Last modified: 2012-08-08 18:23:57 UTC
We are seeing increasing numbers of cases where miscreants are taking up old account names (those that remain after a rename) and using them maliciously. On Commons, we have enhanced the [[Commons:MediaWiki:Renameusersuccess]] (http://commons.wikimedia.org/wiki/MediaWiki:Renameusersuccess ) text to suggest that the account be recreated and either blocked (for bad names), or the password shared with the rename requestor (in the case of usurpations, the rename requestor needs the account created anyway, and we've had situations where vandals watch the rename log and grab names back as fast as we can rename them, preventing SUL unification by the good user) I suggest that this functionality be built into the renameuser extension itself, and that the renaming 'crat (or steward) be offered the option of immediately creating the account (with a password specified) and also the option of blocking the account. Putting this all in one handy dandy package would reduce inadvertant errors of omission, and prevent miscreants from grabbing names while the crat is dealing with the issue. This should be optional because in some cases (malicious names created to harass that are renamed away to harmless names) the account name is nasty enough that it should instead be SUL blocked instead of created locally. I looked for related bugs.. I don't think this request has been made but I may be wrong. Possibly related codewise are: 13567 Improve log message for Renameuser 13912 Renameuser log entry oddity but I don't think they really are, at least not exactly.
Fully agree that this would be very useful indeed. The practice on Commons has been trouble free.
*** Bug 15216 has been marked as a duplicate of this bug. ***
Done in r41435
Reverted in r42756. There's no logging and no easy way to recover from a mistake (except doing another rename...) Creating a user account to reserve the spot from being used as an account seems a bit odd to me, I'd rather see this being done a separate way, more block-like, in a way which is clearly logged and can be released sensibly. (Note that when creating a user account which is not meant to be logged in, you should set the password to null rather than a random string; this makes it clearer what's going on.)
There is currently a discussion in the German Wikipedia about protecting old usernames after a rename: http://de.wikipedia.org/wiki/Wikipedia:Administratoren/Anfragen#Sicherung_alter_Benutzernamen_vor_Neuanlage In short: Almost all formerly renamed users think their old username is protected. This is how it works everywhere, for example at Facebook. But the name is not protected, there is not even a possibility to protect it. Everybody can create a new account with the old name. In some cases this does not matter (e.g. if the old user did very few edits). In some cases this is very dangerous. Please fix this. Add a possibility to protect old usernames after a rename.
I fully agree with TMg. Most users do not think about their old accounts and falsely suppose they are either blocked or protected. This is most misleading. I suggest two possibilities: * that during the process of renaming an automatic request appears whether the user wants to block his old name or to make it freely available OR *that the old user name is automatically blocked and has to be unblocked during the process (if this is what is wanted), and not the other way round as it is at the moment.
*** Bug 39116 has been marked as a duplicate of this bug. ***
