UESPWiki:Administrator Noticeboard/Archive 28

A UESPWiki – Sua fonte de The Elder Scrolls desde 1995
Semi Protection
This is an archive of past UESPWiki:Administrator Noticeboard discussions. Do not edit the contents of this page, except for maintenance such as updating links.

Site Survey

I was planning on doing this after the wiki upgrade but that is looking like it will take much longer than I originally thought. I'll be doing a very simple/short site survey to collect feedback from the site's users with a bunch of random draw prizes to help entice people to do it. As I recently posted in the community portal there are a large selection of possible changes and improvements to the site but we really need to know what our audience needs, likes and doesn't like about the current site. For example, there's no point in spending a lot of time/effort redoing the site style/interface if what most people want is more mobile accessible content.

Once the survey is written up I'll be posting it here for feedback but until then if you have any suggestions for survey questions or prizes feel free to let me know. -- Daveh 15:38, 13 August 2012 (UTC)

The draft of the site survey is now available. Feel free to quickly go through it and leave any feedback on it here. -- Daveh 22:21, 14 August 2012 (UTC)
Two quick comments. Question 9 has "Something" as an option, and while I'm not sure what would be better to put there, it seems misplaced (maybe just making that question have one less option would work). Also, when it comes to ads, many people use AdBlock or some other browser add-on to block ads, so an extra answer option for that question might help since it's one of those "Not Applicable" type questions in that case. ABCface 22:52, 14 August 2012 (UTC)
Aside from what ABC pointed out, the questions and answers look good to me. Vely►t►e 23:00, 14 August 2012 (UTC)
Question 9 should have the forth column changed from "something" to "somewhat not desired" if it'll fit. I also think it would be nice to have a section asking if they think that any specific area of the site needs improvement. It's one thing to use a section of the site and another to like it. --AKB Talk Cont Mail 23:02, 14 August 2012 (UTC)
^Good call. Sometimes the reason you don't use certain sections is because they need improvement. This could be covered by the last general comment box, but a more specific question wouldn't hurt. ABCface 23:07, 14 August 2012 (UTC)

() I also have 2 comments:

1. Question 4: The choices seem awkward. How about something like "very easy", "somewhat easy", "average", "difficult", and "very difficult"

2. Question 8: How about more descriptive choices, ranging from "I use UESP exclusively or nearly exclusively" (my choice ;)) to "I rarely use UESP compared to other sites".

All the other answer choices seem fine to me. --XyzzyTalk 00:49, 15 August 2012 (UTC)

Great suggestions, thanks! -- Daveh 01:08, 15 August 2012 (UTC)
Question 10: I'd suggest changing "not desired" to "undesirable". "Not desired" sounds neutral and it's easy to skim over "indifferent" and select "not desired" instead. Robin Hoodtalk 02:15, 15 August 2012 (UTC)
For some reason I cannot get surveymonkey to load on my browser (Firefox 14.0.1), the links don't even show up on the wiki page. I could access it on my PS3, and the only question I would have is whether Question 5 is about the content of the ads or the layout of the ads, as its the only question about ads, it may need slight rewording to clarify which one. I would assume its about the layout, but I feel the question hints more towards content, as it is currently worded. The Silencer speaksTalk 13:32, 18 August 2012 (UTC)

() Question 9: I didn't want to check anything, but "This question requires an answer.". So I put "aaa" in "Other", but it still refuses to accept my (non-)choice. 94.255.233.233 19:51, 18 August 2012 (UTC) -- MartinS

Most of the questions are closed. Maybe it is convenient to add an optional textarea were people can elaborate on their answer. Having people telling what they like or don’t like, but without why, makes it hard to use that information to improve the site.
Furthermore, a question about what people are using the wiki for (walkthroughs for quests, information about NPCs, reading about Lore, finding information about upcoming ES games/DLC, etc. …) would be a good addition, because I think the wiki is too large to see as a single section. —Is it possible to get this information from page view statistics? Is a view count available for articles? That is another way to obtain that information.— It could be that the users like the walkthroughs this wiki offers, but they don’t like the Lore section. I think questions like “How easy is it to find the information you are looking for on the UESP?” are too broad. If we can discover with a survey that something like this is the case, then we can start to find out why after this survey. Maybe in the form of qualitative interviews, instead of a quantitative survey as follow-up. This because it is of course not possible to ask everything in one survey.
Question 6 asks about the interaction with admins, but I think most visitors to this site won’t have interacted with an admin, therefore a not-applicable answer would be needed here.
I’m looking forward to see the answers the users will give to this survey, to see what others think of this site. -CoolGamer 23:17, 18 August 2012 (UTC)
I agree with CoolGamer that adding an optional text box to most questions would be appropriate so users could elaborate if they would like to. And there are a few questions where having an 'N/A' option would be a good idea. ABCface 00:05, 19 August 2012 (UTC)

Blocking based on user-name

I doubt there will be much objection to this, but I'm thinking user accounts with names like:

should just be preemptively blocked on sight, even if they don't actually post anything. It's clear that no legitimate user would create an account name like that, and if they did, it serves them right for deliberately impersonating a spam-bot. These bots are getting out of hand, so we need to do whatever we can to stem the tide.

While I'm on the subject though - Daveh and/or Nephele - PLEASE look into installing some sort of system to combat these bots! Requiring e-mail confirmation for new accounts or preventing the posting of external links even on User/User talk pages for new accounts would go a long way towards getting rid of this nuisance (and also reduce the collateral damage such as occurred with Musicman247, though that's probably a rare case). The User creation log right now is like 95% spam bots, and we're getting at least a dozen hits daily from these things, which should be easily preventable if we installed just some basic security measures against it. Captcha clearly isn't enough any more. E-mail confirmation may be slightly annoying for new users, but is common enough practice these days that it shouldn't drive away newbies. (I can't think of any site I've created an account on in the last few years that did not require this.) And allowing external links by new users on their own User pages is a major loophole that should be closed. We don't allow them anywhere else, so we should remove that exception, because the bots have obviously figured that out and are only creating spam on their own pages now, so external link prevention on other pages does nothing to prevent them (maybe - I suppose they might be trying to post all over the place and failing, but there's no evidence of that.) --TheRealLurlock Talk 11:56, 16 August 2012 (UTC)

I thought there was e-mail confirmation and/or a captcha for new users but I'll double-check and confirm. Its possible we accidentally lost it at some point in the past few years and never noticed. This, however, would not prevent manual spam or sophisticated automatic spam either. I've been looking at a few possible extensions, including AbuseFilter, or simply preventing regular users from posting external links altogether (not exactly sure how but there are a few options to look at, custom or otherwise). If anyone has any suggestions at other extensions or options let me know. -- Daveh 12:44, 16 August 2012 (UTC)
Yeah, Captcha alone doesn't work anymore - there are bots that crowd-source Captcha solving by reposting the Captcha image onto other sites (promising free porn or whatnot) and using the results on the target site. I didn't think there was e-mail confirmation, but if not, there definitely should be. As for external links, I thought we had something that prevented that on article pages, but not User pages. If so, it shouldn't be a big deal to remove that exception and just say no external links anywhere for newbie accounts (say less than 10 edits or something).
Another possibility is to fight bots with bots - most of these bots follow clearly recognizable patterns of behavior, so it should be possible for another bot to simply monitor Recent Changes and catch them almost instantly, though that might place some load on the serves I don't know about. (Pretty sure that's what Wikipedia does, though on a site that size it's probably a necessity.) --TheRealLurlock Talk 12:57, 16 August 2012 (UTC)
I don't think limiting links for regular users altogether is a good idea, as there as many legitimate and useful instances of this, but limiting anything under the Autoconfirmed Users group from posting links makes a lot of sense, especially given the way most of our spam occurs. This is just a quick comment on this for now; I've got a lot more to say on this, but it will take more time to get the various ideas/links together for a real post. ABCface 15:51, 16 August 2012 (UTC)
Yeah, I'm pretty sure they're crowd-sourcing or otherwise solving the Captcha check. From my experience on other sites, e-mail confirmation virtually eliminated our spam problem overnight, but it has the drawback of limiting editing to registered user accounts. If we don't want to go that route (perhaps that should be part of the survey?), then I agree with the above suggestions that we look into preventing non-Autoconfirmed Users from posting external links. Robin Hoodtalk 16:49, 16 August 2012 (UTC)

Update -- A few things I looked into:

  • There is a captcha when registering a new account.
  • There is a captcha when a non-confirmed user posts a link.
  • There is a captcha when a confirmed user posts a link.
  • The recent spam posts were done by confirmed users (checked a few and assumed they all follow the same pattern). This means to post a link they answered at least two captchas and confirmed their e-mail.

This means that any simple change to the policy of posting a links would affect all normal users. We could add rules like "must be registered for 2 weeks and have at least 20 edits" although this would be better through the use of an extension like AbuseFilter rather than a custom code change or extension (trying to minimize that as much as possible as it makes upgrading the wiki a pain). I'll look at adding AbuseFilter or a similar extension sometime in the near future. -- Daveh 22:27, 16 August 2012 (UTC)

I am very strongly opposed to blocking out anonymous editing, because that is one of the core principles of a wiki and one of the main reasons why we've been so successful. I for one absolutely hate having to log in before I can do anything, and more often than not I'll just leave the site and never create an account, no matter how valuable the information may be. The last thing we need is to decrease our user base.
I have a possible solution. It would require custom coding, but what if you had to make at least 100 edits before being allowed to post a hyperlink? The vast majority of the time, no user needs to post a hyperlink of any sort, and if they do, then they will have had 100 edits by that point.
Another similar (and likely simpler) option would be that only Patrollers, Autopatrolled Users, and Administrators are able to post hyperlinks, and if a user needs to post a hyperlink for a legitimate purpose, then they can contact one of us (via either our talk page or a new page titled "Hyperlink Requests") to get us to post the link for them.
To filter out the hyperlinks, you could either:
  1. Block the string http:// or
  2. Block http:// if it doesn't contain the string "uesp.net" after the first dot "." . A link such as http://www.uesp.net..., http://forums.uesp.net..., or http://content3.uesp.net... would be allowed, but http://www.spam.org/uesp.net...would not.
The advantage of the second method is that users could post inter-wiki links easily. We do have templates that can circumvent this, but few users know how to use templates and even fewer are aware that these templates even exist. I have no idea how easy that would be on the coding end. I don't speak for everyone, but I personally wouldn't mind having to wait a month for you to fully upgrade the wiki before you implemented this. • JAT 23:53, 16 August 2012 (UTC)
Admittedly, I have only been barely following the conversation, so if I repeat ideas, I apologize, but what if the requirement to post a URL was set to being "Autoconfirmed", but then raise the requirement for being Autoconfirmed to being a member of the wiki for two weeks AND having 30 edits? IP addresses, being unable to become Autoconfirmed, would unfortunately be barred from posting URLs, but honestly, how often do anons have a valid reason to post external URLs to the site? And, I doubt the bots would sit for two weeks and make 30 edits to the site. And, assuming it's possible, I would think that any attempt to post an eternal link, either through editing an article, a talk page, or an edit summary should result in either totally resetting the counter or perhaps just add an additional day and 10 edits to the counter for that user gaining the "Autoconfirmed" rank. Assuming it's possible, it would take some serious custom coding though. And, like I mentioned, I don't know how doable the idea is to begin with. It's just a thought I had. ES(talkemail) 00:06, 17 August 2012 (UTC)
Most of the spam edits are coming from registered users. Do we even need to do anything to anonymous editing? —Legoless 01:08, 17 August 2012 (UTC)
In fairness, no, but I don't know if you can set an account to have a different parameter like that without affecting IPs so I threw them in. ES(talkemail) 01:10, 17 August 2012 (UTC)

Block based on user-name - Edit Break 1

Update 2 -- The decision seems to be that some form of the following combination to limit who can post links would work best:

  • User for X or more days (10, 30, ?)
  • More than Y edits (20, 50, ?)

The values should/will be easily configurable so we can adjust as needed. How, exactly, to get this I'm still looking into. I think the AbuseFilter extension would let us but if there's a simpler or better solution I'll do that first. So long as there's no unexpected difficulties it should be place sometime this weekend. -- Daveh 21:09, 17 August 2012 (UTC)

I'm definitely in favor of more than Y edits, because any spammer can create an account and wait 30 days before spamming. I support that a user must have at least 100 edits before being allowed to post a hyperlink, because the number is high enough that it will shut out all but the most dedicated spammer. In the very unlikely scenario that a user has less than 100 edits and has a legitimate reason to post a hyperlink, they can ask one of us to post the hyperlink for them. • JAT 21:46, 17 August 2012 (UTC)
I still believe 100 is high. What if we put it in the middle? Around 50 edits? Not incredibly high, but not so low a spammer can post whenever he wants? ES(talkemail) 21:55, 17 August 2012 (UTC)
I agree with Jak.No spammer is going to attempt to make 100 edits.Unless they really want to spam.--Skyrimplayer 21:56, 17 August 2012 (UTC)
I would lean more towards the figure of 50, like ES. However, I would add that that should not count talk pages, userpages, or pages like this. If someone makes that many edits to the content of the site, assuming that those edits are in good faith, it is unlikely that they are going to spam, unless they get extremely disgruntled. I think that making ANY constructive edits would deter most spammers, let alone 50 or 100, and that makes 100 a bit overkill, especially because if they are willing to do 50 good edits before spamming, they'll probably be willing to do 100. --HalfStache 22:35, 17 August 2012 (UTC)
A Good idea. I was thinking 50 edits total. Yeah, 50 edits to the namespaces for games, books, and lore. Pseudo-talk pages like the AN, CP, FA, FI, etc should be excluded. And the File space should be included. I can think of a few vandals that have posted obscene imagery to the File pages. ES(talkemail) 22:45, 17 August 2012 (UTC)
Maybe we could throw in more protection making them have to be a member of the site for 5 days and have 50 edits.I was just thinking for extra defense.The reason I think this is because the spammer ,might just try making a ton of single-word edits to his userpage or something,and once he has enough,he can post links.It's unlikely,I know.But extra protection never hurt.Thoughts?--Skyrimplayer 22:49, 17 August 2012 (UTC)
The 5-day delay is pointless; they'll just wait 5 days to spam, as they've done in the past. I agree that 100 edits is overkill, but that's the point of these measures - to create rules that will deter almost every spammer. It's like double-knotting your shoe - sure, one knot will work, but you might as well be extra sure. • JAT 00:22, 18 August 2012 (UTC)
Honestly, even 20 edits is higher than it really needs to be - so far anyhow. At least with the current crop of spam bots, not one of them has ever made a single non-spam post anywhere. A limit of 10 or even just 5 would probably stop 99% of spammers for now. Of course, there's always the chance they'd figure it out and start repeatedly posting non-spam in order to get past the newbie-quota, but that's possible no matter what the limit is. Of course, having it easily adjustable allows us to tweak it to be at a level that doesn't put off new users but also doesn't allow for easy exploits by bots.
We could possibly combine it with something that prevents more than X posts within Y time, as rapid-fire posting like that is very unlikely to be legit, at least for newbie posters. Of course I myself have been known to make a long series of very quick edits on a lot of pages (e.g. the effect footers I made just this morning), as have some of the other veteran users of the site, but a first-time poster isn't likely to do stuff like that, and probably shouldn't even if they're doing it in good-faith, because they haven't been around long enough to know the right way of doing things yet. --TheRealLurlock Talk 02:56, 18 August 2012 (UTC)

() Something to keep in mind here, especially with high numbers of edits as a requirement, is that there are some templates that sneak in external links that are non-obvious, and any common page that users are supposed to be able to edit at will might have a link already on it...this one has 6 at the moment, for example, which might make it very difficult for a new user to post here, depending on how the extension is designed. Similarly, I suspect new users wouldn't be able to place {{Speedydeletion}} or {{Prod}} tags on a page, since they both include external links (externalized UESP links as well as Google links). Again, though, it depends on whether the extension is able to see the text as it was typed or only based on the rendered results. Robin Hoodtalk 03:13, 18 August 2012 (UTC)

TheRealLurlock, I think you're mistaken. The vast majority of anonymous and newbie editors don't use "Show Preview", and if they make a fairly large edit you can almost guarantee that there will be a large number of follow-up edits for various spelling and wiki syntax mistakes (such as fixing links).
RobinHood70, from what I've seen on Wikipedia's AbuseFilter filters, the extension checks for the text as it is typed. Here is a list of condition from their own Link Spamming filter:
<pre style="width:; white-space:-moz-pre-wrap; white-space:-pre-wrap; white-space:-o-pre-wrap; white-space:pre-wrap; word-wrap:break-word; ">!("autoconfirmed" in user_groups) & (article_namespace == 0) & !(user_name in article_recent_contributors) & (old_size > 0) & (count("http://", string(added_lines)) > count("http://", string(removed_lines))) & !(count("<ref", string(added_lines)) > count("<ref", string(removed_lines)))
I believe that this is only checking typed text rather than rendering (since it checks for <ref> tags) but I could be mistaken. Assuming that the extension doesn't block template text, I stand by my 100 edit requirement; if, however, the extension does block the use of certain templates, then I'd be okay with a 25 edit requirement. Any less would be very easy for the spammer to get around, and even if we caught them right away, if they manage to post the hyperlink then they accomplished their task. • JAT 08:22, 18 August 2012 (UTC)
You seem to be under the impression that there's a human behind these spam bots. Sure, a newbie user will make many corrections to their edits because they didn't use the Show Preview button, but usually those are legit edits. The spammers, on the other hand, pretty much NEVER make an edit that could possibly be confused for something legit. They always try to post spam links on their very first post. Thus, preventing external links from being posted in just the first few edits would stop most of the current spam-bots. I don't really have an objection to making that requirement higher though. Just saying that it's not really necessary, at least with the current spam-bots we're seeing. --TheRealLurlock Talk 12:05, 18 August 2012 (UTC)


Update 3 -- I've installed AbuseFilter but it seems like it is such an old version for MediaWiki v1.14 that it is rather useless for this purpose. I'll try again after the wiki upgrade. -- Daveh 23:53, 20 August 2012 (UTC)

Spammer?

What's up with this? Is this actually a test by one of our members? If so, for what purpose? ThuumofReason 21:05, 16 August 2012 (UTC)

A few of us on the IRC suspect Daveh, due to his posts above. However the user has not identified themselves as of yet and the sites linked are real websites, even though they appeaar that they wouldn't. The Silencer speaksTalk 21:09, 16 August 2012 (UTC)
Huh. I guess I'll just leave that alone for the time being then. ThuumofReason 21:10, 16 August 2012 (UTC)
Just letting everyone know that Daveh, as suspected, has identified himself. The Silencer speaksTalk 21:59, 16 August 2012 (UTC)

Lost Half-Day of Edits

The attempted test of the wiki upgrade started off all wrong which lead to me having to restore a backup from this morning meaning all edits from around 4:30am EST have been lost. The short story is I was making a copy of the wiki database on db1, something I've done several times successfully, but for some reason the database source file I was using was output using the incorrect options. This caused MySQL to ignore my request to copy and instead just overwrote the live wiki database. By the time I realized it was too late and rather than risk partial data corruption I decided to restore from this morning's incremental backup.

The semi-good news is that the majority of anonymous users probably never knew anything was wrong other than a random "UESPWiki has a problem" message appearing. Some edits may still be in the file cache and can be viewed if you load the page when logged out. At a minimum this would let you grab the raw text of any important edits. If there is anything critical to restore in the past half day, or any issues caused by this, just let me know.

Now....I'm going to go hide somewhere and mope for the rest of the evening. -- Daveh 23:35, 21 August 2012 (UTC)

Any idea what's up with this? It's a lost edit to Oblivion talk:Unique Items Oblivion talk:Oblivion I think, but it's showing up on an unrelated page. RobinHood suggested it might be database corruption. —Legoless 00:02, 22 August 2012 (UTC)
I made an edit to my userpage,it was'nt from before 4:30 am.It's not even in the history.--Skyrimplayer 00:06, 22 August 2012 (UTC)
Oh.Legoless.That was on the Unique Items page.Not oblivion.--Skyrimplayer 00:08, 22 August 2012 (UTC)
A second similar issue with a diff page can be found here, could have been from any of the recent userpages made by spambots. -ABCface 03:36, 22 August 2012 (UTC)
One here from an unknown page... I think that might've been on the CP or on someone's talk page. Vely►t►e 14:19, 22 August 2012 (UTC)
I think the above was from UESPWiki:Getting Started, but I could be wrong. There's also this one, I remember seeing it before but can't remember where. ABCface 14:40, 22 August 2012 (UTC)
It was on the Skyrim Imperial race talk page.--Skyrimplayer 14:42, 22 August 2012 (UTC)

Note -- In case this ever happens to help someone else, or perhaps remind me what not to do at a later date. The following commands are similar:

     1. mysqldump --opt --databases wikidb > file.sql
     2. mysqldump --opt             wikidb > file.sql

but have a very different effect if we try to copy the dump to a new database like:

     mysql newdb < file.sql

The first one ignores the newdb and uses the original database name due to the presence of a using wikidb; in the dump file. The second one has no reference to the original database name so the copy succeeds.

As you might of guessed, the issue this week was due to using a dump file coming from the first command which overwrote the original database and caused the resulting havok. I'll be double-checking that in the future dump files do not have a using... clause when copying databases. -- Daveh 22:04, 25 August 2012 (UTC)

Lore Bestiary Pages

Shortly before the database update, there was another bout of nonsense-bot attacks on the Lore Bestiary A page. The edits have disappeared into oblivion, however this leads me to the conclusion that all of the Lore Bestiary and Lore Gods pages should be protected indefinitaly. Why, you ask, well they are consistently targeted by nonsense-bots and rarely touched by legitimate IP editors, outside of when new games are released of course.

You may consider it harsh and overzealous, especially for the Gods pages, which haven't been touched since the last serious cases in mid-June, also the last time I remember seeing the bots. Consider though that it was a few months in-between that and the last lot in April, and it may be that it's about to happen again. The Silencer speaksTalk 01:51, 22 August 2012 (UTC)

I'm unwilling to do this, especially for the bestiary since I can't even remember it ever being the target for one of these sprees except for the example you mentioned (which has been removed from site records. The bestiary at least gets a ton of good edits to it, often from anonymous and new users as well (despite your statement saying otherwise). Updating those pages is just one chore that many registered users never get around to doing, but anonymous or new users seem to love. More importantly, the spam that targets these pages is generally resolved by just temporarily protecting the ones the spammers are going after. The spam that these pages get is a minor annoyance that we've always been able to deal with. There is no real reason to restrict access to these pages as of now. --AKB Talk Cont Mail 16:38, 23 August 2012 (UTC)

Spammer IP Blocking Consequences?

When blocking spammers, I've just been leaving the default settings for "Block IP Address" and "Prevent Account Creation" on, as has everyone else so far as I've seen. With the sheer volume of spammers we've been blocking lately, I'm slightly worried that all these blocked IPs might actually start having an impact on legitimate users. Are IPs blocked permanently if you choose "Indefinite" for the block time? Because IPs can be shared, and it's possible a legit user might be assigned an IP that was previously blocked because it was used by a spammer, possibly years ago if they're permanent. Such a user would not get any warning or block notice, because the notice was placed on the spammer's user talk page, and not the IP's user talk page. Thus they'd have no indication of what to do to appeal the block, and no idea why they were prevented from creating an account. Which means we'd have no way of even knowing that they were having a problem. There could be thousands of silent victims who can't even complain because their IPs are blocked. (There probably aren't that many, but there might be some.) Is there some way of dealing with this without compromising the security of the site by allowing more spam? (We're pretty swamped as it is, the last thing we need is more.) Just curious what the unintended consequences of all this might be... --TheRealLurlock Talk 12:57, 22 August 2012 (UTC)

I've worried about this as well. However, I'm not entirely convinced that the IPs in question are likely to be used by a genuine user. If a lot of these spammers IPs can be tied back to say, China, I doubt that those IPs will ever see use for much else but spamming. If the spam is originating from an English speaking nation, then we might have a bit more of an issue. As for how many IPs have actually been blocked, we've been averaging somewhere around twelve blocks a day, with us dealing with this for somewhere around a month. So we're probably looking at less than one-thousand possible cases (unless we drag in each account that's been blocked permanetely into these numbers) of users who might be denied the ability to edit due to their IP previously being used to spam. Or maybe I'm drastically underestimating these numbers, I'm not entirely sure. --AKB Talk Cont Mail 16:38, 23 August 2012 (UTC)
Reading over WP:IPBLENGTH might give us some ideas for guidelines, though I don't propose adopting those guidelines exactly since we don't have as many Admins, and our ratio of vandalism to legitimate edits, especially from certain areas of the world, is probably a lot higher. I'd suggest maybe limiting IP blocks to 6 months or a year, and only going longer or indefinitely if the vandalism is repeated from that address. Another consideration would be open proxies, some of which may expire (e.g., some Tor users). Tor itself should normally be handled by the Tor blocking extension, but for other open proxies, we might have to do some research. I think most of them are at fixed IP ranges, though, so I'd have no issues with a policy of indef blocking all open proxies. Robin Hoodtalk 17:51, 23 August 2012 (UTC)
The problem is that when you block an account, it automatically blocks that account's IP as well, and I don't think anyone's actually keeping track of what those IPs are, so that the IPs can then be unblocked after 6 months/1 year. It would be quite annoying to have to go through every single block ever, determine if it's older than X, and then run a CheckUser on it to find it's IP and unblock it if appropriate. At any rate, this seems like the sort of thing that should be automated somehow. If we get a bot with Admin and CheckUser rights to go through the Block Log every couple of months and remove out-dated IP blocks (while of course leaving the accounts themselves blocked), it would pretty much eliminate this potential problem. (Assuming that CheckUser even works if an account's edits have all been deleted. If not - gah, that sucks, because it would mean that the blocking Admin would have to run the CheckUser BEFORE deleting the page and record the IP somewhere so it could be unblocked later - more extra steps I'm really not crazy about having to do every single time.) I hope there's a relatively pain-free way of dealing with this that doesn't add too much work on our part, because it's already pretty annoying how many steps you have to do per spammer. (I'm debating whether even the block notices are necessary for obvious spammers, as they're never going to actually look at them anyhow, but whatever.) --TheRealLurlock Talk 12:27, 25 August 2012 (UTC)

I've changed the $wgAutoblockExpiry to 3 months as discussed. If this needs to change just let me know. Its not a big deal to have it changed. -- Daveh 00:36, 31 August 2012 (UTC)

"Filez.zip"?

A few hours ago, File:Filez.zip has been uploaded without any description. Anyone knows what the user is up to? I watch it moving down the recent changes list and just want to point it out. --Holomay 14:36, 22 August 2012 (UTC)

Well it seems to be his face.Or some other man's.I thought it was odd too.His ink to it on his user page says,"This be me."--Skyrimplayer 14:38, 22 August 2012 (UTC)
The portrait image is a separate file. —Legoless 15:47, 22 August 2012 (UTC)
Looked inside the archive. Two screenshots of Oblivion graphic bugs, 4 related text files: logs, inis, reports.--Tesseract 256 15:56, 22 August 2012 (UTC)
Only other edits from this user are in Daggerfall space, so I don't know - most of the .zip files I've seen uploaded to the site are Daggerfall-related, and I tend to ignore them. Probably should do something about this - if nothing else the name of the file is very much not-descriptive and needs to be changed, assuming it isn't simply deleted. I'll leave a message for them just to see if they've got an explanation of some sort... --TheRealLurlock Talk 18:52, 22 August 2012 (UTC)

Help!

Sorry to bother everyone but a vandal just swore on my talk page without signing and pinned it on me and I dont know what to do so please can someone help me! He changed the word after I raised the alarm but please can someone intervene! --Oblivion Dude 20:11, 24 August 2012 (UTC)

Calm down.I don't think he was really blaming it on you.Plus,even if he did blame it on you,we could see who actually said it.Second,check this out.--Skyrimplayer 20:14, 24 August 2012 (UTC)
Are you sure? Sorry I just panicked. Guess I better delete this page then...
(edit conflict) Swearing is not altogether a bannable offense, and I doubt Billy meant to vandalize your page in any way. To be honest, I can't actually decipher your conversation. Anyway, it can be seen in the history who said what, and we have an {{unsigned}} template if you wanted to add that to any unattributed comments. Please remember to Assume Good Faith. Vely►t►e 20:16, 24 August 2012 (UTC)
Ummm...so??? — Unsigned comment by Oblivion Dude (talkcontribs) at 20:53 on 24 August 2012 (UTC)
What do you mean?--Skyrimplayer 20:20, 24 August 2012 (UTC)
What do I do now?--Oblivion Dude 20:22, 24 August 2012 (UTC)
About this whole thing?If I were you,I'd apologize to Billy and remove that comment you directed to me on his talk page(the last one).At least that's what I'd do.--Skyrimplayer 20:26, 24 August 2012 (UTC)

() I think I deciphered what he said. Billy said he can look on the RC for things to do and to watch for "shit trolls" and such. Admittedly, that's not the way I would have worded, especially when talking to a new user, as such language gives Oblivion Dude a bad first impression of the site. However, I don't think Billy Heart-Daedra was trying to do anything malicious towards him, and punishing him for such a small thing seems, in my opinion, to not be very productive. ES(talkemail) 20:46, 24 August 2012 (UTC)

Yeah, while it wasn't the most appropriate comment, it's not violating any rule. There is no formal policy against the use of profanity in comments (as long as its not directed towards a user), at least that I'm aware of. If you don't want the conversation on your talk page, just remove it. --AKB Talk Cont Mail 20:50, 24 August 2012 (UTC)
I didnt want him to be punished anyway... So are we allowed to swear on this site?--Oblivion Dude 12:25, 25 August 2012 (UTC)
Please try to be mature about it, and follow etiquette. —Legoless 12:27, 25 August 2012 (UTC)
No swearing then, got it.--Oblivion Dude 12:29, 25 August 2012 (UTC)

Should we have an official Welcoming Committee?

I personally think the welcome messages are not all that useful, but given some recent events, it seems like it might be worth putting in a policy that only long-term, trusted users be allowed to give out welcomes. Of course, there's nothing we can do to stop newbies from posting welcomes, but we can at least point to a policy page when we tell them to stop. It just seems to me like somebody who's only been an editor for less than a month shouldn't be the one representing the site to other new users. Also, it would discourage absurdities like posting welcome messages for spam bots and anonymous IPs with only one edit. --TheRealLurlock Talk 13:03, 25 August 2012 (UTC)

I don't see the need for restrictions. Posting a welcome message is harmless. Not many senior editors take the time to post welcomes, so I'd accept all the help we can get. A "welcoming committee" might be a good idea, but not to reduce the amount of welcome messages. Rather, it might be a way of encouraging more active welcoming, as I've noticed a large amount of legitimate users who never get the message. The bot approach has been discussed before, but it would remove the need to patrol the edits, while also keeping the Recent Changes unclogged and freeing editors to do something more productive with their time. —Legoless 13:42, 25 August 2012 (UTC)
A bot could do welcomes fairly readily, I think. Since the only bots we have running currently are all on-demand bots, welcomes would tend to come in waves rather than shortly after the user first posts. (Much like the namespace replacement or protection tasks I run now.) If we develop a server-side bot at some point, then it would be more timely, though honestly, I have no idea what's involved in that sort of thing...Dave and Neph are the only two that I'm aware of who have a good feel for that.
The only trick to having a bot do it would be distinguishing legitimate users from spammers. My suggestion would be a minimum of two edits which don't contain words with periods in them (i.e., most likely an external link). It's primitive, and would probably be fooled on occasion, but it should be adequate, I would think. Robin Hoodtalk 19:20, 25 August 2012 (UTC)
And now we have new users wondering why they're not getting a welcome message? WTF? Does anyone else get the feeling we're being trolled here? This is just weird... --TheRealLurlock Talk 00:35, 26 August 2012 (UTC)
Wikia sites can have a bot auto-welcome anyone who makes an edit after their first edit, with an admin's signature attached. That might be why they wonder about not getting welcomes. Two of the three I've edited on have had auto-welcomes, TESWiki being one of them. Vely►t►e 16:09, 26 August 2012 (UTC)

() I find that bots are rather impersonal when it comes to welcoming. However, since the welcome message has been altered so you don't even have to write the user's name anymore, I don't think that welcome messages being personal is an issue anymore. I don't think we need to even worry about complicating this in case it welcomes a spammer. If the bot welcomes a spammer, we can just remove the welcome message to clear the page, or just ignore the welcome message entirely. --AKB Talk Cont Mail 17:43, 26 August 2012 (UTC)

I don't see a problem with using a bot besides the impersonal nature of it. However, I find it fun to scroll down the user creation log every few days and welcome those who have been missed. It's quite easy and never a large number, the most I ever did was 8 at one time. We are not overly burdened with newly editing legitimate users, with the spammers mostly being easy to spot. While there are users that will be missed, those who make a large number of edits, and have an interest in continuing, would not likely be missed. While we try to welcome all editing users, not all are interested in editing the site long-term, and would likely not read too much into the links given. So, while I'm not against such a bot being created (or an old bot being used), I'm in favour of leaving it as is. SilencerSpeak 01:12, 27 August 2012 (UTC)
I'm with TS here in that I'm not against using a bot, but would prefer leaving things as they are. Even if the standard message isn't as personal, it's still personal in the sense that one particular user took the time to post it. Anyway, I don't think the 'issues' which brought this up (welcoming spambots and anons, or new users asking why they didn't get a welcome message) would warrant a change in themselves, as these types of things don't really happen often— it just so happens that they've all occurred recently within a short time frame. In cases of users welcoming spambots, the appropriate course of action was taken— more experienced editors commented on the user's talk page to let them know why what they were doing wasn't wanted. In this particular situation, it had to be done more than once, but I think the chance of this happening again is quite small. As for the user who asked why they didn't get a welcome, Vely pointed out a good reason they might have expected it, plus I know from experience that when you see the welcomes on other user talk pages after joining but don't get one yourself, you start to wonder if you'll get one at all (I didn't receive a welcome until nine days and 30+ edits, and it felt like a long time to me... though it obviously didn't deter me from contributing regularly). Most new users are welcomed after they make a genuine edit, and I don't think there's many which get missed. Plus, I think if a user is really interested in getting the information provided in the message (or just simply being welcomed), they'll either find the information themselves, or ask somewhere. ABCface 03:30, 27 August 2012 (UTC)
I didn't really express earlier what I thought of a bot actually doing this sort of thing other than some of the technical points. I tend to agree with the last couple of posters that a bot welcome is a little impersonal, but more so than the personal touch, I think a real person doing it gives someone more of a sense that "if I need help, I can talk to this person". Yes, we mention mentors in the welcome, but probably a lot of people just skim it and don't notice the mentor program. Coupled with the fact that having one of the current bots do it would be irregular at best, I think as long as people are able to get to most of the new users, that's the better approach. Robin Hoodtalk 03:38, 27 August 2012 (UTC)
Late to the show as always, haha. I disagree that "impersonal" would be a reason to not do it, since "Hello, {{Subst:PAGENAME}}!" is about as impersonal as you could possibly get, seeing how the bot owner could simply give the bot a real sounding name and redirect the page to their own userpage for that human interaction... In theory anyways (ex: If I was the owner, I would just use ES or Snowmane as the bot account to match my signature and to the unobservant, I am the one welcoming them, although that's cheating ;) ).
On to whether or not the bot is actually needed, I have to side with the other users on that there are so few legitimate editors that a welcoming bot isn't needed. Maybe I would have sided with it 8 months ago, but the site's become quiet, so for the time being it's too much effort for too little gain. ES(talkemail) 04:22, 27 August 2012 (UTC)

Ip mix up or share?

So it came up in the UESP forums about when "edits" with an IP and you did not do it

Is it a mix up NOT your ip being the same? As someone here who is very highly regarded said or is it sharing the same Ip as the forum says when you go to any IP talk page? and I qoute "This is a discussion page for an anonymous user who has not created an account and must be identified by their IP address. IP addresses can be shared by several users and can change periodically. If you are an anonymous user and feel that irrelevant comments have been directed at you, please create an account or log in to avoid future confusion with other anonymous users. " Could it be both? If so should not this be shown, as the other person said its said here in these areas (comutiny portal) but he has not proven so yet. I just feel that if its the case that it is exsplain "right" in here then it should be out there as I dont see to many going to here to fix the problem or read up on why it happens and will take what the qoute above says to be ture.

Wolfy 18:25, 25 August 2012 (UTC)

We're on about a New Messages banner showing up, when the anon does not have any messages (or most likely a talk page at all). But instead they get sent to another IP addresses, where they are shown a block message. This is an issue with the wiki caching system, I believe. It is solved, as I said on the forums, by creating an account and keeping logged into that account. This works whether the wiki is doing this, or whether you are infact just sharing an IP address with someone. --kiz talkemail 18:36, 25 August 2012 (UTC)
The EXCAT topic can be seen here http://forums.uesp.net/viewtopic.php?f=42&t=32978
As you see, what he says is NOT what this guy says, he says they did edites, he never says if its his IP or not, he never said he went to an IP that was not his own just that he felt someone else was using the same IP.
My point how ever is if there is any truth to what you say is should not BOTH ne said then as so no one has to worry about IP bans as much as they do since, you claim its very rare. Wolfy 18:42, 25 August 2012 (UTC)
Inappropriate messages can come from either a reused IP address (which is rare) or from whatever caching bug it is we have (which is fairly common). We may want to consider adding both those possibilities to our notification message at the bottom of the page. Robin Hoodtalk 19:39, 25 August 2012 (UTC)

Okay, I have to wonder, who put the RARE one on the msg and not the more common? Seems... weird even if you only want to put one.

Wolfy 19:54, 25 August 2012 (UTC)

Most wikis don't suffer from the caching problem, so the default message doesn't include that info. Still, since we obviously have the problem, it would make a lot of sense to change the default message to include our own little idiosyncrasy. As you can see on the MediaWiki:Anontalkpagetext page, we haven't updated the text in over three years, and I don't think we were actively aware of the problem at the time it was last updated. Robin Hoodtalk 20:00, 25 August 2012 (UTC)

Page Protection

Can we get some protection on Oblivion:Meridia? For some reason, it's been targeted by nonsense bots repeatedly, and was even protected before for the same reason: history. ABCface 16:55, 28 August 2012 (UTC)

Done. I gave it a few months as editing on that page is sporadic, anyway. --AKB Talk Cont Mail 17:05, 28 August 2012 (UTC)

Username Change request

Hello. I would like to change my username from *deleted for privacy*. I have "moved" my userpage already. I was not sure of the procedure. I did get a message from The Silencer telling me that I can make the request here and you will move all my contributions etc with it. Let me know if I've broken anything and how to fix it. Maeve4444 (Renamed) 12:38 am, Today (UTC+1)

Done. For the record, you didn't actually have to move your userpage, since the rename feature automatically does that, but I guess it doesn't matter anymore unless you plan to change it again ever. (Heck, even I didn't know that - first time using that feature. I'd considered changing my own name to just Lurlock as it was supposed to be, because I thought someone had stolen my username. Turns out it was me, years before, and I'd just forgotten my old password. But I have a feeling that changing my name now would have major repercussions, given that I've edited like 90% of the pages on the site...) --TheRealLurlock Talk 00:13, 1 September 2012 (UTC)

I think we woke it up...

Maybe it's just the fact that it's Labor Day (in the US), or just a heavy spam day in general, but it seems like since the upgrade we're getting spammed more than ever. Are the usual security measures still working properly? (Captcha, e-mail confirmation of new accounts, spam blacklist) I thought the upgrade was supposed to help slow down the flood of spam, but it seems like it's just getting worse. My hammer is getting a little worn smashing all this stuff... TheRealLurlock (talk) 18:12, 3 September 2012 (EDT)

Everything that previously was setup should still be there. I'll double-check to make sure. We haven't implemented any extra measures yet, like the AbuseFilter extension. -- Daveh (talk) 18:13, 3 September 2012 (EDT)
There is a captcha when adding a link but it is just a simple "what is 78 + 5" type of question where as previously it was a full captcha. I'll see why its changed and get it back to normal. -- Daveh (talk) 18:16, 3 September 2012 (EDT)
I've re-enabled the original captcha on content1. Will do content2 eventually. The issue is that every time I touch the LocalSettings.php there is a huge lag spike on that server. I'll see if I can find a way of minimizing it but in the meantime I'll be greatly slowing down the rate of changes I make. -- Daveh (talk) 18:31, 3 September 2012 (EDT)

Abuse Filter

Since the upgrade is (mostly) working I've installed the latest version of AbuseFilter to try and help automate some of the monitoring/warning of bad wiki behaviour like spamming. Right now all admins have access to it but there is also a new abuseeditor group we can assign people to as needed. I would start trying it out slowly and create some test filters that do nothing but match whatever type of spam or other issues are common. Once a filter appears to work correctly a specific action can be assigned. You can also look at Wikipedia's AbuseFilters for a better idea of what is possible and how to make them.

Right now there are two link spam related filters setup for testing that provide a warning but do not ultimately prevent the action. A more obvious/ominous warning message would probably be helpful. -- Daveh (talk) 21:32, 5 September 2012 (EDT)

I don't know if it's supposed to work like this, but I can see an abuse log for every user, just like your tester here. I'm only autopatrolled btw. And it just warned me for this link. The Silencer (talk) 22:36, 5 September 2012 (EDT)
I'm using the default permission settings which can be easily changed, and I can add autopatrolled users to those who aren't warned about posting external link (or any other user group as needed). Feel free to change to current two filters if the are too permissive or too agressive. -- Daveh (talk) 08:53, 6 September 2012 (EDT)
According to SpecialPages, anyone can see the AbuseLog, so that is just a permissions thing. However, you shouldn't be warned for posting links like this. • JAT 22:47, 5 September 2012 (EDT)
There are two different filters.
  • The first one, the Link spamming filter, checks if the user is Autoconfirmed, and if not, then throttles them to posting 3 links within 20 minutes. If they post any more, then they are tagged as spammers.
  • The second one, the General External Link Filter, checks if the user is a Patroller or sysop, and if not, then just warns them.
You're triggering the second filter, so Daveh (or whoever has permission to change the filters), just add a line that allows Autopatrolled users through. • JAT 23:07, 5 September 2012 (EDT)
I can't figure any of it out, but welcome messages with the forum link are triggering the filter. Also I would suggest that we can trust User Patrollers when posting outside links. The Silencer (talk) 14:28, 6 September 2012 (EDT)
It's still appearing for me on welcoming people. I think the problem is that the user groups should be in small letters, like sysop is, while the newly added groups are in Caps. The Silencer (talk) 14:12, 7 September 2012 (EDT)
Yup, I noticed this and fixed the group name spellings. According to the tests on your edits it will no longer fire for you or any other auto patrolled users. -- Daveh (talk) 17:41, 7 September 2012 (EDT)

() The filter leaves me alone, but is still picking up on the external forum link in welcome messages. I've had a look through the filters on wikipedia and can't see any that allow links, for us, links containing uesp.net should be allowed. This may put off people from welcoming people, but Skyrimplayer at least is still going. Also there are two filters that I think would benefit the site, Common Vandalism and Large non-English contributions. The second one could be adapted for large edits (typically over 1000 characters) made less than 2minutes apart by spammers. Also the blacklist may be interfering with the abuse filter by stopping the links, but not the rest of the spam from appearing, thus the filter doesn't see any links in order to tag them. The Silencer (talk) 12:46, 8 September 2012 (EDT)

The "possible link spam" tag shows up when a template added to a page has an "external" link (full URL), such as the {{speed}} template. Thus, any regular editor marking a page as spam triggers the filter. Is it possible to make the filter exclude certain links? Vely►t►e 22:19, 9 September 2012 (EDT)
It is supposed to ignore all internal "uesp.net" links but I guess it isn't. I'll have to fiddle around more with the filter and see if I can make it work better. -- Daveh (talk) 20:26, 10 September 2012 (EDT)
Somehow this edit was marked as spam, despite having no links. I tested out a few things (ellipsis and triple question marks), and posted the same content, but didn't trigger the filter (on an account that had no privileges). Additionally, the log says that that user posted on the page Shivering talk:Vampire Lord, which is entirely the wrong namespace. Additionally, there have been edits tagged as link spam on Shivering talk:Tsaesci (race), Shivering talk:Helgen Homestead, and Shivering talk:I Done Got Thaned!--again the wrong namespace. Somehow Skyrim and Lore become Shivering in the log; possibly any namespace aside from User and UESPWiki. Vely►t►e 19:17, 10 September 2012 (EDT)
This seems the correct section... Seems I triggered Filter 5 for "abusive language". tracked it down to the previous page-poster's name above my post. That poster's name contains a proscribed word (won't write it here for fear of being summarily blocked). Also, either the filter or the read script flagged the wrong offending page (Shivering talk:Spells rather than Skyrim talk:Spells which mirrors a previously noted error). I'm wondering how many anonymous users have been incorrectly flagged... 69.106.51.108 19:45, 21 September 2012 (GMT)
Oh jeez, I see what happened. Thanks for the heads-up! I'll fix it right away. • JAT 19:52, 21 September 2012 (GMT)
I was worried that might happen. The filter checks for abusive language in added_lines, which for some reason includes the line directly before it. I changed it to check for abusive language in a slightly different way, and I also added a whitelist for legitimate words/names that would otherwise set off the filter (like "Dickson"). • JAT 20:33, 21 September 2012 (GMT)

Request to edit protected page

Can an Admin please copy the updated version of addsince.js from my sandbox to UESPWiki:Javascript/addsince.js. The current version doesn't work with 1.19. Thanks! Robin Hoodtalk 16:04, 6 September 2012 (EDT)

Done. --AKB Talk Cont Mail 21:10, 7 September 2012 (EDT)
Thank you! Robin Hoodtalk 21:31, 7 September 2012 (EDT)

Spambot Accounts

As can be seen in both the User Creation Log and the Recent Changes, account creation is exploding, and the vast majority of accounts are not legitimate. Is the new Captcha easier to bypass or something?

Now that the wiki has been upgraded, we need to look into using email verification for creating accounts. Fears that this will turn away many users is outdated, as nowadays anyone can create an email account through Gmail, Hotmail, and countless other websites. I'm afraid that this may turn away some of our youngest viewers from creating an account, but the number of spambots is reaching a critical mass, and if we don't act soon then they'll flood the wiki. The bots are getting smarter, and it's only a matter of time before they start using spam hyperlinks as account names. Another solution could be to implement our AbuseFilter and block gibberish names, but many spambots use non-gibberish names, and such a filter could always fail by blocking a legitimate username.

I think we should discuss this now while Daveh works out the kinks in the wiki's custom code, so that we have a solution prepared for him when he finishes. I know that many users here hate the idea of email confirmation, but it's important that we act now. Another alternate solution would be to allow users to block others based on their username, but I'm worried what implications that might have. Either way, we need to do something. • JAT 03:16, 7 September 2012 (EDT)

I remember back in July, this was brought up, and RH70 mentioned this. The gist of it seems to be that you can't edit without a valid email confirmed. I assume anonymous editing might be cut out if it was implemented, but surely a nice notice when you go to post saying something to the effect of "In response to an ever increasing assault by spambots, all editors are required to register an account and provide a valid email address to prove they're human" wouldn't be a problem? I completely read that wrong. In my defense, it's coming on 4AM. What it does is say you need an email to post URLs, not post in general. It's a tad extreme, and would probably work best as a short-term thing, but I agree that SOMETHING needs to be done. Snowmane(talkemail) 03:24, 7 September 2012 (EDT)
That website had a different spam problem than we do. They have an issue with spambots uploading images and adding spam in the summary. We, however, have bots that create fake accounts and create spam-filled User or User_talk pages. As I mentioned above, a potential risk is that we'll block out legitimate users from creating accounts. However, this only affects a very small proportion of users; also, don't forget that many, many people log in to Facebook using an email address. If they are really desperate, then they can likely ask their parents to borrow their email address, or they make their own. The entire basis of this solution is that it does not affect anonymous editing. The only thing it affects is account creation.
The page that Snowmane linked to discusses another, similar implementation. It uses an email-confirmed user group, and any users not in that group cannot edit. The only difference is that it allows them to create accounts, but they are unable to edit if they haven't confirmed their email address. • JAT 04:10, 7 September 2012 (EDT)
I'll double check but I'm pretty sure that all of the recent spam accounts actually have their e-mail verified. I've been looking for patterns in the e-mails and IP addresses but in the few I've looked at there hasn't been anything obvious. It should be pretty easy for me to dump all the blocks in the past few months into a spreadsheet and see if anything shows up in larger numbers. -- Daveh (talk) 08:29, 7 September 2012 (EDT)
I just created a brand new account, had to pass a captcha in order to create it, but did not insert my e-mail into the optional box. I immediately created a new userpage, and posted an external link without any captcha, any e-mail confirmation, or any other warning. What happened to Autoconfirmed Users being the only ones allowed to post external links? Is that how it is outside of Userspace? If so, it should be implemented in Userspace as well. There's also the idea brought up in past discussions about raising the bar for Autoconfirmed Users, I think the consensus was to do so, but nothing ever came of it. — ABCface 08:48, 7 September 2012 (EDT)
Strange...I tested it before and after the upgrade (with another account) and I got both a captcha and the AbuseFilter warning. I believe I was on the sandbox so perhaps there are different rules for user or talk pages. I'll check tonight. Has most of the recent spam been on the user or talk pages of new accounts? -- Daveh (talk) 10:35, 7 September 2012 (EDT)
Yeah, I'm thinking the Userspace might have different rules set up. And yeah, I'd say at least 95% of our recent spam issues are on user and user talk pages.
Oh, and here's the post I made on that other username, only one minute after creating the account. — ABCface 10:36, 7 September 2012 (EDT)
Okay, I know why you didn't set off either filter. The filter checks for http://, but you posted a link with https://. If we think it's necessary to fix this, then Daveh (or whoever has the rights to do so), under both the Link spamming filter and General External Link Filter, replace the following line:
(count("http://", string(added_lines)) > count("http://", string(removed_lines))) &
With this line:
((count("http://", string(added_lines)) + count("https://", string(added_lines))) > (count("http://", string(removed_lines)) + count("https://", string(removed_lines)))) &
This will check for both http:// and https:// hyperlinks, and ensure that they don't try swapping out a genuine link (such as in a discussion or on someone else's user page) with a spam link. • JAT 21:51, 7 September 2012 (EDT)
I doubt this will have much of an effect - sure it's a possible security hole, but not one the spam bots seem to be using. Almost none (possibly none at all?) of the spam links have been https:// links. I mean, can't hurt to fix it, but I don't think it'll make any difference. TheRealLurlock (talk) 07:35, 8 September 2012 (EDT)


Update -- For some reason the abuse filter wasn't working just now so I changed how it detects links a bit which appears to work. We can let it run for a few days/weeks and see what ratio of spam/valid links it catches. If it appears to work well we can easily switch the filter from "warn" to "prevent edit" or even "block". -- Daveh (talk) 08:51, 8 September 2012 (EDT)

Update 2 -- I dug into the data a little bit and while there's no obvious patterns there may be a few things that can help to stem the flow of this type of spam:

  • User Name -- No clear patterns. There are a few repetitions in the real name field but nothing practical for the most part.
  • E-mail -- A few minor repetitions and patterns but nothing too useful here again.
  • Authenticated E-mails -- About 1/3 to 1/2 of the recent blocked accounts have authenticated e-mail addresses.
  • Edit Count -- About the only useful statistic is that all the recent blocked accounts have an edit count less than 10 and most (~99%) of them are 3 or less. I believe limiting the posting of external links to users with a minimum edit count was brought up recently and with the recent upgrade we can use the AbuseFilter to enforce this. We should also be able to exclude internal UESP links which occur regularly.

My recent attempts at getting the AbuseFilter working weren't completely successful and I've given Jak access to it as I still have a bunch of upgrade bugs to track down and fix. If anyone else wants access (and can justify it at all) just let me know. -- Daveh (talk) 00:06, 13 September 2012 (GMT)

I've fixed the General External Link Filter, and so far it hasn't detected any false positives. I'm trying to set up a new filter that detects multiple large edits made to the userspace at one time, but so far it won't trigger. It detects the bulk edits just fine, but it doesn't seem to know how many times it's been detected. • JAT 14:45, 13 September 2012 (GMT)
Edit: Since there aren't any major commonalities between the bulk spammers that won't set off a lot of false positives, I set the bulk spamming filter to simply warn non-Autoconfirmed users that make large edits to userspace. The warning message explains that a user making a large userspace edit as one of their first edits is a possible indicator of spam. In addition, by request of Alphabetface (and I'm sure many others out there), I created a Targeted Spam Filter that will detect specific phrases in the spam, particularly "Louis Vuitton". Again, this only checks if the user is autoconfirmed. If any spam gets through the filter, or the filter gets a false positive, then please let me know, so I can fix it. • JAT 15:27, 13 September 2012 (GMT)
If nobody else wants access, I'll volunteer, but it's not something I really see myself getting into a lot. I'd see myself more as a backup to revert or tweak filter changes if we suddenly discover there's a major problem while you two aren't around. Robin Hoodtalk 18:32, 13 September 2012 (GMT)

Spam

This and this need to be blocked. Thanks, admins. — Unsigned comment by SkoomaManiac (talkcontribs) at 11:06 on 12 September 2012‎

Way ahead of you. But still, thanks ~ Dwarfmp (talk) 14:02, 12 September 2012 (GMT)

User:LeonorWall should probably be blocked for spamming an external link into the midst of a user talk page . [1] --Alfwyn (talk) 02:24, 14 September 2012 (GMT)

Gave a temporary block, posting a block notification momentarily. — ABCface 02:36, 14 September 2012 (GMT)

Keep forgetting my username.

Can any of you look up my username via an email address or something? My terrible memory keeps getting the better of me and by the time I get it figured out I'm going to forget why I wanted to login in the first place. Thanks for any help.-Rich-216.222.66.2 17:31, 13 September 2012 (GMT)

Hi Rich! I think you should have gotten a confirmation email when you created your account. Do you still have that? If not, let me know and I can try and dig around for you. eshetalk 18:19, 14 September 2012 (GMT)
Eshe, I meant to edit this but I finally (after many attempts) got it. Thank You though and sorry for the clutter.--FubarFrank (talk) 18:39, 14 September 2012 (GMT)
Not a problem! Glad you figured it out—I have that happen to me all the time with all my work accounts, so I totally get it ;). eshetalk 18:54, 14 September 2012 (GMT)

Admin Request

Subsequent to the update of MediaWiki:Common.css, can an Admin please do the following:

  1. Remove: <pre style="width:; white-space:-moz-pre-wrap; white-space:-pre-wrap; white-space:-o-pre-wrap; white-space:pre-wrap; word-wrap:break-word; ">body.page-Main_Page #contentSub { display: none; } This should fix the spacing issue with everything being moved right up against the top of the page, and the issue of not being able to click on the tabs in some browsers.
  2. Replace the Main Page with the copy from my sandbox. This should fix some minor formatting issues, where the top box is currently slightly larger than the ones below it. Robin Hoodtalk 21:36, 14 September 2012 (GMT)
Done. —Legoless (talk) 21:42, 14 September 2012 (GMT)
Thanks, looks good! Robin Hoodtalk 21:53, 14 September 2012 (GMT)

ActiveUsers > UsersEditCount

This page was seized by the wiki upgrade and has another purpose, the new page at UsersEditCount does the same thing, but I don't know if it uses the documentation found on the Configuration page. Some help please. Golden SilenceBreak the Silence 22:01, 14 September 2012 (GMT)

The original Active Users page was an extension Nephele designed, I believe, and the doc page was just a "how to install" page. I think at this point, the docs can probably just be proposed for deletion. Robin Hoodtalk 22:14, 14 September 2012 (GMT)

Problems with Dunmer NPC Page

When I'm on the first page of Dunmer NPCs and I click on the "next 200" button, I'm just redirected to the first page with this link: http://uesp.net/w/index.php?title=Category:Morrowind-Dunmer&pagefrom=Brilnosu+Llarys#mw-pages. Could somebody fix this? — Unsigned comment by 152.30.221.136 (talk) at 20:31 on 15 September 2012

This is a problem with the wiki upgrade, and is currently being looked into. Sorry for the disruption you are encountering. Golden SilenceBreak the Silence 20:34, 15 September 2012 (GMT)
It's ugly as sin, but if all you need is a non-interactive listing, use the following link:
http://uesp.net/w/api.php?action=query&list=categorymembers&cmprop=title&cmlimit=500&cmsort=sortkey&cmtitle=Category:Morrowind-Dunmer&cmstartsortkeyprefix=
To continue from a certain name, enter the first few letters at the very end of the link, for example:
http://uesp.net/w/api.php?action=query&list=categorymembers&cmprop=title&cmlimit=500&cmsort=sortkey&cmtitle=Category:Morrowind-Dunmer&cmstartsortkeyprefix=din
You can change the "cmtitle=" part of the link to use a different category. I know, it's not pretty, but it'll get you there for now until we figure out how to fix the problem. Robin Hoodtalk 23:43, 15 September 2012 (GMT)
Better still, just click the "Next 200" button as normal, then alter the URL to change "pagefrom" to just "from". Robin Hoodtalk 04:06, 1 October 2012 (GMT)

Strange Emails

Earlier, I blocked this user for spamming links to external sites. Then, an hour ago, I received this email from that same user. Obviously I'm more than a little confused now, but also slightly worried, since this user doesn't seem to be automated or a bot, and has the abiltity to send messages to me, malicious or not. If spammers have the tools to send emails to the sites' editors, this could also grant them a new way to spread links and nonsense. Any ideas? Kitkat TalkContribE-mail 22:23, 15 September 2012 (GMT)

As long as a user has confirmed their e-mail, which Daveh says a lot of spammers have done, then they can send e-mails to other users who have given their e-mails. No ideas about how to prevent spammers from utilizing it though. Golden SilenceBreak the Silence 22:48, 15 September 2012 (GMT)
One of the block options for full Admins is to prevent a user from using the site's e-mail function, so if a user is harassing you or spamming via e-mail, just flag an Admin down. Also, whatever you do, do not respond. If you do, they can then reply to you directly rather than being forced to use the site; at that point, your only option will be to block them on your end. Robin Hoodtalk 23:10, 15 September 2012 (GMT)
Or, if you do respond, respond via the e-mail function on UESP for their username... they have to have it enabled in order to e-mail you in the first place. (Of course, I suppose someone could e-mail you, then disable it, but this is assuming they didn't... and also that you wish to respond in the first place). — ABCface 23:13, 15 September 2012 (GMT)
I blocked the user's e-mail capability, so they shouldn't be able to do that again. Surprising new tactic by this one - haven't seen too many spammers upload images or use the site's e-mail function before - hopefully this isn't the new thing we'll be seeing, because that's even more annoying than standard spammers, which are already bad enough as it is... (If it keeps up, can we prevent new users from uploading files? There's usually not much reason for that for first-time users anyhow.) TheRealLurlock (talk) 23:19, 15 September 2012 (GMT)
Even if you use the site to e-mail them, they'll still receive your registered e-mail address as part of the message. Robin Hoodtalk 23:28, 15 September 2012 (GMT)
Hmm, didn't realize that. I guess I thought it was hidden somehow. Nevermind then... — ABCface 02:24, 16 September 2012 (GMT)

Unused Accounts

Do we have a policy for unused accounts. I've noticed that a lot, and I mean a lot hundreds even, of accounts do not even have spam edits, they are just sitting there. Unless it isn't a problem in the long run, I believe we should do something about accounts that are a few months old but are never used at all. I do not mean inactive users, I mean users that have not even used the wiki, at all. Zero edits total. Thoughts?--Br3admax (talk) 01:00, 16 September 2012 (GMT)

Just because a user never edits does not mean they are inactive. There is a long standing caching issue with the wiki, and many of these accounts could be being used for getting around that issue. Also I have seen a few cases of editors saying things on their userpage like, "I recently decided to contribute to the site and found my old username from a few years back." Not a direct quote of course, but the gist of it is the same. Golden SilenceBreak the Silence 01:05, 16 September 2012 (GMT)
True, I just want to know if it will have an effect in the long run, many accounts are years old. I do know about Skyrimplayer's and Lurlock's cases, but these are the only few I've seen, though. --Br3admax (talk) 01:44, 16 September 2012 (GMT)
It's a common courtesy to not delete inactive accounts. Keeping them around isn't an issue. —Legoless (talk) 01:42, 16 September 2012 (GMT)
Okay, I was just wondering if it was.--Br3admax (talk) 01:44, 16 September 2012 (GMT)

Bot Protection

For some unknown reason, the bot has suddenly picked up a rather large number of pages as requiring protection or simple header changes. These are all changes it should have made previously, but never has, so I'm guessing that something in 1.19's reporting is including pages it didn't used to. I'll be keeping my eye on it for a bit, but unless its estimate is grossly wrong at this point, I won't be able to be around for all of it (it's estimating 5 hours to completion). If anybody notices it protecting pages it shouldn't or otherwise misbehaving, just post to its talk page and it'll stop. Thanks! Robin Hoodtalk 18:33, 16 September 2012 (GMT)

Abuse filter request

Could someone with permissions add wikia.com as an exception to the filter? The filter's gotten at least two hits on that (one yesterday and another from Jimeee) and other people will mention it on talk/user pages. Also, could youtube be excepted on talk pages? I know a lot of people who post youtube links on articles are just linking to tutorials and it isn't wanted but also isn't spam, but links on talk pages could be acceptable. Additionally, if a new filter could be added for just youtube links, people posting them on articles could be given a notice to put it on the talk page instead (and make sure the video's relevant), which could actually be useful. In the past video fixes have been put on articles and then removed, but if they're put on the talk page, someone could watch it or reword the poster's information to put on the page, and it could be relevant. Here is a bugfix edit that was blocked due to the additional video link. Vely►t►e 15:01, 23 September 2012 (GMT)

Added wikia.com, youtube.com, and youtu.be to the filter. There is no easy way to confine YouTube links to talk pages only, because AbuseFilter identifies namespaces individually, so I'd have to specify Skyrim_talk, Oblivion_talk, Shivering_talk, etc. The easiest way to do that would be to create a new filter, but so far, users adding YouTube links to articles has been rare, and in my opinion, is rare enough that it can be dealt with on a case-by-case basis. • JAT 18:28, 23 September 2012 (GMT)

Contradiction of Protection

There seems to be a contradiction of protection when it comes to the main page. The main page and the current news of the news page are sysop protected, however the news articles are not protected at all, making somewhat of a mockery of the news protection. I would suggest that they are at least semi-protected for safety.

Beyond this there are the Featured Articles, Featured Images, Did You Know, transclusions, and the various images on the page. The Main Logo was actually vandalized recently showing that there are ways to affect the Main Page without touching it. For these pages, semi-protection would seem to be the best option, but this I leave in the hands of the sysops. Golden SilenceBreak the Silence 23:54, 24 September 2012 (GMT)

Yes, it should be protected, but that would mess with the Proposed News sub-page. I think that the proposed news, should actually be it's own page, this would clear out any problem of protecting the page without stopping any anons from proposing news. It also sets a clear place for users to edit the entire proposed page at once, but that is just my two cents.--Br3admax (talk) 00:02, 25 September 2012 (GMT)
(edit conflict) I agree that the various pages that are transcluded to the Main Page should have some amount of protection, and Semi- feels good. However, FA's shouldn't receive any kind of protection. Just because they are of a higher quality that the rest of the pages, doesn't mean they are absolutely perfect. The anons and new users shouldn't be prevented from editing the pages, unless it was a bot target, and it became necessary for temporary protection to prevent destruction. That is the only instance I can think of where it would make sense. Does the removal of the cat or summary from an image, like what was done with the main logo, affect the image in transclusion? I am not sure, but I don't believe so, so it would simply be a minor inconvenience to re-add that info if FIs have those removed. Well, perhaps, from the time the image/article is added to the main page, it could receive month-long semi-protection to last for the duration of the main page?
Logos, news and DYKs could be protected though, as it is typically only an admin, patroller, or other staffer (for lack of a better term) would would even be creating/modifying news, the logos are obviously our site's identifying trait. DYKs are just little amusing fun facts, and I see nothing wrong with leaving them unprotected, as someone may have something interesting to contribute.
Really, with the exception of important news/logos, I feel that in order to maintain the openness of the wiki for anons and new users, we have to accept possible minor vandalism as a side effect. Besides, patrollers and admins are quite quick to find and revert simple vandalism anyways. Eric Snowmane(talkemail) 00:19, 25 September 2012 (GMT)
As an aside to this, if we want to add protection to a lot of different pages, HotnBOThered can easily have groups of pages added to what it checks for protection—the only requirement is that the page names follow a clear pattern (or Regular Expression, for the programmers). So, for example, it can check and protect all pages that start with "UESPWiki:News/", but without a little more programming, it couldn't protect all pages in a given category. Robin Hoodtalk 00:41, 25 September 2012 (GMT)
The example merely shows that the images are subject to vandalism, the summary doesn't matter in the least, but uploading an image over it would have serious implications. The news page works fine as it is, the transcluded news is sysop protected while the proposed section is open, I'm pointing out the actual subpage articles themselves. Semi-protection while an article/image is on the main page would be a fair compromise. The DYK page is basically a subpage of the main page and needs proper consideration, as well as the others, as to the level of protection (from none to full) we extend to the Main Pages appearance. Golden SilenceBreak the Silence 01:01, 25 September 2012 (GMT)

User Name Change

I am wondering if it Is possible to change my user name and can I have it changed to Candc4FTW to match up with all my other accounts as I like to only remember one user name thanks --Candc4 (talk) 19:41, 29 September 2012 (GMT)

Sure, I can do that. I'll make the change now. eshetalk 19:45, 29 September 2012 (GMT)
Okay, it's done! All your user pages have been moved too. eshetalk 19:49, 29 September 2012 (GMT)
Thanks also just a question am I still a Userspace patroller just wondering??--Candc4FTW (talk) 19:57, 29 September 2012 (GMT)
Yep! All your rights transferred over with the name change :). eshetalk 19:58, 29 September 2012 (GMT)

Hearthfire

A reminder since Hearthfire is out on Steam that I'll be buying it for active admins/editors. Just e-mail me with your Steam username so I can friend you (my Steam name is Reorx_uesp) and gift you a copy. -- Daveh (talk) 12:16, 5 October 2012 (GMT)

Server Issues

For those who are noticing significant lag accessing UESP, it's because Content2 appears to be down at the moment. You can temporarily override the issue by changing "www.uesp.net" to "content1.uesp.net", but watch out...some links will try to bring you back to www. Robin Hoodtalk 04:03, 7 October 2012 (GMT)

While I haven't seen any obvious issues in the monitoring logs I did happen to catch content2 doing something at lunch today. I still don't know what the actual issue is but content2 was not accessible from the Internet and vice-versa but I could access content2 from within our intranet. It appears to be some sort of network issue and is not an obvious DoS or load issue. I've taken content2 out of the Squid rotation for now so it "shouldn't" affect the main site while I diagnose it further. -- Daveh (talk) 22:34, 9 October 2012 (GMT)
I received the following several times. In case it's helpful at all, here is the text that was returned:
ERROR
The requested URL could not be retrieved
While trying to retrieve the URL: http://www.uesp.net/w/index.php?
The following error was encountered:
Unable to forward this request at this time.
This request could not be forwarded to the origin server or to any parent caches. The most likely cause for this error is that:
The cache administrator does not allow this cache to make direct connections to origin servers, and
All configured parent caches are currently unreachable.
Your cache administrator is webmaster.
Generated Sun, 14 Oct 2012 08:15:10 GMT by squid1.uesp.net (squid/2.7.STABLE9) [EOM] --JR (talk) 02:41, 15 October 2012 (GMT)

Deletion Policy Page

I revised UESPWiki:Deletion_Policy. I hope I only improved its readability. I flag it here so someone might make sure I did not inadvertantly actually change a policy. --JR (talk) 02:46, 15 October 2012 (GMT)

I'm not going to mark it patrolled so that another set of eyes can glance over it to make sure as well, but it looks good to me. Eric Snowmane(talkemail) 04:10, 15 October 2012 (GMT)
I went over the edits you made, JR—by and large the changes you made were good, but I restored a few things from the old version (most importantly the bold text in that big numbered list) that I felt were a bit clearer. Anyway, thanks for combing through the page! A lot of times those policy pages just sit and just and no one ever touches them, so it's nice to see people taking time to update them :). eshetalk 15:45, 18 October 2012 (GMT)

Bug with sortable tables + colspan

Probably a minor thing, but the tweak we did to make sortable tables work with combined cells has a bit of a glitch. If there is a colspan in the header, and a sortable column after it, clicking that column's sort button will sort by the previous column. See below:

Header1 Header2 Header3
Azura 42 this Elephant
Boethiah 69 column Mastodon
Sheogorath 36 shouldn't Horton
Hircine 24 be Mammoth
Nocturnal 99 sortable Dumbo

The same goes for any other columns to the right of the colspan. Not sure how easy this would be to fix, but if anyone knows how, it would be appreciated. (I wanted to use a colspan on the icon column of Oblivion:Daedric Quests, much as I did on the Skyrim equivalent, but it wrecked the sorting of the level requirement column.) TheRealLurlock (talk) 03:52, 16 October 2012 (GMT)

I think the class may be broken, but I found a solution. You have to add an invisible column after the colspan column, with the syntax:
! style="display:none" |
The class itself is either slightly broken or you simply discovered an oversight. Either way, this seems to be a workaround. • JAT 16:43, 16 October 2012 (GMT)
Well, at least there's a workaround - but should we consider trying to fix the class so that's unnecessary? It's kind of non-obvious, and I know I'll probably have to look it up again if I have to do something like this a month from now. Maybe something that just automatically inserts an appropriate number of invisible columns after any colspan in a table. Seems like it should be doable, but I don't know CSS very well. TheRealLurlock (talk) 01:51, 17 October 2012 (GMT)

Xbox 360

I Just wanted to mention that the Xbox 360 has received an Web Browser and may get edits through the web browser I know I'm using it. — Unsigned comment by Candc4FTW (talkcontribs) at 21:40 on 17 October 2012‎


Prev: Archive 27 Up: Administrator Noticeboard Next: Archive 29