Re: Wiki Abuse

From: Kinkie <gkinkie_at_gmail.com>
Date: Tue, 15 Jan 2013 11:12:17 +0100

On Mon, Jan 14, 2013 at 7:11 PM, Alex Rousskov
<rousskov_at_measurement-factory.com> wrote:
> On 01/14/2013 02:47 AM, Kinkie wrote:
>>> Can we grep the wiki data to locate those other user accounts?
>>
>> Yes, I found out that we can. It's 129 users total.
>> Amended plan: create a page to explain the account policy; post to
>> squid-users; preserve those 129, the editors, the admins, and whoever
>> answers from squid-users; remove everyone else with no other warning.
>>
>> Eliezer, Alex; you are right that it'd be nice to warn each individual
>> user personally, but:
>> - it's 28k of them. Out of those, I estimate 8k to be real (and the
>> estimate is VERY generous), at least 20k are drive-by spam attempts
>> - many of the users have probably fake or spoofed email addresses
>> (remember, no address verification is done), so the mail would be
>> unexpected to them, and even if only 10% answered, it's an excessive
>> amount of work.
>> - recreating an user account is a trivial matter (even though it now
>> requires an admin's intervention)
>>
>> I will keep the old user accounts around in case they are needed.
>>
>> Does the plan fly with you guys?
>
>
> If I understand your plan and estimates correctly, you want to
> inconvenience a few thousand of legitimate users, and we could expect a
> few hundred of those users to come back at you so that you can manually
> re-enable their accounts? In this case, I hope your estimates are wrong
> both because I do not think we should inconvenience so many without a
> very good reason, and because I do not want you to spend so much time on
> handling those manual cases.
>
> Can we remove non-editing users that did not register to receive any
> notifications? If yes, how many users will be left after that?

Hi Alex,
  I suspect we are saying the same thing: I wouldn't really
inconvenience users. Registering for an account on the wiki allows for
a few things:
- subscribe to page notifications
- customize quick-links in the user's profile
- with additional authorizations, edit the wiki

I would not touch users which have done legitimately any of the above
(some users have tried to XSS the wiki or to use their profile for
link-spam and would be removed).
After the cleanup, the wiki would contain about 400 registered users;
25334 users would be reverted to anonymous (doing so would have a
performance benefit for them, as they could use cached pages, while
registered users can't). I expect that the number of wrongly removed
users be in the units, a few tens at most.

--
    /kinkie
Received on Tue Jan 15 2013 - 10:12:36 MST

This archive was generated by hypermail 2.2.0 : Tue Jan 15 2013 - 12:00:06 MST