UESPWiki:Administrator Noticeboard/Archives/FIELD OTHER bot

FIELD_OTHER bot

Just thought I'd post something about this bot for the record. So far, most of these IPs have had one edit each, with two exceptions. Except for one of them, every IP has created posts with "FIELD_OTHER" as the subject line. (The ones that did multiple edits also did gibberish subject lines, but opened with a "FIELD_OTHER".) I haven't done an IP trace on these yet, though I doubt it will tell us anything helpful. Anyhow, if somebody wants it, here's the list of IPs so far: (add more as they occur.)

• 24.77.29.63
• 82.11.152.23
• 65.190.14.113
• 79.99.43.128 (2 edits)
• 71.239.157.66
• 201.6.3.241
• 68.193.137.137
• 70.64.254.82
• 85.234.133.252 (4 edits)
• 217.167.7.6
• 196.25.52.36
• 156.26.37.220
• 194.204.64.75
• 203.113.137.169
• 89.187.135.24
• 211.136.253.234
• 91.121.28.188 (did not follow usual M/O, may be a different bot.)
• 221.13.32.99 (2 edits)
• 190.216.249.4 (3 edits, didn't start with FIELD_OTHER, possibly different bot)

--TheRealLurlock ^Talk 10:10, 17 December 2008 (EST)

If this persists there seem to be ways to prevent it. See this for example. I don't believe we currently use the $wgSpamRegex Wiki variable. -- Daveh 11:09, 17 December 2008 (EST)

I don't really understand what posting a list of these IPs is supposed to accomplish. We already have such a list, at Special:Log/block -- every block listed as "Nonsense bot", which is pretty much every block made in the last day. The list happens to be substantially longer than the list posted here (46 at the moment in the block log versus 18 here), and also is more useful (for example, it provides automatic links to the IPs' contribution history). So why should we start a manually-created, incomplete list? Furthermore, information on how many edits were made by each IP doesn't seem useful: it's really just an indication of how quickly the IP address was blocked. Of course an IP only made a single edit if it was blocked ten minutes after making that edit. And, again, the information is incomplete, since it is not going to include any nonsense talk pages created by IPs, all of which are being speedily deleted and therefore don't show up in contribution histories. I also don't think that posting any new IPs on the list is going to help block the IPs any more quickly. At least from my point of view, I'm going to see the IP more quickly in the Recent changes list, where there's a convenient "block" link next to the IP's name; having to pull up this discussion just adds a couple of extra, unnecessary steps. So, unless someone can explain how this list is helping the process, I'm unlikely to be adding any IPs I block to the list. --Nephele^Talk 13:38, 17 December 2008 (EST)

I was going to do more (post trace results for the IPs, add contribs links, etc.), but I was pressed for time this morning. (The list doesn't go back further than yesterday because that was all that was still showing in my Recent Changes page.) I just know that we've done this sort of thing in the past with bots that post over an extended period of time - it helps keep track of all the IPs used by a given bot, as opposed to all IPs that have been blocked. These can then be used to track down and maybe report the bot to whatever authorities there might be that would care (not that I think there's much anyone could do, but it's worth a look) and to see if any pattern develops (all IPs being in a certain range, for example, or originating from a single geographical region - doesn't seem to be the case this time, but it doesn't hurt to look.) One pattern I did see is that the edits tend to occur in threes - 3 IPs in a row post nonsense on random pages. Not sure how that could be useful, but it seems to be a distinguishing feature of this bot.

Anyhow, this post was really intended more as a opening to discuss the recent bot activity, and it still serves that purpose. If that thing Daveh suggested is not too difficult, it might be worth looking into, as these attacks do appear to be happening with increased frequency lately. I still think my earlier suggestion of somehow requiring captcha for the first 5 or so edits from any new IP would be a very effective way of preventing these from occurring (without placing TOO much of a barrier for new editors). Of course, I still don't know if there's an easy way to do that, but it seems like there should be... --TheRealLurlock ^Talk 16:51, 17 December 2008 (EST)

I think it was only ever done before when no admin was around to block the offending IPs and the posters (myself included) didn't realise that it wasn't all that much help to the admins (this battle now immortalised as The Nineten Spam Battle thanks to Somercy is the one you're probably thinking of).

For the moment, I'm with Nephele: there's no point listing IPs here. There's nothing that can be done about this kind of attack since it almost certainly comes from a zombie network beyond the control of any one ISP.

As far as the captcha idea is concerned, why don't you post the results of the research you've done into the different possible methods? It's been quite a while since you suggested it so I'm sure you've found something by now. –Rpeh^{•T•C•E•} 17:05, 17 December 2008 (EST)

How about this? I know nothing about PHP, so that's the best I can do. Presumably that code could be modified to check the number of edits for an anonymous account so that it only happens when it's less than X. But I leave the programming research to people who actually know something about it. I just don't think it should be that hard to implement this... --TheRealLurlock ^Talk 18:05, 17 December 2008 (EST)

BTDTBTTS. –Rpeh^{•T•C•E•} 18:17, 17 December 2008 (EST)

Did you actually read the link I posted before dismissing it out of hand? Because I wasn't suggesting we go back to using ConfirmEdit. I was pointing out some code that somebody used with ConfirmEdit which according to this should probably work with reCAPCTCHA as well. Again, I don't know PHP, but when reCAPTCHA's own page suggests changes that can be made to the ConfirmEdit.php file, I think it's safe to assume that they function in a similar manner. --TheRealLurlock ^Talk 19:05, 17 December 2008 (EST)

The bot just hit Nepehel's user page. That's quite a coincidence.76.179.191.245 19:19, 17 December 2008 (EST)

Indeed it is. I'm still waiting for him to post a picture of his teenage sister in a bikini on Uniblab's User Page. --Tim ^Talk 19:24, 17 December 2008 (EST)

Lurlock, did you even look at what would be involved in making the change to do what you proposed before posting? Of course I read the link, which is how I knew that it had already been looked at in the past. I was subtly making the point that you saying, essentially, "someone should look at this" is of no help. Absolutely none. I've looked into it, I know Nephele has, and I'm pretty sure Daveh has too. You're therefore talking to the two people who wrote bots for the site and the guy who runs the whole shebang. So merely posting a link is just going to annoy people. If you have some concrete suggestions, please make them. So far, Daveh has made one suggestion that seems sensible, but in general it looks like we're on top of it. –Rpeh^{•T•C•E•} 19:49, 17 December 2008 (EST)

This is exactly why I don't usually post suggestions like this. Every time I do, you knock it down and belittle me. I'd appreciate a little more civility here. You first give me a backhanded insult (no subtlety about that) for not doing the research, and then when I do post a link, you put me down again - with just an acronym that basically says nothing - how am I supposed to know what that means? (I know what the acronym means, but I don't know what you're trying to say by posting it.) I've said numerous times that I'm not a PHP guy, so maybe the people that DO know PHP should be the ones doing the research? Don't make this my responsibility just because I had the idea. And when I post a link to code, don't just shoot it down with no explanation. Tell me why it won't work or don't say anything. You've been flatly pooh-poohing every idea I've had for several months now, and it's really getting to be annoying. --TheRealLurlock ^Talk 00:33, 18 December 2008 (EST)

You keep posting ideas that haven't been thought through, that's why. You added the prev/next params to the book header (unnecessary) and then half-finished the job of implementing them. You added Morrowind-specific parameters to the generic template before you added them to the Morrowind one, which is just incredible. This whole topic was started because you didn't think about the list that's maintained by the block log. And what's worst is that you're only doing all this to boost your edit count. I'm not going to quote the line from IRC that you used, but it makes it pretty clear that's your intention. I'm getting really annoyed at seeing your personal schemes being inflicted on the site with no discussion and no thought. You're supposed to be an admin, which means understanding the principles of consensus.

Your post basically said that you'd done your part with the suggestion and you couldn't understand why nobody had done anything about it. The acronym was a link that pointed out the extension you'd just Googled had already been tried. You hadn't investigated it, you hadn't done any research to see whether the add-in could be configured to do what you want, you just posted the link with a "job done"-style comment, leaving it to somebody else to see what was required.

I could go on. But I'll stop pooh-poohing your ideas when you post one that's worth the bandwidth it consumes. –Rpeh^{•T•C•E•} 04:34, 18 December 2008 (EST)

I'm going to respond to these accusations one by one: 1.) The prev/next parameter in the book header? I stopped adding them becuase you complained about it and I wanted to get some consensus before continuing to do so. Nobody else commented on the discussion, and I moved onto other things, but that was my intent. 2.) Adding MW-specific parameters to the generic tempate was done because the types of pages I was using it on were all small, minor locations which were the exact original intention of that template, but a few MW parameters were still needed on these pages. (There are probably some OB-specific ones that could be added as wel). I was considering using it on other pages and retiring the game-specific templates, but I didn't do so because I wanted to get consensus before making such a major change, and I did post such a suggestion in a public location. 3.) I was documenting the activity of a vandal bot. This has been done in the past, and we never had any discussion saying we're not doing it anymore because you can just look at the Block Log. This was just following precedant for how similar issues have been done in the past. 4.) I'm doing this to boost my edit count? That's just ridiculous. If I made any such comment, it was purely in jest. 5.) As for this whole link to ConfirmEdit stuff goes, I'll just state one more time: I know nothing about PHP. Thus telling me to do the research when I have no knowledge base to start from is a pretty ridiculous request. I found some code which according to reCAPTCHA's own site would work with either extension, and posted it so that those with a working knowledge of PHP could have a look at it and see whether it could be adapted to our needs. Obviously, I lack the skills to do so, which was why I was making the information available for those who can. But all I get is a harsh dismissal and baseless accusations. All in all, I don't see that anything I've done has been all that controversial, but you seem to have developped a personal vendetta against me for some reason, and it's hurtful. --TheRealLurlock ^Talk 09:23, 18 December 2008 (EST)

Rpeh, we are clearly NOT on top of this problem. If we were, we wouldn't have to be reverting the vandalism, we'd already have it stopped permanently. And I'm with TRL, I've noticed you constantly bashing many of his ideas. Daedryon^{•T•C•E•} 00:39, 18 December 2008 (EST)

On top of simply means it's not overrunning the site, which is what is happening on some other wikis. –Rpeh^{•T•C•E•} 04:34, 18 December 2008 (EST)

Ok, I see your point, but regardless, like I said earlier, you need to lay off insulting Lurlock now, as he's proven you wrong at all stops, and even proved that what he was doing with the MW stuff was stopped because of your complaining. I'm starting to see a pattern with you Rpeh, and I'm thinking I'd like to see you de-sysopped. Daedryon^{•T•C•E•} 15:00, 18 December 2008 (EST)

Daedryon, if you think you can turn a disagreement between two admins to your advantage, you are sadly mistaken. You were banned from IRC because you almost caused all UESPusers to be banned from it. Your attempts to make amends by swearing at another user and insulting them just made things worse. If you continue to spread falsehoods about the events, I will post the full logs of both your behavior and the fallout it caused. –Rpeh^{•T•C•E•} 03:11, 19 December 2008 (EST)

Posted a reply to the above on Rpeh's talk page Daedryon^{•T•C•E•} 20:54, 19 December 2008 (EST)