Difference between revisions of "OrbiterWiki:Village pump"
(→Filter for uploads: new section) |
|||
Line 41: | Line 41: | ||
:: The RSS feed for Recent Changes does the job well for me. :D [[User:Urwumpe|Urwumpe]] 23:59, 24 February 2012 (UTC) | :: The RSS feed for Recent Changes does the job well for me. :D [[User:Urwumpe|Urwumpe]] 23:59, 24 February 2012 (UTC) | ||
+ | |||
+ | == Filter for uploads == | ||
+ | |||
+ | Would it be possible to have a filter for the uploads, so that all files like "Epsom salt 9999.jpg" would be refused and logged? I don't yet know why such images are included by the spambots, but I fear the worst, if they could be droppers. Not having them uploaded in first place, could be better than erasing the files. [[User:Urwumpe|Urwumpe]] 12:38, 10 March 2012 (UTC) |
Revision as of 12:38, 10 March 2012
Just a page for general OrbiterWiki discussions (for keeping the Talk:Main Page related to the main page).
View archived discussions for 2005-2007, 2008-2010.
Server move and stuff
- OrbiterWiki has moved servers. Please report any and all issues you observe, preferably by email.
- I am planning to upgrade to the most recent MediaWiki version shortly. Will notify when that's done.
- I'd like to try out the new default MediaWiki skin, which is the skin Wikipedia uses now. Any objections should be expressed here.
- I'm still hoping to switch case-insensitivity for titles back on. One day...
--RaMan 12:50, 16 February 2011 (UTC)
- Updated to MediaWiki v1.16.2; a couple of extensions got upgraded too. --RaMan 03:54, 20 February 2011 (UTC)
- Enabled Vector skin. Old skin vs New skin. Hope you like! --RaMan 18:00, 20 February 2011 (UTC)
Loose gun policy for bans from a special subnet
I just noticed some more similarities among the recent spambot activity here: Ten spambot accounts with two name patterns since December came from 118.101.0.0/16, one half of the Internet provider "TELEKOM MALAYSIA BERHAD" (There is no spam from the other /16 of this provider). I suspect that we have a single source behind varying IP addresses there. Since this still means a 640/650 chance that somebody is not a spammer from this network, I would propose the following guideline for next 3 months: All new user accounts that are registered from this network with the pattern
<Letter> + <Random First Name> + <Random Common Family Name> + <Letter>
should be banned instantly and for infinite time. IP-Bans should be avoided, since a /16 network of DHCP addresses seems like a poor target for IP-bans. Better target the business model and prevent search engine optimization. I don't see any reason to use this user name pattern here anyway. Another pattern had been the "-Steamer" type, but I don't think this alone is a good way to identify a spammer. If it comes from the same subnet though, it would be with very high certainty a spammer. We have no legal edits from the whole /16 subnet (Booo!).
Urwumpe 18:23, 30 January 2012 (UTC)
PS: Yes, that means that new users should better not use this name pattern, if they would like to prevent getting under general suspicion here. It is not nice, but since 2 hours of reaction time is enough to infect a few thousand PCs with malware, a fair price IMHO. "JohnSmith" would still be legal. "GJohnSmithj" would be dubious.
- I suppose this sounds reasonable. No problem with this. Good effort noticing this! RaMan 13:34, 2 February 2012 (UTC)
About another special customer here, can I suggest being a tiny bit more unfriendly to IP addresses belong to hostnoc.net? They are getting a bit annoying and banning them for one year would be long enough until things escalated far enough to remove these guys from the IP range. The current main ranges for them are 184.82.0.0/16, 64.120.128.0/17 and 184.22.96.0/20. But there seem to be a lot more, judging the whois records. The lack of any company presentation or new customer registration is a bit strange there. Urwumpe 07:07, 10 March 2012 (UTC)
- OK, let’s do it. RaMan 09:50, 10 March 2012 (UTC)
Increase Autoblock time
I just noticed that the automatic IP block when blocking a registered user and his IP is just 24 hours, which explains why it was so ineffective against spambots in the past. I would suggest increasing this timespan to a week. That is still pretty short for our cases, and should also work against retries from dedicated hosts. Urwumpe 17:52, 24 February 2012 (UTC)
- OK, I think I've changed it now - let me know if this doesn't seem to have effect. By the way, do you want to receive an email every time someone edits anything at all? That's a lot of emails, but nothing a filter rule can't fix :) --RaMan 22:07, 24 February 2012 (UTC)
- The RSS feed for Recent Changes does the job well for me. :D Urwumpe 23:59, 24 February 2012 (UTC)
Filter for uploads
Would it be possible to have a filter for the uploads, so that all files like "Epsom salt 9999.jpg" would be refused and logged? I don't yet know why such images are included by the spambots, but I fear the worst, if they could be droppers. Not having them uploaded in first place, could be better than erasing the files. Urwumpe 12:38, 10 March 2012 (UTC)