Last modified: 2014-11-19 07:23:30 UTC
Per bug 1542 comment 4, please provide a log of hits against the title blacklist.
Unassigning default assignments. http://article.gmane.org/gmane.science.linguistics.wikipedia.technical/54734
*** Bug 41263 has been marked as a duplicate of this bug. ***
Marking this as easy.
This bug doesn't make sense. What does it mean to "hit the title blacklist"? If a title is blacklisted, the user simply does not see a "Create" tab when visiting that title. I don't see any point to just log hits to blacklisted pages...
(In reply to comment #4) > If a title is blacklisted, the user simply does not see a "Create" tab when > visiting that title. This is wrong, apparently. But my point stands: it seems silly to log accesses to title=Bad_title&action=edit.
The information could be used to see, whether an entry is still needed or maybe removed.
*** Bug 63086 has been marked as a duplicate of this bug. ***
(In reply to This, that and the other from comment #5) > This is wrong, apparently. But my point stands: it seems silly to log > accesses to title=Bad_title&action=edit. and if it's done so it could be easy to get that log spammed (and it looks like some kind of CSRF).
There is already a spam blacklist log which does not get spammed, making this point a possibility which doesn't happen. It would also be just as easy to spam edits to pages as spam actions to the proposed TBL log. Like the SBL log, it should be admin-only, so that people don't get the idea that spamming it is possible.
Liangent, you've also merged a bug that was monitored by people who are actually active with this bug and not included them in the CC list. Is there any way to update that?
(In reply to Ajraddatz from comment #9) > There is already a spam blacklist log which does not get spammed, making > this point a possibility which doesn't happen. It would also be just as easy > to spam edits to pages as spam actions to the proposed TBL log. The point is that, the method to spam this list is GET, and without a token, while the spamblacklist one is POST with a token. I could embed [img=1,1]http://en.wikipedia.org/w/index.php?title=Bad_title&action=edit[/img] in my forum signature to have that URL accessed by hundreds of people.
(In reply to Ajraddatz from comment #10) > you've also merged a bug that was monitored by people who are > actually active with this bug and not included them in the CC list. Is there > any way to update that? Add them to the CC list.
(In reply to Liangent from comment #11) > (In reply to Ajraddatz from comment #9) > > There is already a spam blacklist log which does not get spammed, making > > this point a possibility which doesn't happen. It would also be just as easy > > to spam edits to pages as spam actions to the proposed TBL log. > > The point is that, the method to spam this list is GET, and without a token, > while the spamblacklist one is POST with a token. I could embed > [img=1,1]http://en.wikipedia.org/w/index.php?title=Bad_title&action=edit[/ > img] in my forum signature to have that URL accessed by hundreds of people. That's very true, thanks for clarifying. Hopefully by keeping the log private people wouldn't think to do that.
Change 123128 had a related patch set uploaded by Gerrit Patch Uploader: [WIP] Add log for TB hits https://gerrit.wikimedia.org/r/123128
Change 123150 had a related patch set uploaded by Gerrit Patch Uploader: [WIP] Add TitleBlacklist hit log https://gerrit.wikimedia.org/r/123150
Change 123150 abandoned by Brian Wolff: [WIP] Add TitleBlacklist hit log Reason: accidental commit https://gerrit.wikimedia.org/r/123150
legoktm recommended to just log account creations/page moves, avoiding the problem described above.
That's there the most useful part of the log would be anyhow, so that works.
Change 123128 merged by jenkins-bot: Add log for TitleBlacklist hits https://gerrit.wikimedia.org/r/123128
Created bug 66450 to update the WMF configuration.
Change 138745 had a related patch set uploaded by Gerrit Patch Uploader: Fixes regarding title blacklist log https://gerrit.wikimedia.org/r/138745
> Make logging of IPs for account creations optional, default disabled > > https://gerrit.wikimedia.org/r/138745 That's sensible. Once merged, extension page needs to be updated. Actually, after bug 66450 is fixed, we should think of making the log enabled by default, because it's an extension we bundle with core. Separate bug for that?
(In reply to Liangent from comment #8) > (In reply to This, that and the other from comment #5) > > This is wrong, apparently. But my point stands: it seems silly to log > > accesses to title=Bad_title&action=edit. > > and if it's done so it could be easy to get that log spammed (and it looks > like some kind of CSRF). Couldn't this be solved for edit and move by only logging recently active registered users ? It would be helpful to have a bot report those hitting it multiple times, cause they often find ways to elude it after enough tries.
Jackmcbarn said on "Make logging of IPs for account creations optional, default disabled" <https://gerrit.wikimedia.org/r/#/c/138745/4>: > I doubt that many non-WMF wikis would want this off. I disagree. I think non-WMF wikis are even more likely to want IPs hidden: many of them don't even install CheckUser because the marginal gain in antispam features is overcome by the burden of being forced to manage a privacy policy. We should ship a default MediaWiki which gives as little maintenance and legal burden as possible by default.