Re: Wiki Abuse

From: Kinkie <gkinkie_at_gmail.com>
Date: Sat, 19 Jan 2013 12:16:32 +0100

Hi,
   I've now performed the cleanup. There are now 360 registered user
accounts in the wiki.

On Tue, Jan 15, 2013 at 4:16 PM, Kinkie <gkinkie_at_gmail.com> wrote:
> Good. I'll cook up a mail to squid-users, explaining the situation and
> what to do for users who wish to retain their userid.
> I am tentatively scheduling the cleanup for next weekend.
>
> On Tue, Jan 15, 2013 at 3:57 PM, Alex Rousskov
> <rousskov_at_measurement-factory.com> wrote:
>> On 01/15/2013 03:12 AM, Kinkie wrote:
>>> On Mon, Jan 14, 2013 at 7:11 PM, Alex Rousskov
>>> <rousskov_at_measurement-factory.com> wrote:
>>>> On 01/14/2013 02:47 AM, Kinkie wrote:
>>>>>> Can we grep the wiki data to locate those other user accounts?
>>>>>
>>>>> Yes, I found out that we can. It's 129 users total.
>>>>> Amended plan: create a page to explain the account policy; post to
>>>>> squid-users; preserve those 129, the editors, the admins, and whoever
>>>>> answers from squid-users; remove everyone else with no other warning.
>>>>>
>>>>> Eliezer, Alex; you are right that it'd be nice to warn each individual
>>>>> user personally, but:
>>>>> - it's 28k of them. Out of those, I estimate 8k to be real (and the
>>>>> estimate is VERY generous), at least 20k are drive-by spam attempts
>>>>> - many of the users have probably fake or spoofed email addresses
>>>>> (remember, no address verification is done), so the mail would be
>>>>> unexpected to them, and even if only 10% answered, it's an excessive
>>>>> amount of work.
>>>>> - recreating an user account is a trivial matter (even though it now
>>>>> requires an admin's intervention)
>>>>>
>>>>> I will keep the old user accounts around in case they are needed.
>>>>>
>>>>> Does the plan fly with you guys?
>>>>
>>>>
>>>> If I understand your plan and estimates correctly, you want to
>>>> inconvenience a few thousand of legitimate users, and we could expect a
>>>> few hundred of those users to come back at you so that you can manually
>>>> re-enable their accounts? In this case, I hope your estimates are wrong
>>>> both because I do not think we should inconvenience so many without a
>>>> very good reason, and because I do not want you to spend so much time on
>>>> handling those manual cases.
>>>>
>>>> Can we remove non-editing users that did not register to receive any
>>>> notifications? If yes, how many users will be left after that?
>>>
>>> Hi Alex,
>>> I suspect we are saying the same thing: I wouldn't really
>>> inconvenience users. Registering for an account on the wiki allows for
>>> a few things:
>>> - subscribe to page notifications
>>> - customize quick-links in the user's profile
>>> - with additional authorizations, edit the wiki
>>>
>>> I would not touch users which have done legitimately any of the above
>>> (some users have tried to XSS the wiki or to use their profile for
>>> link-spam and would be removed).
>>> After the cleanup, the wiki would contain about 400 registered users;
>>> 25334 users would be reverted to anonymous (doing so would have a
>>> performance benefit for them, as they could use cached pages, while
>>> registered users can't). I expect that the number of wrongly removed
>>> users be in the units, a few tens at most.
>>
>> Sounds good to me.
>>
>> Alex.
>>
>>
>
>
>
> --
> /kinkie

-- 
    /kinkie
Received on Sat Jan 19 2013 - 11:16:46 MST

This archive was generated by hypermail 2.2.0 : Thu Jan 24 2013 - 12:00:08 MST