 21 June 2011 (BST)
I wasn't aware that it reduced functionality. That's good to know. --Akule Maker of fine, hand-crafted UDWiki sass since 2006 -- Akule School's back in session™ 13:39, 4 July 2011 (BST)
Messes up header links iirc.--Karekmaps 2.0?! 20:44, 4 July 2011 (BST)
Nah, it can stay this way until we decide on it, but it looks like it'll be going down. (Then again, the next five people could all be for it) --Yonnua Koponen T G P ^^^ 10:26, 21 June 2011 (BST)

Ugh, clever but a bit too lame for my liking. -- ϑanceϑanceevolution 03:26, 21 June 2011 (BST)

you guys are kidding right? this wiki is serious bizness! come on lighten up. i expect yon to have no sense of humor whatsoever but the rest of you? shame--User:Sexualharrison05:44, 21 June 2011 (bst)

Its just not that funny... its funniness doesn't outweigh its lameness, I think that's that tips it over for me. -- ϑanceϑanceevolution 06:11, 21 June 2011 (BST)
But, spam is lame, and spammers are even lamer, so I had to come up with something that was equal parts funny and lame. --Akule Maker of fine, hand-crafted UDWiki sass since 2006 -- Akule School's back in session™ 13:39, 4 July 2011 (BST)
=( --Yonnua Koponen T G P ^^^ 10:26, 21 June 2011 (BST)
Funny for a while. Just annoying after that -- boxy 10:35, 30 June 2011 (BST)
Saaaaaad faaaaace. It's funny all of the time! --Akule Maker of fine, hand-crafted UDWiki sass since 2006 -- Akule School's back in session™ 13:39, 4 July 2011 (BST)
it's does zero harm. the page is still named correctly. and it's gives OUR wiki a little personality. okay i've now completely lost interest in reporting spambits. thanks again for ruining another small little bit of fun i had on this shitty wiki.--User:Sexualharrison13:50, 4 July 2011 (bst)
I agree with this mister. ^ The letter 'o' to the letter 'i'. So terrible, so serious. Why so... haha --  AHLGTG THE END IS NIGH! 17:42, 4 July 2011 (BST)
Um, I wasn't talking about the word spambit, only the fact that there was an image in the header which produces a borked link on recent changes and edit histories (like this section header) -- boxy 03:18, 5 July 2011 (BST)
Yes and that's reasonable but some people still find it a serious offence to the senses should the one letter exchange for a similarly purposed letter for a header that will have essentially the same meaning and intent but with a hint humour in it that some people get but apparently not all long sentence with no punctuation except the period. Such injustice. The wiki is terrible. --  AHLGTG THE END IS NIGH! 04:24, 5 July 2011 (BST)
Haha. The only person who thought anything was a "serious offense" was SH when I changed it back, threatening people with edit wars. I don't find it an offense. I don't find it offensive. I just think it isn't funny, and I was one of the guys who were there when Spambit Hunters were made, etc. It's just not funny, so if it's not funny, what value does it have being there? -- ϑanceϑanceevolution 05:33, 5 July 2011 (BST)
What value does it have being the other way in comparison to the 'i' way? It's arbitrary. It doesn't matter. Who gives a give. This is an analogy for the stupid and arbitrary specificity of this entire wiki and its laws. The inane seriousness. Bogging thyself down with rules that provide no actual barrier to doing. Make your life easier (not talking to you specifically, but everyone, at the same time, and not-everyone as well, at alternate times) and don't bother. I'm old now. Go away. --  AHLGTG THE END IS NIGH! 05:59, 5 July 2011 (BST)

Spambot IPs

Memo to all Ops: Make sure you CheckUser the bot afterwards and ban it's IP. I've CheckUser-ed quite a few of them and noticed these bots keep reusing the same IP addresses. Checking off the box that reads "Automatically block last IP address" apparently will only block that IP address for 24 hours. --•▬ ▬••▬ • •••• •▬ ▬•▬• ▬•▬ #nerftemplatedsigs 22:40, 1 March 2012 (UTC)

That's because it's the default for the autoblock IP as it's really only intended to stop logging into an account. I think there may be a way to adjust it that I'm just not remembering. Also, if you're blocking the IPs separate turn Anon. Only off(it defaults on) otherwise they can get around it by registering. --Karekmaps 2.0?! 02:30, 2 March 2012 (UTC)
Apparently only Kevan can adjust it as it's in the LocalSettings file Ref.--Karekmaps 2.0?! 02:44, 2 March 2012 (UTC)

easier for sysops

I notice the sysops that ban bots before they are reported by the rest of us still post them on here. How about we make it easier for them by promoting the use of this page only for regular uses who want the account banned? I trust sysops to manage a simple task like the banning of bots without the added drear of having to additionally put it on this page. DANCEDANCEREVOLUTION (TALK | CONTRIBS) 03:21, 18 March 2012 (UTC)

Makes sense. Unless they just enjoy seeing their name plastered all over the page as a testament to their hunting skill :P        14:04, 18 March 2012 (UTC)
I actually got lazy to post on this page. Some SysOp I am. xD --•▬ ▬••▬ • •••• •▬ ▬•▬• ▬•▬ #nerftemplatedsigs 14:20, 18 March 2012 (UTC)
Ironically I both encouraged that behavior and am one of the people who frequently treats the page as you state. Hopefully there will be no more Chief Seagull incidents from backsliding(don't even remember who did that actually). --Karekmaps 2.0?! 01:48, 19 March 2012 (UTC)
I think it was Ross. I feel like it was. We shouldn't check to see if it was him and instead assume that it was and act with this assumption. Oh, I don't know about this Ross fellow, he who blocks the innocent folk. Not very upstanding. --  AHLGTG THE END IS NIGH! 02:03, 19 March 2012 (UTC)
than spidey went and banned me. or was it vapor? i forget?--User:Sexualharrison02:36, 19 March 2012
I never report the bots I block. Bogs down the process. I can ban many more in my limited wiki time if I just banhammer and move on to the next. I do like the "delete user page" and pre-built banning options of the bot template. Wish media wiki had some way of auto flagging bots. Special:Contributions/newbies helps and so does Special:Newpages. Perhaps we could toy with some system page to at least be able to narrow newpages down to those most likely to be bot pages. ~Vsig.png 04:02, 19 March 2012 (UTC)
I think you might just have set me up with a summer project.....--The General T Sys U! P! F! 21:20, 22 March 2012 (UTC)
I'm going to throw down some ideas at User:Thegeneralbot/spambotflagging.--The General T Sys U! P! F! 21:30, 22 March 2012 (UTC)

Good input, I wasn't sure if ops still reported it or not. Good to since that since I bailed everything's gotten a bit more lax DANCEDANCEREVOLUTION (TALK | CONTRIBS) 05:43, 19 March 2012 (UTC)

Here's an idea. Instead of purging every week, purge these bots once they have been dealt with. Or something. --•▬ ▬••▬ • •••• •▬ ▬•▬• ▬•▬ #nerftemplatedsigs 17:10, 22 March 2012 (UTC)

Backlog

We currently have a backlog of 32 unserved requests and the bots have begun to repeat vandalise. I understand that there are lots of fun things to do on the wiki like vomiting all over my talk page and posting questions on promotion bids, but please could system operators deal with at least a couple of requests as they come through? It would just break it up and make the wiki run a bit more smoothly. Thanks! :) --Shortround }.{ My Contributions 13:26, 6 May 2012 (BST)

Auto-banning suspected bots?

I've been looking into writing a bot to automatically deal with spambots and so far I believe I've worked out how to make it check for new pages that are made by new users which include external links and then to blank the page and report them. However, it seems to me that the main problem isn't so much identification as simply the sheer number of bots that need banning. Therefore, I was wondering what people's opinions would be on having a bot that automatically deletes the pages of and/or bans suspected spambots?--The General T Sys U! P! F! 19:14, 8 May 2012 (BST)

I'm not sure how I feel about a bot auto banning accounts it finds. Is there any other way to confirm the spambitism of said accounts? Because I have seen several group pages created by a new account with an external link going to their forums.
-Maybe rather process the page automatically at certain times like every 8 hours and ban accounts only on that page.        00:12, 9 May 2012 (BST)
If by "the page" you mean this one, wouldn't it also ban the users who report them? -- †  talk ? f.u. 04:49, 9 May 2012 (BST)
Not beyond all doubt, but I could write something that (for example) checked to see if the page that they had just created has the same title as their username. Processing the page automatically is kinda doable but parsing text is kinda a pain.--The General T Sys U! P! F! 16:07, 9 May 2012 (BST)
You may not be able to find a reliable pattern for all bots, but a few surely would help out, no? To ease the load. Could it distinguish between urls with the same domain, like Urban Dead? Could it distinguish all forum links, since that's a common external link newbies use? --  AHLGTG THE END IS NIGH! 17:07, 9 May 2012 (BST)
Well if it identified that the bot created a page with the same name as it's username, what does it do when they spam their own userpage instead of a new page? But I agree that is a good way to get bots separate from new users        23:25, 9 May 2012 (BST)
Depends on how strict you want it to be. It could be set up to ban new users who post external links to their userpage, but that does sound link it might create some false positives.--The General T Sys U! P! F! 17:21, 10 May 2012 (BST)
Yes, it would. The worry is that it would be liable to pick up a few false positives and ban legitimate new users. It could probably be set up to use a regex to check for links to urbandead and commonly used forum sites.--The General T Sys U! P! F! 17:21, 10 May 2012 (BST)

I don't know if I like the concept of users being banned without the ability for somebody to check the case. Bots are good for admin tasks which require mass edits, but when it comes to banning what could be normal users I feel it's a step too far. What if it bans users who post new pages with external links for legitimate reasons? There would be no accountability for that action (i.e. no misconduct) because nobody would have made that decision. Very dangerous water in my opinion.--Shortround }.{ My Contributions 17:14, 9 May 2012 (BST)

Do eet! And make it run automatically every 45 minutes. Seriously, though it sounds like you're on the right track. Depending on how well it identifies sapm, you could at least have it report them. ~Vsig.png 22:21, 9 May 2012 (UTC)
I'm with Shorty on this one. And there are legitimate new users who make their user page in the mainspace using their own name. -- †  talk ? f.u. 04:18, 10 May 2012 (BST)
hmmm, you're kinda right. I'd just rather like it to do something more effective than just report them. Perhaps it could require confirmation from a human? That would eliminate false positives but also reduce its effectiveness by requiring a human to be supervising it.--The General T Sys U! P! F! 17:21, 10 May 2012 (BST)

This is a separate but related request, but if the bot has the ability to block (sounds like it may from what you're suggesting above) how about having it ban blacklisted proxy IPs. Karek says he did a manual block several years ago but its probably time to do it again. Generalbot would probably help a lot if it has the ability to do it. ~Vsig.png 16:02, 10 May 2012 (UTC)

It does have the ability to block, though it does of course need a sysop account (It could be set up to automatically switch to my account for blocking, though). I've been considering having it cross-reference checkuser data with bot blacklists, but wasn't sure if there was an appropriate interface. However, it someone can find by a good blacklist of proxy IPs then it shouldn't be difficult to have generalbot autoban them.--The General T Sys U! P! F! 17:21, 10 May 2012 (BST)
http://www.stopforumspam.com/downloads has a blacklist you can download as a CSV with over 200,000 blacklisted IP addresses. You may also want to check with Karek to see what he used last time. Of course, Kevan could just reconfigure the wiki to automatically run checks for blacklisted IPs and save everyone the trouble. Someone just needs to present him with a solid spam blocking plan I think. ~ Vsig.png 18:17, 10 May 2012 (UTC)
This is probably moot now. Kevan came through with some wiki updates. I'd say keep whatever you were working in your bag o' tricks in case some similar is needed in the future. ~Vsig.png 00:43, 26 May 2012 (UTC)

wtf...

Spambit plus.png

WTF... spambits can do this? -- †  talk ? f.u. 11:12, 17 May 2012 (BST)

Is that some OP power?        01:35, 19 May 2012 (BST)
That comes as standard on a lot of wikis, actually. ᚱᛁᚹᛖᚾ 09:33, 24 May 2012 (BST)

Probable reason for recent bot deluge

During my recent spambit crusade, I stumbled across a probable reason that we had so much of it lately. There's a new toy on the market for spammers and it is evil. I thought I'd share. http://www.youtube.com/watch?v=JbnVGhnI7g0ed ~Vsig.png 00:50, 26 May 2012 (UTC)

I've been wondering about the overzealous Axe Hack and Rosslessness love going on recently. Still makes me wonder why it's so focused on them though. --Klexur 03:27, 21 July 2012 (BST)
It can SMELL that they're WEAK!! ... :) -- ™ & © Amazing, INC. All rights reserved. Replying constitutes acceptance of our Terms of Service. 04:22, 21 July 2012 (BST)
was wondering about that. and who ever made that video sounds really really fat.--User:Sexualharrison18:30, 23 July 2012
Yeah I've seen this before. Tried to find a contact link to get it taken off youtube but couldn't find one. :( --Shortround }.{ My Contributions 19:15, 2 September 2012 (BST)

Look

I been wondering this for a while. Anyone think of a good reason not to ban accounts created using random numbers and letters who don't edit in their first 6 hours? --I'm not the Ross UDWiki needs, I'm the Ross it deserves. 18:48, 2 September 2012 (BST)

I certainly can't (though I might quibble about the 6 hour thing). I've been off-and-on trying to figure out a good way to write it up as a policy ever since I started up as a sysop again and saw how bad it had gotten (ignorance truly is bliss), but haven't come up with anything great yet, since there are some odd edge cases. For instance, we had a "Wacharden5" sign up in the last day or two. Are those random letters and numbers or an odd screen name? I genuinely can't tell. Looking at the list of registered users makes me sad though, since it's clear what the vast majority of them are, and we're effectively letting them set up all of these accounts for later use in spamming the wiki, rather than dealing with them as they come in. Aichon 19:37, 2 September 2012 (BST)
I still think some additional precautionary changes to the wiki server are in order. When I last was in contact with Kevan about it he insinuated that we'd "wait and see" how the "war on spam" played out (probably not exact quotes. Would need to dig up those emails). But if you want to go on self-policing spam, it shouldn't be a problem pre-banning the obvious ones. The accounts created in quick succession that follow a similar naming scheme are a good example. I doubt anyone will bat an eye at those. I honestly don't see how a blanket policy could cover every possible scenario. Sysops have already have the authority to use their best judgement in these situations, some just choose not to, preferring to to use beauracracy to dictate every action. ~Vsig.png 20:04, 2 September 2012 (UTC)
I've been hesitant to suggest something like this for the risk of accidentally banning a regular user with a weird name. However, with the waves of the last few months, I'd be in support of something like that. A checkusering would probably help to cut down on errors. -- Spiderzed 20:44, 2 September 2012 (BST)
Definitely would agree that more automated precautions would be ideal. And the reason I mentioned policy was more as a CYA type of thing, rather than that we don't have the authority already. With a policy, it would make it easier to stay within the lines since they would become well-defined (and would thus help protect sysops from misconduct), whereas right now the lines are pretty fuzzy over how a sysop can establish the merit of a ban against a user who hasn't edited yet. I think we all pretty much know what the spammers look like, however, so as long as we apply common sense and err on the side of caution, I don't think there should be an issue. And if there is, just look at it with a healthy dose of common sense, see if the 'op had a reason to believe they were an adbot, and rule accordingly. Aichon 21:06, 2 September 2012 (BST)
I know what you mean. Beauracracy for beauracracy's sake is never good but I can see where you'd want some general guidelines. In regards to precautions, where the last changes failed is that they just weren't all that aggressive. Kevan chaged the CAPTCHA method to one that could not easily be guessed by bot software (QuestyCAPTCHA) but nothing stopped humans from researching, storing and distibuting our unique captcha answers. He also added DNSBL that checks IPs that are blacklisted on some RBLs. As far as I know, only 2 RBLs are checked, so if spambots aren't using IPs found on those lists, they still have edit privleges here. Kevan could add more RBLs to the current line up and perhaps catch a few more known bot IPs and he could swap out the captcha questions (which would work until the answers are rediscivered and distributed). He could also implement something that would keep non-autoconfirmed users from adding external links (could be configured with whitelisted domains). I suggested it to him but I think it was either too aggressive or too controversial because he did not go for it. Kevan is sympathetic towards wiki users in this situation, but unless a solid suggestion is put forward that will actually work in preventing spam, it really is rather pointless in bringing it to him. ~Vsig.png 21:35, 2 September 2012 (UTC)
While we're on the topic of spambots, I added a few of the Bot template's links to the successful block page, specifically the links for deleting their userpage and running checkuser. They only work if you blocked a user, not an IP, but it may save some hassle. Aichon 17:41, 4 September 2012 (BST)

Gentlemen, I present to you what I expect may become my new favorite page on this wiki: MediaWiki:Usernameblacklist. You'll never guess what it's used for. Aichon 16:03, 6 September 2012 (BST)

I nominate Ewqq. And many many other combos. Bob Moncrief EBDW! 16:11, 6 September 2012 (BST)
Yep, for now I've added the Ewqq, Jiaoii, Jjoggie, Qiao, Qing, and Uier names. I don't actually know if it will prevent account creation or just block the creation of their user pages (I'll need to double check what the functionality is), but either way it may help. Aichon 16:57, 6 September 2012 (BST)
Ban ALL THE VOWELS. That will show 'em. Seriously, though, good work. -- Spiderzed 18:43, 6 September 2012 (BST)
I tested it, and it outright blocks account creation if your username matches one of those patterns. I also added a pattern to block usernames that have a letter followed by a number at least three times in a row (e.g. jim1w5e4 would be blocked since m1w5e4 matches the pattern of letter-number-letter-number-letter-number). A surprising number of the bots were using that pattern, including the Ewqq one, so I removed any redundant entries in the list, just to keep it shorter. I also added some info on the talk page if you're wanting to work on the page yourself. Aichon 19:12, 6 September 2012 (BST)
Cool. It almost looks like perhaps someone already adjusted their naming schema, though. Fuckers are slippery like that. Really, there's nothing stopping the people behind the bots from coming here and reading our discussion here. In fact, I bet at least one attacker from the future is reading this comment right now. I hope your children have develop ADHD, bot attacker from the future Grr! Argh! *shaking fist*. Perhaps some of the details of our war plan should be left out from the public discussion. ~Vsig.png 01:08, 7 September 2012 (UTC)
At this point, it doesn't look like they've adjusted yet. I simply didn't hit all of the various patterns we've been seeing so far, since some of them are harder to block without blocking legitimate users. As we see which accounts are still slipping through over the next few days, I'll refine the blocks I added and toss in a few more. Inevitably, they will start slipping through again en masse, but this is a simple solution that takes almost no time to set up and may give us a reprieve for a few days. Aichon 01:12, 7 September 2012 (BST)
Yeah, it tentatively seems like it's helping. We went from averaging 3 spambots an hour over the 24 hours before I made the changes to only having 9 spambots in the last 13 hours. It's not a fix, to be sure, but it is a small break. Aichon 06:46, 7 September 2012 (BST)
Okay, it's been roughly a week since we started blacklisting usernames. Time for a review. Thoughts so far? Concerns? Aichon 16:28, 12 September 2012 (BST)
all seems fine so far.--Shortround }.{ My Contributions 16:32, 12 September 2012 (BST)
kill them all!--User:Sexualharrison17:40, 12 September 2012

*Sigh*

We're averaging about 250 IP blocks a month right now. The blacklist helped for a few days, maybe a few weeks, but the names are now so random that I can't see many reasonable patterns. What we really need is a better CAPTCHA of some sort. Or else we could have a discussion about blocking various IP ranges that these spammers seem to be coming from. I'm just want an actual solution in place, whatever it may be, rather than this band-aid approach we have now. Aichon 17:41, 6 November 2012 (UTC)

Well, in lieu of better CAPTCHA, I went ahead and grabbed every single IP address ever permabanned on the wiki, then I used Excel to sort them based on how often their /16 and /24 octet sets occurred (i.e. their XXX.XXX.0.0 and XXX.XXX.XXX.0). After that, I looked at the ones that have been spamming us in the last year, grabbed all of the ones that had a minimum of 20 IPs permabanned (there were 10 that we hadn't already blocked), checkusered them all to ensure they weren't being used by legitimate users (none were), ran whois on them all to ensure they were from known spam centers (9 were...the other is for a Chinese news agency and hasn't spammed us in awhile, so I left them alone since they may have just had an infection and fixed it), and then blocked them. One of the ones I blocked had actually created 241 accounts in a little over two months, of which we have only blocked about 1/10th so far. Kinda scary. Aichon 21:33, 14 November 2012 (UTC)
That's pretty damn impressive, considering the amount of bans that are handed out here on a daily basis o.O PB&J 21:37, 14 November 2012 (UTC)
Cool, so hopefully thats 90% Blocked then? --Ross Less Ness Enter Stranger... 21:41, 14 November 2012 (UTC)
We'll see. At the very least, this will knock out the worst offenders we've been having so far, which may give us another few weeks of lighter duty. It won't get rid of all of them however. Aichon 21:54, 14 November 2012 (UTC)

Kevan is sympathetic if you can come up with a good solution. He put new CAPTCHA in place last time but the captcha answers were apparently leaked. There is apparently one where you have to drag images of cats and dogs around. ~Vsig.png 00:38, 15 November 2012 (UTC)

Try registering over at the SoC boards to see what we use. We have people drag around items to place them in simple categories. It's utterly trivial, but it's so far worked perfectly, with not a single bot getting through after we switched to it. Bots would likely have a bit of a harder time automating something like that, I'm sure similar extensions exist for Mediawiki software, given how widespread it is. Aichon 04:37, 15 November 2012 (UTC)

Has anyone noticed

...a recent upsurge in both botspam and new user registrations (seemingly, from the random-letters-and-numbers, mostly bots)? I can't really see any patterns in names - do we maybe need another CAPTCHA update or something? Bob Moncrief EBDW! 15:04, 11 March 2013 (UTC)

Yeah, seems like it's picked up in the last week or two. And we've needed an update for awhile, but haven't had one. Aichon 17:08, 11 March 2013 (UTC)

Is it a bot? Is it a plane?

So, User:Maybe25a seems to be using a botlike pattern of editing (creating a new, similarly sized section on its userpage each time), and the information isn't relevant to the wiki (it seems to be about sports, a set of knowledge I know zilch about and can barely read through), but it doesn't have any embedded links. I'm worried that it's doing this so as to get into the system and will later spam more pages. But if there are no links is it conclusively a bot and/or should we ban it? Bob Moncrief EBDW! 06:29, 17 December 2012 (UTC)

It's a bot, I'm fairly certain. There are various phrases in the text like "sign up today" and the like which were clearly intended to be links, but aren't. My guess is that the bot master messed up and copy/pasted the output message rather than the input message, hence why it wasn't formatted with links. Aichon 08:02, 17 December 2012 (UTC)
I see there's a discussion going on over on A/SD. Should I mark these things as bots in the future, or go through A/SD or list them here? Bob Moncrief EBDW! 17:44, 17 December 2012 (UTC)
I'd just mark it as a bot here if it's like this one is. Aichon 18:44, 17 December 2012 (UTC)
Z.Kick.gif

--User:Sexualharrison07:02, 11 October 2013

Recent flood & range bans?

I'm sure the gigantic flood of bots in the past week or so has become obvious to anyone who checks RC. The ones I've checkusered seem to all come from China. While I'm not the most radical, it would be nice if an op who knew more about how IPs work could start blocking some ranges. Thoughts? Bob Moncrief EBDW! 11:20, 15 October 2013 (BST)

Another fun note - nearly all of them are coming in between 9am and 5pm China time, which leads me to believe they're humans circumventing CAPTCHA and thus not blockable with a CAPTCHA update. Bob Moncrief EBDW! 11:45, 15 October 2013 (BST)
Bot software can solve captcha if our captcha answers have been published. Our "new" captcha system is a couple of years old now and the answers probably haven't changed so its very likely our captcha isn't being effective. Range blocks are probably the way to go. Penny Wise
Agreed. --Rosslessness 17:29, 15 October 2013 (BST)
It's like it's seasonal or something, since we had the same issue around this time last year. For now, ban away. We might try asking Kevan to update the CAPTCHA's challenge a bit, but it's unlikely we'll get a response. We already blocked a rather large range of IP addresses last year, but if you can spot some patterns in these ones, we can do so again here. Aichon 17:45, 15 October 2013 (BST)
You can also ban them before they post. If the bot programs start throwing a lot of errors, it might be deterant from spamming our wiki. They might go for the more low hanging fruit instead. Penny Wise 01:22, 16 October 2013 (BST)
I actually don't know how to ban a range (rather than an individual address). I might go through the (so far unused) bot accounts created in the past couple days and ban all of them & their IPs, but I'm worried about that flooding RC even more than the accounts themselves are. Bob Moncrief EBDW! 10:01, 16 October 2013 (BST)
Suppose you've been seeing a lot of bots from 192.168.1.x. The way you'd ban them would be to ban "192.168.1.0/24". If you're seeing a lot of bots from 192.168.x.y, you'd ban them by using "192.168.0.0/16". Each of the numbers in an IP address is referred to as an "octet", and each of them takes up 1 byte (i.e. 8 bits), hence why they go from 0 to 255 (i.e. 00000000 = 0 to 11111111 = 255). The /16 and /24 are referring to the number of bits, so a /16 refers to the first 16 bits (i.e. the first two octets), while a /24 refers to the first 24 bits (i.e. the first three octets). When you use those /X things, it's basically saying that it should refer to anything that starts with those first X bits. You can also do stuff like /27 or /19, but I wouldn't advise it if you're unfamiliar with this stuff. Keep to multiples of 8. Also, the wiki won't go lower than /16 as I recall, but that's already enough to ban 255*255 IP addresses at a time.
Anyway, before you ban anything, you'll want to do an IP check for any valid accounts in that range (you can check for IPs in a range by doing a checkuser on 192.168.1.0/24, for instance), and you'll also want to confirm that a particular range is an actual problem. I did that with an Excel spreadsheet last year, which I used to identify the most prolific spammers, by sorting them based on their first two and first three octets. Aichon 15:45, 16 October 2013 (BST)
I've got relatives coming in to town today, but if it's still a huge problem early next week, I'll make a spreadsheet like you did. And thanks! Bob Moncrief EBDW! 16:30, 16 October 2013 (BST)

Okay, I blocked a bunch of the prolific IPs and ranges. We'll see if that does anything. Bob Moncrief EBDW! 18:33, 17 October 2013 (BST)

Thanks, Bob. Penny Wise 20:46, 17 October 2013 (BST)

Oh boy, how are you guys holding up? Tongue :P --  AHLGTG THE END IS NIGH! 01:46, 19 October 2013 (BST)