Informatics Educational Institutions & Programs

Archives

Index 1, 2, 3, 4, 5, 6, 7, 8, 9, 10 11, 12, 13

Permissions archives

This page has archives. Sections older than 10 days may be automatically archived by Lowercase sigmabot III.

Please check out User:Suffusion of Yellow/Commonly reverted words and phrases. Still working out the details, but likely any drive-by vandalism "worth" filtering will be there. Let me know what needs explaining. Suffusion of Yellow (talk) 23:19, 2 April 2024 (UTC)[reply]

That's great! Will be useful when some of these inevitably come up at WP:EFR. Philipnelson99 (talk) 20:41, 8 April 2024 (UTC)[reply]

Would it be possible to add a check for {{pagelinks|Example Article Name}} to 1291 (hist · log)? This would allow it to catch edits like Special:Diff/1217679181 (where one instance of Example Article Name still needs replacing), in addition to edits like Special:AbuseLog/37383189. Pinging DannyS712 as the filter’s creator.

All the best. ‍—‍a smart kitten_[meow] 18:01, 7 April 2024 (UTC)[reply]

@A smart kitten  Done Special:AbuseFilter/history/1291/diff/prev/31935 --DannyS712 (talk) 18:12, 7 April 2024 (UTC)[reply]

Filter 1301 (hist · log) has been recently created by an admin to prevent users from editing other users' committed identity templates on user pages, but I noticed some possible issues:

1. The !"sysop" in global_user_groups condition should either be changed to !("steward" in global_user_groups) or removed; the former global group doesn't actually exist at all.
2. The generic disallow message should either be changed or removed, since it can be bitey to newer users and irritating to experienced users.

Any opinions or suggestions? Thank you. Codename Noreste 🤔 𝙇𝙖 𝙎𝙪𝙢𝙖 02:08, 12 April 2024 (UTC)[reply]

cc Daniel Quinlan –Novem Linguae (talk) 02:40, 12 April 2024 (UTC)[reply]

Was this in response to some specific incident? I don't see the need for a filter here; the only people verifying committed identities should be WP:T&S, and I'd hope they check the page history to see who added the template. Suffusion of Yellow (talk) 03:38, 12 April 2024 (UTC)[reply]

I added it in response to this page protection request. I also hope T&S runs WikiBlame (or something similar) to find the edit that added an identity when handling requests as well, but "hope" isn't exactly a description of defense in depth. Daniel Quinlan (talk) 03:53, 12 April 2024 (UTC)[reply]

Filters aren't really security measures. A truly determined person could find a way around any of them. (I will email you one trick if you're curious.) Now that would be very difficult, but we're talking someone capable of conducting a social engineering attack against the T&S team of a ton-ten website. We're not talking about a drive-by vandal. What is a security measure is the protection against editing .js and .css pages; if Aditya-an11 doesn't want anyone editing their committed identity or GPG key, they can wrap it in /* ... */ and put it at something like User:Aditya-an11/key.js. There are also several BEANSy ways in which this filter could be exploited by vandals. Again, I'll email you if you're curious. Suffusion of Yellow (talk) 04:19, 12 April 2024 (UTC)[reply]

I don't think they have email enabled, so they'll have to email you instead. Codename Noreste 🤔 𝙇𝙖 𝙎𝙪𝙢𝙖 04:25, 12 April 2024 (UTC)[reply]

I already have his email, and just sent one. But I said "One weird trick" in the subject, so it probably got spam-filtered... Suffusion of Yellow (talk) 04:41, 12 April 2024 (UTC)[reply]

@Suffusion of Yellow, I haven't received your mail. I am quite unsure on how I didn't got the mail - I have enabled email in my preferences. Could it be that I am a new user?

Anyways, as I have mailed you -- as directed by @Codename Noreste. Aditya-an11 (talk) 07:28, 12 April 2024 (UTC) [reply]

@Aditya-an11 pretty sure Suffusion was talking about emailing Daniel Quinlan, not you. – 143.208.238.195 (talk) 08:20, 12 April 2024 (UTC)[reply]

Sorry, my bad. I have crossed it out Aditya-an11 (talk) 08:58, 12 April 2024 (UTC)[reply]

@Aditya-an11: Responding to your email, there isn't much you can do to protect against someone who has access to your account from modifying the page. Full protection won't really work; if the attacker says "Hey, I need to update my key, can you unprotect the page for bit" it's highly unlikely any admin would argue. You'll just have to trust that whoever is verifying your identity is clueful enough to check timestamps. Suffusion of Yellow (talk) 18:20, 12 April 2024 (UTC)[reply]

And I just realized that if the account is compromised, the attacker "is" the victim as far as MediaWiki knows, and will of course bypass the filter. If you plan on using anything in your userspace to prove your identity after a compromise, you'd better, again, hope, that someone goes looking for the oldest edit. Suffusion of Yellow (talk) 04:45, 12 April 2024 (UTC)[reply]

But the only things I have are that I have my committed identity listed on my local and global user pages (I've recently updated it minutes ago), and my account has a very strong password and has 2FA enabled globally.

Only my alternate account has a very strong password but can only be used in an emergency or in unsecure areas where I can't access my main. Codename Noreste 🤔 𝙇𝙖 𝙎𝙪𝙢𝙖 04:52, 12 April 2024 (UTC)[reply]

The point is that if someone gains your password and 2FA secret, and then they change your committed identity, this will be recorded as an edit coming from you. The only thing that will be sus is the fact that "you" changed "your" identity recently. If T&S has to distinguish between two people both claiming to be you (if only Brian had known about cryptographic hashes...), it's the oldest hash that they'd have to look at. Suffusion of Yellow (talk) 05:06, 12 April 2024 (UTC)[reply]

If the user has additional permissions, Wikipedia is definitely impacted. I'll respond to your email tomorrow or this weekend. Thanks for the additional context. Daniel Quinlan (talk) 05:38, 12 April 2024 (UTC)[reply]

This is a big drawback that I think this filter has. Not to mention that @Suffusion of Yellow believes that these filters could be exploited by vandals. And this is concerning to me....

Sure, the filter seems to provide basic protection, but I feel this fails when my account gets breached OR the person who is vandalising have apt technical knowledge to exploit it. Going by the case of Wikipedia:Wikipedia Signpost/2007-05-14/Committed identity, both the situation are probably.

These security concerns was partly what prompted me to ask for full page protection in the first place. "Full" as in even if a vandal gets access to my account, they can't edit the my committed-identity page. Only the admins can. And that's way more reassuring and secure than the filter. While I do understand this may not be common, I do see people page protecting their committed identity pages (like Gwern to which I cited here). Though, in all fairness, I am a new user and could be wrong. I would be happy if get any guidance on how to maturely approach this issue. Aditya-an11 (talk) 07:49, 12 April 2024 (UTC)[reply]

Thanks, steward is the appropriate group, I'll update the filter. As far as the message goes, this filter should almost never match, but I'm open to suggestions. Also, if the default disallow message is considered bitey for reasons (beyond it being non-specific), we should discuss making it less bitey under a new topic. Daniel Quinlan (talk) 04:02, 12 April 2024 (UTC)[reply]

Correct me if I'm wrong, but the filter also prevents any editing of any user page containing the template, which is likely to create its own problems (maybe SoY has already pointed this out by email). I took a look at the RFPP request and would say that of course protection can be used for 'important' subpages. I've had my own PGP sub-page semi-protected since I became an admin, and I'm sure I've even fully protected others' key pages, if that's what they asked for (semi is usually enough though, IMO). As SoY points out, timestamps are everything when it comes to key verification. -- zzuuzz ^(talk) 07:39, 12 April 2024 (UTC)[reply]

Honestly, I'd recommend making that filter private right now even if it didn't change from what it currently is(or it's ultimately disabled), if there's any worry of people trying to bypass it - isn't that the main reason filters are privated? @Zzuuzz, it's not every edit, though it is every user page yes. – 143.208.238.195 (talk) 07:54, 12 April 2024 (UTC)[reply]

Yes, you're right. What would be prohibited is something like courtesy blanking, replacing a user page with a sock tag or a banned notice (or reverting such), along with removing bad content placed by the user near the template. I'm still sceptical about the filter, or anyone relying on it, so will let someone else make that judgement about its visibility. -- zzuuzz ^(talk) 08:23, 12 April 2024 (UTC)[reply]

At this point, since you pretty much said it as an example, I might as well say it, the filter, as a side effect, gives all users the capability of fully protecting specific lines of their choice from non-admin users - this is not something which should be given lightly or even automatically unless it's really good automation (not the case with the way the filter currently is) because ill intentioned users exist. – 143.208.238.195 (talk) 08:43, 12 April 2024 (UTC)[reply]

Yeah, that's what I had in mind, e.g. {{committed identity|Zzuuzz is a total ...}} Yeah, we could tweak the regex so that they can only talk about how much DEADBEEF 15 A B00BFACE^[FBDB], but is it worth the trouble? I've already though up about four ways to bypass this filter (again, emailed DQ, some of them are sort of relevant to other filters). Suffusion of Yellow (talk) 18:03, 12 April 2024 (UTC)[reply]

Bbb23, who is a much more frequent target for vandals, would not be exempt from that either. 0xDeadbeef→∞ (talk to me) 15:21, 13 April 2024 (UTC)[reply]

I've disabled the filter and set it to private for now. I think it might be better to integrate it into a more generalized (and probably private) filter for user page vandalism and shenanigans, one that flags edits rather than disallowing them. I'd also like to better address some weaknesses in the implementation (that was always the plan).

One option we might want to consider is designating a specific location (or locations) for committed identity information, PGP keys, etc. and protecting it similarly to .css and .js files. I think the concerns about the filter allowing users to "protect" specific lines are somewhat overblown as this is already possible with personal .css, .js, and .json pages and this hasn't been a major issue. Daniel Quinlan (talk) 19:43, 12 April 2024 (UTC)[reply]

See this filter log, and this is something that I've seen before. Members or coordinators of the education program getting caught up in filters is probably one of the worst possible false positives and should be addressed immediately. Taking Out The Trash (talk) 17:38, 13 April 2024 (UTC)[reply]

Courtesy ping to Ohnoitsjamie as the last editor of the miscellaneous article/draft/talk LTA filter. Codename Noreste 🤔 𝙇𝙖 𝙎𝙪𝙢𝙖 18:14, 13 April 2024 (UTC)[reply]

 Fixed by Ohnoitsjamie. Nobody (talk) 20:06, 13 April 2024 (UTC)[reply]

Thanks, Nobody; I fixed it, then was unable to figure out where this ping originally came from. OhNoitsJamie ^Talk 20:11, 13 April 2024 (UTC)[reply]

• 1294 (hist · log) ("Test edits and low effort vandalism", public)

Standard notification. Split out of 260 (hist · log), 384 (hist · log), and 614 (hist · log), with a handful of additions. No FPs in the few dozen "new" matches. I'm not going to add this to Template:DatBot filters. In fact, that was part of the reason for the split. I doubt that users adding "lol" and "fdshksdjfhskdjdshfflshjfsldkhfdslkhsfd" are really going to put in the effort to work around the filters, so let's have a bit less clutter at WP:AIV/TB2. Suffusion of Yellow (talk) 00:36, 14 April 2024 (UTC)[reply]

Understood. This filter is targeted towards your run-of-the-mill everyday vandal who doesn't use much effort to bypass this filter and/or trigger 1296 and/or 1297 instead.

Also, this might be different from 664 (hist · log). Codename Noreste 🤔 𝙇𝙖 𝙎𝙪𝙢𝙖 00:50, 14 April 2024 (UTC)[reply]

664 is warn-only, though I haven't looked through the log to see if it can be set to disallow. 1296/1297 is an experiment that might go nowhere. 1297 is not going to be easy to maintain and IMO a filter that complicated is only justifiable if keeps out a huge amount of vandalism. Suffusion of Yellow (talk) 00:59, 14 April 2024 (UTC)[reply]

No problems here, seems solid from a glance at the filter. EggRoll97 ^(talk) 05:02, 14 April 2024 (UTC)[reply]

After noticing this, I suggest excluding undos and reverts from being logged onto the edit filter log by #867. Toadette ^{(Let's talk together!)} 14:47, 14 April 2024 (UTC)[reply]

 Fixed. EggRoll97 ^(talk) 17:56, 14 April 2024 (UTC)[reply]

Not sure if that's a good idea. After an AFD was closed as "redirect", it's common that someone will come back much later and try to undo the result. I see no harm in logging that. Suffusion of Yellow (talk) 18:47, 14 April 2024 (UTC)[reply]

Self-reverted for now, though anti-vandalism isn't exactly the scope of this filter. For example, Special:Diff/1218898491 isn't a large page creation, it's reverting redirect vandalism. EggRoll97 ^(talk) 20:52, 14 April 2024 (UTC)[reply]

Sure but there's no harm in a log-only filter catching a few out-of-scope edits. If I understand this change correctly, around next WP:THURSDAY you'll be able to write something like page_last_edit_age >= 86400 to exclude reverts of recent edits. But even that would exclude rapid edit warring to overturn an AFD. Suffusion of Yellow (talk) 20:59, 14 April 2024 (UTC)[reply]

(Topic name is a reference to one of my favorite error messages.)

The 15 April The Tech News weekly summary includes this blurb:

Volunteer developers are kindly asked to update the code of their tools and features to handle temporary accounts. Learn more

Of course, it's not just code that will need to be updated. A good number of edit filters are going to need to be updated. I don't think we necessarily want or need to update anything before it happens, but I'd suggest enumerating the variables and functions most likely to be affected and start building a list of filters expected to require updates.

(This may have been discussed before, but I didn't immediately find anything in the archive.) Daniel Quinlan (talk) 23:57, 15 April 2024 (UTC)[reply]

If we don't have anything to feed to ip_in_range(), that will be bad, and some filters will have to just be disabled. But otherwise, so long as temp accounts are never autoconfirmed, and have an edit count and age that stays at zero or null, I don't think a huge number of filters will need updating. If user_age and user_editcount start incrementing, then we might want to check user_type in some filters. I'd prefer to see how temp-account users act first. Will the vandals clear cookies after every edit? Or will most of them be too clueless? No way to know right now. Suffusion of Yellow (talk) 01:04, 16 April 2024 (UTC)[reply]

I'm hoping that the IP variables are unaffected, but I haven't dug into that. I was most concerned about user_age which is definitely used as an IP test. Daniel Quinlan (talk) 01:47, 16 April 2024 (UTC)[reply]

One thing we might have to consider is this: If people start crying "We're being flooded with vandalism! We need to require registration for everyone!" an alternative might be making the filters much harsher for temp users. As in, you add "gay" to a BLP, in any context, and you're told "you have to register an account to do that". You edit more than three pages in ten minutes: "sorry, either wait ten minutes or register an account". And so on. I hope it doesn't come to that, but disabling all logged out editing would be a greater loss, I think. Suffusion of Yellow (talk) 02:31, 16 April 2024 (UTC)[reply]

Yeah I agree with you as we have a lot of productive IP users. I think that once this gets implemented, using !("confirmed" in user_groups) (as long as the temp accounts can't become confirmed or get other user permissions but that should happen anyways) would work quite well to prevent new users and the new temp account issues. – PharyngealImplosive7 (talk) 02:39, 16 April 2024 (UTC)[reply]

It looks like the new user_type variable will probably work well for most simple filters.

We also need to understand how this affects filters that use the IP in throttling actions.

It might also be a good time to consider whether there are any additional variables or functions that could help alleviate any losses in functionality. There are "hacks" such as trying to detect reverts by looking at the edit summary. That example might not be something that wants to be fixed sooner because of temporary accounts, but are there other hacks that might be more important to replace with a better solution due to temporary accounts? Daniel Quinlan (talk) 06:29, 16 April 2024 (UTC)[reply]

• Relevant to the questions above by Daniel and Suffusion: For developers#Updating AbuseFilter filters – 143.208.236.191 (talk) 05:34, 16 April 2024 (UTC)[reply]

  Nice find, looks like that just got added several days ago. I'm going to need to reread all of that. There are about a dozen enabled filters using ip_in_range and ip_in_ranges, including some LTA filters, so hopefully T357772 ends up in a good place. Daniel Quinlan (talk) 06:01, 16 April 2024 (UTC)[reply]

• I'll just raise Special:AbuseFilter/1283. It seems to be the only active filter of its type (we've previously used this technique in several now-inactive filters). -- zzuuzz ^(talk) 06:05, 16 April 2024 (UTC)[reply]