It is currently Sun Oct 22, 2017 11:31 pm

All times are UTC - 7 hours





Post new topic Reply to topic  [ 32 posts ]  Go to page Previous  1, 2, 3  Next
Author Message
PostPosted: Fri Jul 01, 2016 7:21 pm 
Offline
User avatar

Joined: Sun Sep 19, 2004 9:28 pm
Posts: 3192
Location: Mountain View, CA, USA
Banshaku wrote:
What I don't understand is if we make it harder on the forum to avoid spam account, why do we allow anonymous editing on the wiki? (Is it still possible?)

AFAIK -- and Tepples, please correct me if I'm wrong -- the current model is that you can anyone can view the wiki, but only people with wiki accounts can edit it. To get an account, you have to sign up (and make it past a captcha (this keeps most robots/automated software out)), then it has to be manually approved (editing capability for that account enabled) by a moderator (e.g. tepples, memblers, myself (maybe not any more?), etc.).


Top
 Profile  
 
PostPosted: Fri Jul 01, 2016 7:31 pm 
Offline

Joined: Sun Sep 19, 2004 11:12 pm
Posts: 19116
Location: NE Indiana, USA (NTSC)
Banshaku wrote:
What I don't understand is if we make it harder on the forum to avoid spam account, why do we allow anonymous editing on the wiki? (Is it still possible?)

Mainspace editing requires creating an account, which requires solving a CAPTCHA very similar to that on the forum, and then getting it confirmed. Talk page editing is open to IPs, but adding external links to a talk page as an IP requires (again) solving a CAPTCHA. So all we get are those few spammers willing to add an advertisement without an external link to a talk page, and those edits have proven easy for anybody with rollback privileges to blow away.

There are currently three ways to get a wiki account confirmed:
  • Contact an administrator through PM or IRC.
  • The account is at least four days old and has at least two talk page edits.
  • Verify ability to receive email at the address associated with the account.

In addition, many patterns used by spammers and other wiki vandals can be detected through regular expressions. Wikimedia offers a MediaWiki extension called the ABUSE filter, which lets administrators define patterns to classify Actions By Users, Such as Edits. These patterns include regular expression matches, the experience of a user (days or edits), and more. If an action is classified as unconstructive, a filter can warn the user, prevent the action, or perform any of several other actions. Most filters enabled at NESdev Wiki are set to "warn" because most spambots don't know how to click through the warning. Here's what the ABUSE filter is keeping out.


Top
 Profile  
 
PostPosted: Fri Jul 01, 2016 8:01 pm 
Offline
User avatar

Joined: Mon Sep 15, 2014 4:35 pm
Posts: 3074
Location: Nacogdoches, Texas
This is somewhat related to the whole anti-spam thing, that I found funny: http://www.theverge.com/2014/4/16/56215 ... every-time


Top
 Profile  
 
PostPosted: Fri Jul 01, 2016 8:37 pm 
Offline
User avatar

Joined: Sun Sep 19, 2004 9:28 pm
Posts: 3192
Location: Mountain View, CA, USA
Espozo wrote:
This is somewhat related to the whole anti-spam thing, that I found funny: http://www.theverge.com/2014/4/16/56215 ... every-time

...which is exactly why for decades I have advocated that manual human intervention be part of the approval process for account sign-ups (on anything). It's a social problem, driven by monetary focus, that cannot be solved with technology.


Top
 Profile  
 
PostPosted: Fri Jul 01, 2016 11:39 pm 
Offline
User avatar

Joined: Sun Jan 22, 2012 12:03 pm
Posts: 5733
Location: Canada
tepples wrote:
...those edits have proven easy for anybody with rollback privileges to blow away.

How many users actually have "rollback privileges", and how are they acquired?


Top
 Profile  
 
PostPosted: Sat Jul 02, 2016 4:43 am 
Offline

Joined: Sun Sep 19, 2004 11:12 pm
Posts: 19116
Location: NE Indiana, USA (NTSC)
Espozo wrote:
This is somewhat related to the whole anti-spam thing, that I found funny: [Google computer vision defeats Google's own CAPTCHA]

That's been possible for years. Even during the era when automatic confirmation based on e-mail or two talk edits wasn't possible, both NESdev Wiki and my own wiki got dozens of automatically generated FirstnameLastname sign-ups clogging the Recent Changes page because bots or sweatshops were passing ReCAPTCHA. Once I realized that was the problem, I instituted the ABUSE filter and the present Q&A system on my wiki. And what worked there has largely worked for NESdev Wiki as well.

koitsu wrote:
which is exactly why for decades I have advocated that manual human intervention be part of the approval process for account sign-ups (on anything).

As with all things security, it's a tradeoff between security and convenience. It depends on the site, but sometimes reverts every week or two are more convenient for administrators than having someone standing by in all time zones 7 days a week to approve applications for new accounts. And the accounts that go on to make trouble here are more the StalkerDragon types than those who sign up and post off-topic advertisements.

rainwarrior wrote:
tepples wrote:
...those edits have proven easy for anybody with rollback privileges to blow away.

How many users actually have "rollback privileges"

Administrators and rollbackers. But rollback is a shortcut for the undo feature that anyone can do, just without the confirmation page or the ability to change the edit summary for the revert.

rainwarrior wrote:
and how are they acquired?

An administrator adds a user to the rollbackers group through the user rights interface. You can request the privilege by asking an administrator (such as myself) while mentioning your history of reverting vandalism on the wiki, such as through use of the undo feature.


Top
 Profile  
 
PostPosted: Sat Jul 02, 2016 10:26 am 
Offline
User avatar

Joined: Sun Jan 22, 2012 12:03 pm
Posts: 5733
Location: Canada
tepples wrote:
...mentioning your history of reverting vandalism on the wiki, such as through use of the undo feature.

I specifically don't revert vandalism on the wiki because I don't have the rollback feature, because I don't want to clutter the recent changes timeline with "undos". I would do it if I had that feature. I don't do it because I know letting a "rollbacker" do it results in a cleaner timeline.


Top
 Profile  
 
PostPosted: Sat Jul 02, 2016 10:53 am 
Offline

Joined: Sun Sep 19, 2004 11:12 pm
Posts: 19116
Location: NE Indiana, USA (NTSC)
RC clutter is a separate issue from rollback privileges. The Recent Changes Cleanup extension is installed, which lets anyone with a few hundred or so edits see a form listing the past hundred or so edits with controls to turn each edit's "bot" flag on or off. If I see a bunch of spam and reverts in RC, I can hide them.


Top
 Profile  
 
PostPosted: Sat Jul 02, 2016 10:57 am 
Offline
User avatar

Joined: Sun Jan 22, 2012 12:03 pm
Posts: 5733
Location: Canada
tepples wrote:
RC clutter is a separate issue from rollback privileges. The Recent Changes Cleanup extension is installed, which lets anyone with a few hundred or so edits see a form listing the past hundred or so edits with controls to turn each edit's "bot" flag on or off. If I see a bunch of spam and reverts in RC, I can hide them.

I thought that's what rollback did. Can anyone else hide them, or only you?


Top
 Profile  
 
PostPosted: Sat Jul 02, 2016 11:08 am 
Offline

Joined: Sun Sep 19, 2004 11:12 pm
Posts: 19116
Location: NE Indiana, USA (NTSC)
Rollback just allows skipping the confirmation for an undo. A rollback appears in RC the same as any other edit marked "minor".

The only qualification for RCC is that your edit count has to be high enough.


Top
 Profile  
 
PostPosted: Sat Jul 02, 2016 11:08 am 
Offline
User avatar

Joined: Sun Jan 22, 2012 12:03 pm
Posts: 5733
Location: Canada
Okay, I found Special:RecentChangesCleanup, and have verified that I can use it. Now that I know this, I would use rollback if you gave it to me.

I do have a question, though: is a link to Special:RecentChangesCleanup supposed to appear ANYWHERE? It's not listed in Special Pages. It's not listed on the recent changes list. Shouldn't it be linked somewhere users might find it? I had to type in the URL manually to get there.

I'd asked about it before, but I had the impression that it was extra stuff that appeared on the recent changes timeline for someone with sufficiently advanced privelages (but I guess I had the wrong idea here?). Is RecentChangesCleanup supposed to integrated at all with the Special:RecentChanges? Like, shouldn't the "hide" button appear there too? Why is it on this other hidden page?


Top
 Profile  
 
PostPosted: Sat Jul 02, 2016 11:23 am 
Offline

Joined: Sun Sep 19, 2004 11:12 pm
Posts: 19116
Location: NE Indiana, USA (NTSC)
For me, "Recent Changes Cleanup" appears under "Recent changes and logs" on the list of special pages. The pages with bold titles are available only to users who hold special privileges. ("User rights management" is how I just gave you rollback.) Perhaps there's a defect in the extension that causes it not to appear if your RCC privileges are solely through edit count.


Attachments:
RCC_location.png
RCC_location.png [ 27.23 KiB | Viewed 1459 times ]
Top
 Profile  
 
PostPosted: Sat Jul 02, 2016 11:27 am 
Offline
User avatar

Joined: Sun Jan 22, 2012 12:03 pm
Posts: 5733
Location: Canada
tepples wrote:
Perhaps there's a defect in the extension that causes it not to appear if your RCC privileges are solely through edit count.

It does not appear in either of those locations for me. (I can see the rollback now, though.)

The only bold link on special pages for me is "Upload file".


Top
 Profile  
 
PostPosted: Sat Jul 02, 2016 2:06 pm 
Offline
User avatar

Joined: Sat Jul 12, 2014 3:04 pm
Posts: 936
rainwarrior wrote:
tepples wrote:
Perhaps there's a defect in the extension that causes it not to appear if your RCC privileges are solely through edit count.

It does not appear in either of those locations for me. (I can see the rollback now, though.)

The only bold link on special pages for me is "Upload file".

Same here, less rollback.

…this really seems like it should be split off into the Wiki forum, but starting where? post 174631? 174639? (And is Rainwarrior going to object?)


Top
 Profile  
 
PostPosted: Sat Jul 02, 2016 2:15 pm 
Offline
User avatar

Joined: Sun Sep 19, 2004 9:28 pm
Posts: 3192
Location: Mountain View, CA, USA
Odds are the issue is one of the following:

a) The extension is outdated (version 1.2 appears to introduce better support for "who gets RCC capability"; 1.3 is latest),
b) The LocalSettings.php configuration for this MediaWiki extension is incorrect (wrong group name, $wgAvailableRights isn't correct, etc.),
c) A kind of subset of (b): the individuals who should have access to this feature aren't in the correct group per $wgGroupPermissions.

When it comes to this stuff in MediaWiki, it's rarely simple. I'd urge anyone using this feature to read the extension web page though, since it explains details about usage/where to find it/etc..

This is subject/topic should probably be split into its own thread. The issue Myria had has been fixed.


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 32 posts ]  Go to page Previous  1, 2, 3  Next

All times are UTC - 7 hours


Who is online

Users browsing this forum: No registered users and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group