Author: and1eternal1
Description:
Hello,
It is possible to spam thousands of abusive moodbar feedback entries using a bot in moments (see https://en.wikipedia.org/w/index.php?title=Special:Log&offset=&limit=5000&user=Superwikiman01&type=). As the moodbar is not hooked up to the edit filter, it appears nothing can be done to stop this.
Thanks.
Version: unspecified
Severity: major
and1eternal1 wrote:
It also ignores the spam blacklist, as further vandalbots are spamming racist conspiracy sites via the moodbar. Can a developer please temporarily disable this feature at least?
Indeed, this should be disabled until it at least takes into account the spam blacklist. We're talking about ~1k comments per minute.
I suppose there are 2 parts to this.
EE team, please look into pragmatic approaches here. FD is currently disabled until these problems can be resolved.
(In reply to comment #5)
EE team, please look into pragmatic approaches here. FD is currently disabled
until these problems can be resolved.
I believe, in the simplest form, a call to $wgUser->pingLimiter(), and preventing the action and displaying an error message would work.
With no parameters, it will default to the the edit limiter, which probably want too bad.
If you want to fine grain it a bit more, you can add your own type to $wgRateLimits (look in Default Settings), and limit it further.
Should be enough to stop the mass spam, and get the Moodbar re-enabled, until you can add more sophisticated spam monitoring - I'd guess something like ApiArticleFeedbackv5->findAbuse() would be easily copied out and changed a bit to work with Moodbar
(In reply to comment #7)
Fixed in -r113953 & -r113955
Could you please set bugs to "resolved -- fixed" when you commit a fix? If we're worried that the fix is not yet deployed, we can use the "verified" state to communicate that.