nesdev.com
http://forums.nesdev.com/

Anti-spam legitimate answer wasn't accepted
http://forums.nesdev.com/viewtopic.php?f=13&t=14474
Page 2 of 3

Author:  koitsu [ Fri Jul 01, 2016 7:21 pm ]
Post subject:  Re: Anti-spam legitimate answer wasn't accepted

Banshaku wrote:
What I don't understand is if we make it harder on the forum to avoid spam account, why do we allow anonymous editing on the wiki? (Is it still possible?)

AFAIK -- and Tepples, please correct me if I'm wrong -- the current model is that you can anyone can view the wiki, but only people with wiki accounts can edit it. To get an account, you have to sign up (and make it past a captcha (this keeps most robots/automated software out)), then it has to be manually approved (editing capability for that account enabled) by a moderator (e.g. tepples, memblers, myself (maybe not any more?), etc.).

Author:  tepples [ Fri Jul 01, 2016 7:31 pm ]
Post subject:  Re: Anti-spam legitimate answer wasn't accepted

Banshaku wrote:
What I don't understand is if we make it harder on the forum to avoid spam account, why do we allow anonymous editing on the wiki? (Is it still possible?)

Mainspace editing requires creating an account, which requires solving a CAPTCHA very similar to that on the forum, and then getting it confirmed. Talk page editing is open to IPs, but adding external links to a talk page as an IP requires (again) solving a CAPTCHA. So all we get are those few spammers willing to add an advertisement without an external link to a talk page, and those edits have proven easy for anybody with rollback privileges to blow away.

There are currently three ways to get a wiki account confirmed:
  • Contact an administrator through PM or IRC.
  • The account is at least four days old and has at least two talk page edits.
  • Verify ability to receive email at the address associated with the account.

In addition, many patterns used by spammers and other wiki vandals can be detected through regular expressions. Wikimedia offers a MediaWiki extension called the ABUSE filter, which lets administrators define patterns to classify Actions By Users, Such as Edits. These patterns include regular expression matches, the experience of a user (days or edits), and more. If an action is classified as unconstructive, a filter can warn the user, prevent the action, or perform any of several other actions. Most filters enabled at NESdev Wiki are set to "warn" because most spambots don't know how to click through the warning. Here's what the ABUSE filter is keeping out.

Author:  Espozo [ Fri Jul 01, 2016 8:01 pm ]
Post subject:  Re: Anti-spam legitimate answer wasn't accepted

This is somewhat related to the whole anti-spam thing, that I found funny: http://www.theverge.com/2014/4/16/56215 ... every-time

Author:  koitsu [ Fri Jul 01, 2016 8:37 pm ]
Post subject:  Re: Anti-spam legitimate answer wasn't accepted

Espozo wrote:
This is somewhat related to the whole anti-spam thing, that I found funny: http://www.theverge.com/2014/4/16/56215 ... every-time

...which is exactly why for decades I have advocated that manual human intervention be part of the approval process for account sign-ups (on anything). It's a social problem, driven by monetary focus, that cannot be solved with technology.

Author:  rainwarrior [ Fri Jul 01, 2016 11:39 pm ]
Post subject:  Re: Anti-spam legitimate answer wasn't accepted

tepples wrote:
...those edits have proven easy for anybody with rollback privileges to blow away.

How many users actually have "rollback privileges", and how are they acquired?

Author:  tepples [ Sat Jul 02, 2016 4:43 am ]
Post subject:  Re: Anti-spam legitimate answer wasn't accepted

Espozo wrote:
This is somewhat related to the whole anti-spam thing, that I found funny: [Google computer vision defeats Google's own CAPTCHA]

That's been possible for years. Even during the era when automatic confirmation based on e-mail or two talk edits wasn't possible, both NESdev Wiki and my own wiki got dozens of automatically generated FirstnameLastname sign-ups clogging the Recent Changes page because bots or sweatshops were passing ReCAPTCHA. Once I realized that was the problem, I instituted the ABUSE filter and the present Q&A system on my wiki. And what worked there has largely worked for NESdev Wiki as well.

koitsu wrote:
which is exactly why for decades I have advocated that manual human intervention be part of the approval process for account sign-ups (on anything).

As with all things security, it's a tradeoff between security and convenience. It depends on the site, but sometimes reverts every week or two are more convenient for administrators than having someone standing by in all time zones 7 days a week to approve applications for new accounts. And the accounts that go on to make trouble here are more the StalkerDragon types than those who sign up and post off-topic advertisements.

rainwarrior wrote:
tepples wrote:
...those edits have proven easy for anybody with rollback privileges to blow away.

How many users actually have "rollback privileges"

Administrators and rollbackers. But rollback is a shortcut for the undo feature that anyone can do, just without the confirmation page or the ability to change the edit summary for the revert.

rainwarrior wrote:
and how are they acquired?

An administrator adds a user to the rollbackers group through the user rights interface. You can request the privilege by asking an administrator (such as myself) while mentioning your history of reverting vandalism on the wiki, such as through use of the undo feature.

Author:  rainwarrior [ Sat Jul 02, 2016 10:26 am ]
Post subject:  Re: Anti-spam legitimate answer wasn't accepted

tepples wrote:
...mentioning your history of reverting vandalism on the wiki, such as through use of the undo feature.

I specifically don't revert vandalism on the wiki because I don't have the rollback feature, because I don't want to clutter the recent changes timeline with "undos". I would do it if I had that feature. I don't do it because I know letting a "rollbacker" do it results in a cleaner timeline.

Author:  tepples [ Sat Jul 02, 2016 10:53 am ]
Post subject:  Re: Anti-spam legitimate answer wasn't accepted

RC clutter is a separate issue from rollback privileges. The Recent Changes Cleanup extension is installed, which lets anyone with a few hundred or so edits see a form listing the past hundred or so edits with controls to turn each edit's "bot" flag on or off. If I see a bunch of spam and reverts in RC, I can hide them.

Author:  rainwarrior [ Sat Jul 02, 2016 10:57 am ]
Post subject:  Re: Anti-spam legitimate answer wasn't accepted

tepples wrote:
RC clutter is a separate issue from rollback privileges. The Recent Changes Cleanup extension is installed, which lets anyone with a few hundred or so edits see a form listing the past hundred or so edits with controls to turn each edit's "bot" flag on or off. If I see a bunch of spam and reverts in RC, I can hide them.

I thought that's what rollback did. Can anyone else hide them, or only you?

Author:  tepples [ Sat Jul 02, 2016 11:08 am ]
Post subject:  Re: Anti-spam legitimate answer wasn't accepted

Rollback just allows skipping the confirmation for an undo. A rollback appears in RC the same as any other edit marked "minor".

The only qualification for RCC is that your edit count has to be high enough.

Author:  rainwarrior [ Sat Jul 02, 2016 11:08 am ]
Post subject:  Re: Anti-spam legitimate answer wasn't accepted

Okay, I found Special:RecentChangesCleanup, and have verified that I can use it. Now that I know this, I would use rollback if you gave it to me.

I do have a question, though: is a link to Special:RecentChangesCleanup supposed to appear ANYWHERE? It's not listed in Special Pages. It's not listed on the recent changes list. Shouldn't it be linked somewhere users might find it? I had to type in the URL manually to get there.

I'd asked about it before, but I had the impression that it was extra stuff that appeared on the recent changes timeline for someone with sufficiently advanced privelages (but I guess I had the wrong idea here?). Is RecentChangesCleanup supposed to integrated at all with the Special:RecentChanges? Like, shouldn't the "hide" button appear there too? Why is it on this other hidden page?

Author:  tepples [ Sat Jul 02, 2016 11:23 am ]
Post subject:  Re: Anti-spam legitimate answer wasn't accepted

For me, "Recent Changes Cleanup" appears under "Recent changes and logs" on the list of special pages. The pages with bold titles are available only to users who hold special privileges. ("User rights management" is how I just gave you rollback.) Perhaps there's a defect in the extension that causes it not to appear if your RCC privileges are solely through edit count.

Attachments:
RCC_location.png
RCC_location.png [ 27.23 KiB | Viewed 1568 times ]

Author:  rainwarrior [ Sat Jul 02, 2016 11:27 am ]
Post subject:  Re: Anti-spam legitimate answer wasn't accepted

tepples wrote:
Perhaps there's a defect in the extension that causes it not to appear if your RCC privileges are solely through edit count.

It does not appear in either of those locations for me. (I can see the rollback now, though.)

The only bold link on special pages for me is "Upload file".

Author:  Myask [ Sat Jul 02, 2016 2:06 pm ]
Post subject:  Re: Anti-spam legitimate answer wasn't accepted

rainwarrior wrote:
tepples wrote:
Perhaps there's a defect in the extension that causes it not to appear if your RCC privileges are solely through edit count.

It does not appear in either of those locations for me. (I can see the rollback now, though.)

The only bold link on special pages for me is "Upload file".

Same here, less rollback.

…this really seems like it should be split off into the Wiki forum, but starting where? post 174631? 174639? (And is Rainwarrior going to object?)

Author:  koitsu [ Sat Jul 02, 2016 2:15 pm ]
Post subject:  Re: Anti-spam legitimate answer wasn't accepted

Odds are the issue is one of the following:

a) The extension is outdated (version 1.2 appears to introduce better support for "who gets RCC capability"; 1.3 is latest),
b) The LocalSettings.php configuration for this MediaWiki extension is incorrect (wrong group name, $wgAvailableRights isn't correct, etc.),
c) A kind of subset of (b): the individuals who should have access to this feature aren't in the correct group per $wgGroupPermissions.

When it comes to this stuff in MediaWiki, it's rarely simple. I'd urge anyone using this feature to read the extension web page though, since it explains details about usage/where to find it/etc..

This is subject/topic should probably be split into its own thread. The issue Myria had has been fixed.

Page 2 of 3 All times are UTC - 7 hours
Powered by phpBB® Forum Software © phpBB Group
http://www.phpbb.com/