Last modified: 2013-04-08 12:04:23 UTC

Wikimedia Bugzilla is closed!

Wikimedia migrated from Bugzilla to Phabricator. Bug reports are handled in Wikimedia Phabricator.
This static website is read-only and for historical purposes. It is not possible to log in and except for displaying bug reports and their history, links might be broken. See T30839, the corresponding Phabricator task for complete and up-to-date bug report information.
First Last Prev Next    This bug is not in your last search results.
Bug 28839 - Interwiki may circumvent blacklist
Interwiki may circumvent blacklist
Status: NEW
Product: MediaWiki extensions
Classification: Unclassified
Spam Blacklist (Other open bugs)
unspecified
All All
: Normal normal with 1 vote (vote)
: ---
Assigned To: Nobody - You can work on this!
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2011-05-05 18:47 UTC by seth
Modified: 2013-04-08 12:04 UTC (History)
4 users (show)

See Also:
Web browser: ---
Mobile Platform: ---
Assignee Huggle Beta Tester: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description seth 2011-05-05 18:47:47 UTC 
The interwiki feature[1] van be used to circumvent the spam blacklist, e.g., [[cache:example.org]] can circumvent the blacklisting of example.org.

[1] http://www.mediawiki.org/wiki/Interwiki_map
Comment 1 Chad H. 2011-05-05 20:53:26 UTC 
Then maybe we shouldn't have interwikis that could point to blacklisted sites...
Comment 2 Mark A. Hershberger 2011-05-10 01:07:22 UTC 
The proposal is to check if interwiki links like cache: can be abused in this way and remove them or fix them.

During triage, someone suggested that this would make a good Hack-a-thon candidate.
Comment 3 p858snake 2011-05-10 01:11:12 UTC 
I don't really see how this is a issue, because you are not really pointing to "example.org" you are pointing to the google cache of said page.

If certain sites should be interwikis (cache: being a default one) is a entirely differnt convo.
Comment 4 MZMcBride 2011-05-10 01:15:19 UTC 
I'm fairly sure this behavior, whether intentional or not, is used in some hacks. More information available here: <http://en.wikipedia.org/wiki/User_talk:MZMcBride/Archive_18#Your_template_wizardy_required>.
Comment 5 seth 2011-05-10 19:22:56 UTC 
(In reply to comment #3)
> I don't really see how this is a issue, because you are not really pointing to
> "example.org" you are pointing to the google cache of said page.

The use of the blacklist actually is not just to block a special url, but to block its content, i.e., block link spamming.

If example.org is blocked by the sbl, then any explicite link to the google-cache is blocked, too. The reason for that is that the url of the cached site contains the original (blocked) url. This blocking is intentional and it's good.
But by using [[cache:example.org]], one is able to circumvent this mechanism.

That could result in a big problem, if any link spammer get's aware of that fact, because such links a difficult to find. I guess, they can't be found via special:linksearch.
I already started at w:de to log all additions of "[[cache:" using the abuse filter extension. I guess, I'll do the same at w:en. But that doesn't solve the problem, of course.
Comment 6 Chad H. 2011-05-10 19:36:32 UTC 
This is pretty much unique to any interwiki that links to a cached version of websites. Which...I can't find any other examples of in the interwiki tables ;-)

Interwikis are really designed for linking to *other wikis*, and usages of them to link to other things leads to bugs (see bug 15274, for example). What if we wanted to link to [[meta:Spam reports/example.com]]? By subjecting interwikis to the SBL, you're potentially blacklisting legitimate links as well.
Comment 7 seth 2011-08-21 13:33:41 UTC 
Interwikis should not be harmed by the sbl. But interwikis should noch contain "cache" any longer.
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.

Navigation
Links