Last modified: 2012-03-16 15:26:21 UTC
Hello, It is possible to spam thousands of abusive moodbar feedback entries using a bot in moments (see <https://en.wikipedia.org/w/index.php?title=Special:Log&offset=&limit=5000&user=Superwikiman01&type=>). As the moodbar is not hooked up to the edit filter, it appears nothing can be done to stop this. Thanks.
It also ignores the spam blacklist, as further vandalbots are spamming racist conspiracy sites via the moodbar. Can a developer please temporarily disable this feature at least?
Indeed, this should be disabled until it at least takes into account the spam blacklist. We're talking about ~1k comments per minute.
It's been disabled now.
I suppose there are 2 parts to this. * Add a rate limiter * Make MoodBar work with anti spam tools...
EE team, please look into pragmatic approaches here. FD is currently disabled until these problems can be resolved.
(In reply to comment #5) > EE team, please look into pragmatic approaches here. FD is currently disabled > until these problems can be resolved. I believe, in the simplest form, a call to $wgUser->pingLimiter(), and preventing the action and displaying an error message would work. With no parameters, it will default to the the edit limiter, which probably want too bad. If you want to fine grain it a bit more, you can add your own type to $wgRateLimits (look in Default Settings), and limit it further. Should be enough to stop the mass spam, and get the Moodbar re-enabled, until you can add more sophisticated spam monitoring - I'd guess something like ApiArticleFeedbackv5->findAbuse() would be easily copied out and changed a bit to work with Moodbar
Fixed in -r113953 & -r113955
(In reply to comment #7) > Fixed in -r113953 & -r113955 Could you please set bugs to "resolved -- fixed" when you commit a fix? If we're worried that the fix is not yet deployed, we can use the "verified" state to communicate that.