Last modified: 2012-03-16 15:26:21 UTC

Wikimedia Bugzilla is closed!

Wikimedia migrated from Bugzilla to Phabricator. Bug reports are handled in Wikimedia Phabricator.
This static website is read-only and for historical purposes. It is not possible to log in and except for displaying bug reports and their history, links might be broken. See T37245, the corresponding Phabricator task for complete and up-to-date bug report information.
First Last Prev Next    This bug is not in your last search results.
Bug 35245 - Many thousands of submissions possible in minutes
Many thousands of submissions possible in minutes
Status: RESOLVED FIXED
Product: MediaWiki extensions
Classification: Unclassified
MoodBar (Other open bugs)
unspecified
All All
: Normal major (vote)
: ---
Assigned To: Nobody - You can work on this!
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2012-03-15 12:20 UTC by Reaper Eternal
Modified: 2012-03-16 15:26 UTC (History)
7 users (show)

See Also:
Web browser: ---
Mobile Platform: ---
Assignee Huggle Beta Tester: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Reaper Eternal 2012-03-15 12:20:37 UTC 
Hello,

It is possible to spam thousands of abusive moodbar feedback entries using a bot in moments (see <https://en.wikipedia.org/w/index.php?title=Special:Log&offset=&limit=5000&user=Superwikiman01&type=>). As the moodbar is not hooked up to the edit filter, it appears nothing can be done to stop this.

Thanks.
Comment 1 Reaper Eternal 2012-03-15 13:33:19 UTC 
It also ignores the spam blacklist, as further vandalbots are spamming racist conspiracy sites via the moodbar. Can a developer please temporarily disable this feature at least?
Comment 2 Snowolf 2012-03-15 13:57:23 UTC 
Indeed, this should be disabled until it at least takes into account the spam blacklist. We're talking about ~1k comments per minute.
Comment 3 Reaper Eternal 2012-03-15 14:06:20 UTC 
It's been disabled now.
Comment 4 Sam Reed (reedy) 2012-03-15 16:04:29 UTC 
I suppose there are 2 parts to this.

* Add a rate limiter
* Make MoodBar work with anti spam tools...
Comment 5 Erik Moeller 2012-03-15 16:13:59 UTC 
EE team, please look into pragmatic approaches here. FD is currently disabled until these problems can be resolved.
Comment 6 Sam Reed (reedy) 2012-03-15 16:26:29 UTC 
(In reply to comment #5)
> EE team, please look into pragmatic approaches here. FD is currently disabled
> until these problems can be resolved.

I believe, in the simplest form, a call to $wgUser->pingLimiter(), and preventing the action and displaying an error message would work.

With no parameters, it will default to the the edit limiter, which probably want too bad.

If you want to fine grain it a bit more, you can add your own type to $wgRateLimits (look in Default Settings), and limit it further.

Should be enough to stop the mass spam, and get the Moodbar re-enabled, until you can add more sophisticated spam monitoring - I'd guess something like ApiArticleFeedbackv5->findAbuse() would be easily copied out and changed a bit to work with Moodbar
Comment 7 bsitu 2012-03-15 20:54:51 UTC 
Fixed in -r113953 & -r113955
Comment 8 Mark A. Hershberger 2012-03-16 15:26:21 UTC 
(In reply to comment #7)
> Fixed in -r113953 & -r113955

Could you please set bugs to "resolved -- fixed" when you commit a fix?  If we're worried that the fix is not yet deployed, we can use the "verified" state to communicate that.
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.

Navigation
Links