User talk:CaseyParsons

From Barbershop Wiki Project
Jump to navigation Jump to search

Robo-spam flood

1. Single spam-edits were annoying, but manageable. In the last couple of days, though, we've been hit with a rash of strikingly similar attacks: create a nonsense username, use it to create one 4K+ advertisement page, and repeat ad nauseam. The timing may mean a human is doing it, but I suspect automation. Do I keep playing whack-a-mole, or have you got a better tool to reduce/prevent this sort of thing? --Paks Paladin 23:41, 27 January 2011 (UTC)

Second question: is there a mechanism to delete usernames in addition to blocking them? --Paks Paladin 23:41, 27 January 2011 (UTC)

I just noticed the spam. I'll do a little research and implement some better tools. I don't know about the mechanism to delete. Let me know if you see anything... --Casey Parsons 20:36, 4 February 2011 (UTC)

2. The quality of spam is improving; good for them, bad for us. Not only is the text getting more coherent and "on-topic", he's now uploading a credible pictures with each "article". Special:RecentChanges's default setting of last-50 is completely filling every day--first with spam, then with whack-a-mole. The only "good" news is that it's not getting any more frequent, and still looks like a lone jerk or one compromised computer. Maybe he's getting new IPs with Tor? --Paks Paladin 13:06, 9 February 2011 (UTC)

I instituted ReCaptcha today. It will show up for anyone when creating an account. So unless this spammer is manually creating accounts, it should stop them. I'll keep my eye out for more activity. Thanks again for everything you do!! --Casey Parsons 17:32, 13 February 2011 (UTC)
They may have a few accounts that have already been created that can still post spam. Will block those as they post, but they shouldn't be able to create NEW accounts. --Casey Parsons 17:37, 13 February 2011 (UTC)
Looks like they are still creating new accounts. CRAZY! I have a strong ReCaptcha set up but they are still getting around it. I'll try to block their IP ranges tonight if possible. --Casey Parsons 15:45, 14 February 2011 (UTC)

3. Help! The spam-flood is actually **accelerating**. Its regularity, "composition", and indiscriminate markup misuse indicates there's **not** a human anywhere in the loop. Its "grammar", choice of non-celebrity names, and near-daily ideograms point to a Chinese origin. All "content" has been on the new accounts' User:Talk pages.

  • Can you require admin approval for all new pages, and also new accounts' first five posts?
  • Right now, you're the only 'Bureaucrat' with the ability to Merge Users and Edit User Rights. There's a backlog of easily 1000 spam-accounts that need merging. --Paks Paladin 22:39, 12 November 2012 (PST)

4. Here we go again. I've limited myself to deleting only the egregiously bad usernames, unless and until they actually post content, but.... Should we set and formalize/publish a policy like "Because of spammers, all new accounts need to make at least one valid content update in their first three days"? --Paks Paladin (talk) 16:00, 14 March 2018 (EDT)

Hey Paks, thanks for the note. I noticed that the spammers have picked up a little steam lately. Thank you for the great work responding to that. I need to find some time to research latest countermeasures. As to your suggestion of a policy change, it sounds reasonable, but I'm not sure that there is a technical mechanism to implement that within the mediawiki software. If you know differently, please let me know and share a link. --Casey Parsons (talk) 08:52, 15 March 2018 (EDT)
I was expecting to do it myself, not automagically; I just wanted folks to have previous warning that all new accts are suspect by default, subject to summary deletion, and why. --Paks Paladin (talk) 08:57, 15 March 2018 (EDT)

5. It's the least wonderful time of the year, right on schedule. Perhaps I should start banning them Indefinitely, instead of for 6 mo / 1 year? I don't want to preclude legit users that may "need" those IPs later. --Paks Paladin (talk) 05:25, 28 March 2019 (PDT)

Is there any consistency with their source IP or country of origin? A geo-IP or subnet block seem to be the most effective at this point. The captcha and AI systems are the best that I'm aware of but still letting this much through. --Casey Parsons (talk) 07:55, 28 March 2019 (PDT)
Of the 30 newest accounts: Largest hotspots are San Francisco (13) and Los Angeles (6), at 172.68.46.x, 172.69.x.x, and 104.223.x.x. Phoenix (3) and Tempe (3) in Arizona form the next biggest, at 23.108.(252,254).x and 23.231.(38,39).x respectively. --Paks Paladin (talk) 09:03, 28 March 2019 (PDT)
Well shoot. Can't block the US and can't block the subnets either since they are Cloudflare. I'm open to suggestions... I'm already routing all traffic through Cloudflare.
Last week I made a number of improvements to the firewall/filtering of inbound traffic through Cloudflare, including leveraging their internal threat score. While I think that slowed down some more spammers it clearly didn't slow it enough. So today I pulled out a big hammer and enabled a javascript challenge for every new connection. This is slightly annoying to see their DDOS splash page, but hopefully will bring spammers down to nearly zero. Desperate times call for... --Casey Parsons (talk) 17:10, 4 April 2019 (PDT)
DUDE! I think you un-blocked one IP range too many. It _was_ working for a solid, glorious month or two. --Paks Paladin (talk) 09:12, 12 June 2019 (PDT)
I don't think I unlocked much. They are just adaptive. I'll keep trying more tweaks. We're definitely now in the realm of potentially blocking good traffic. Thanks for all you continue to do to clean up and make this place better. --Casey Parsons (talk) 11:27, 14 June 2019 (PDT)
Found the problem. Cloudflare had apparently disabled the filtering for the site and was allowing everything in freely. Fixing that now. --Casey Parsons (talk) 05:37, 17 June 2019 (PDT)
OK I think I may have figured out how to stop the spammers. I found a clever little way to use Cloudflare to challenge the browser for only the create account and login pages. This should stop the spammers and only annoy real users on their initial account creation or login for less than 5 seconds of wait time. Keep your fingers crossed... --Casey Parsons (talk) 18:37, 25 June 2019 (PDT)

6. This latest batch all create their user pages in Cyrillic. If you'd like, I can hold off on merging the last few so you can get an IP range. Paks Paladin (talk) 08:41, 17 June 2021 (PDT)

Thanks for the heads up. Go ahead and Merge. I try my best to not block by static IP anymore, too manual and too many false positives. It's just not that effective either. I'll do a little research this weekend to see if I can filter out cyrillic characters to prevent account creation and editing. Some day if barbershop gets more popular in Russia, that could be an issue, but best idea I have as of now.

7. The site displays correctly again (after a few days of only half-loading), but I still get errors when I try to merge-into-SPAMMER any of the latest batch. "A database query error has occurred. This may indicate a bug in the software. [YRK9TuIFHBDXgRu7oneKuAAAAAE] 2021-08-10 17:54:24: Fatal exception of type "Wikimedia\Rdbms\DBQueryError" --Paks Paladin (talk) 11:01, 10 August 2021 (PDT)

Yes, the server host upgraded PHP, which was apparently incompatible with the version of Mediawiki. I had to upgrade the wiki to the latest version, which is an ordeal to do all the backups, update the extensions, and test it all out. Finally got that wrapped up earlier today so I think we are in a period of stasis. For the merge error, I saw that too. I think it may been an order of operations thing... I was testing out the SmiteSpam extension and used that to block those spam users and their contributions. I think that that action is now preventing the merge operation. Let's see if a new spammer creates and account and see if the UserMerge extension will still work on that user. --Casey Parsons (talk) 11:36, 10 August 2021 (PDT)
Interesting that there hasn't been any new spam since the upgrade. I also changed the captcha version to hcaptcha away from recaptcha which is clearly defeated. Hopefully the spammers doesn't defeat hcaptcha as quickly. Crossing fingers... --Casey Parsons (talk) 07:34, 12 August 2021 (PDT)
I randomly had a thought about the database error when merging/deleting users. I no longer see the user SPAMMER. Did you delete that user? If you try to merge into a user that doesn't exist, that is maybe causing the DB error. --Casey Parsons (talk) 12:02, 24 October 2022 (PDT)

8. First clearly-spam account-page in a LONG time, RickiePress5, which yes includes a splash of Cyrillic. Tried to merge as usual -- same DB error as before, verbatim except for the leading gibberish. Shall we fall back to "delete and single IP ban"? Paks Paladin (talk) 22:22, 18 September 2022 (PDT)

I see the new SpamSmite, have tried it, and approve, BUT-- 1) it doesn't catch everything (see the flood of the last two days), and 2) it still leaves the problem of all those blocked users cluttering up the user-list. I assume you're still looking for a merge-users solution/workaround? --Paks Paladin (talk) 13:44, 9 October 2022 (PDT)
The problem of spam prevention is complicated. I have put many preventions in place. Most effective has been using Cloudflare and iterating on config for a Web Application Firewall. Until two days ago, that has been working really well for the better part of two years. I'm not sure how the current bots are getting around it, but I'm searching for that and will update the defenses accordingly. I don't have a current solution for the merge-users thing...it probably requires updated core wiki software and updated merge plugin software. I'll keep on keeping on with the progress. Thanks! --Casey Parsons (talk) 05:48, 10 October 2022 (PDT)
I made an update today to only allow edits from "email-confirmed users" in further attempts to block the spam. Hopefully this doesn't prevent legit users from trying to make updates, but my assumption is that bots won't confirm their email addresses. I do see that most of the bot accounts have bogus emails completely. I also need to update the core software to latest version, which is always an ordeal. I need to find time for that in the next few weeks. --Casey Parsons (talk) 08:59, 24 October 2022 (PDT)

Duplication of effort?

To my delight and dismay, I have just discovered a second "Barbershop Wiki", at barbershopwiki-dot-org. A fast search does not reveal any single point of contact. Yours has more pages (you're welcome), but they seem to have more registered users. Collaboration/merger? You have some leverage: the actual Society hopepage links to yours. --Paks Paladin 00:44, 16 January 2010 (UTC)

Yes, I'm aware of that other site. The most recent update was in 2008 and there is very little content. I've attempted to contact the owner multiple times on email and facebook but haven't received any response. I would love to have that owner's help. I plan to continue to try to contact. --Casey Parsons 06:38, 16 January 2010 (UTC)

ParserFunctions

Hi, I was wondering if you could add the ParserFunctions Extension to Barbershop Wiki Project? I realise that working in the sandbox first is a good idea, but as I was going to save the template in my sandbox I realised I was on the wrong tab and saved it in a new page instead! oops... But having looked at that mediawiki page, and seen examples of some of the uses of the templates, I think it could be useful.

I hope you don't think that I'm creating unnecessary pages just because I'm messing around; I'm interested in the administration and inner workings of wikis as well as the actual subject matter! I hope to contribute in as many areas as possible :-) gaidheal (talkcontribs) 00:47, 8 February 2010 (UTC)

I probably can. Let me research it for a bit, just to make sure it won't break anything. What specifically do you want to use it for? I appreciate your help. Thanks a lot! --Casey Parsons 16:00, 8 February 2010 (UTC)
So forever later, I figured out how to enable the ParserFunctions extension that is now bundled in the MediaWiki software. --Casey Parsons (talk) 13:58, 20 January 2019 (PST)

Uploading images?

Is it possible to upload a .jpg image? I'm trying to upload photos of Harmony, Inc. quartet champions and I get the error "Internal error: The upload directory (public) is not writable by the webserver." when I try to upload.

Am I doing something incorrectly? --GaGirrl 19:49, 15 April 2010 (UTC)

Sorry about that! The webserver was misconfigured (by me!) and that was causing the error. You did not do anything wrong. I changed the permission level, so it should work now. Thanks for adding pics and content. Keep up the good work! --Casey Parsons 12:30, 16 April 2010 (UTC)

OK, so now when I try to upload images, I get the error "Error creating thumbnail: sh: /usr/bin/convert: No such file or directory," as shown on the upload for U4X. What did I do wrong now? --GaGirrl 21:32, 10 May 2010 (UTC)

Yes, I noticed this too. Thanks for the heads up. I'll start digging around to find the bug. --Casey Parsons 00:29, 11 May 2010 (UTC)
I think we got it fixed. Please let me know if you continue to see the problem. Thanks! --Casey Parsons 16:37, 11 May 2010 (UTC)

Harmony,Inc. wiki page not visible

If you go to the Harmony, Inc. wiki without logging in, you get a notice that there's no content on the page. If you log in, you see the page. What did I do wrong? --GaGirrl 17:08, 6 July 2010 (UTC)

I'm not sure... It's working OK for me both logged in and out. Can you send me 2 screenshots of the page when you are logged in and out? My email is mail[at]caseyparsons[dot]com.--Casey Parsons 18:21, 6 July 2010 (UTC)

Well shoot - now it works fine. Could have been a browser issue on one of my other systems; however, another user had the same issue. Let me check and see what she sees now. --GaGirrl 21:51, 12 July 2010 (UTC)