Perplex City Wiki:Discussion: Difference between revisions

From Perplex City Wiki
Jump to navigationJump to search
No edit summary
 
(9 intermediate revisions by 4 users not shown)
Line 4: Line 4:


==Site Upgrade==
==Site Upgrade==
Upgraded the site to MediaWiki 1.8.0 ([http://sourceforge.net/project/shownotes.php?group_id=34373&release_id=454486 Release Notes]).  As always, if you experience any issues with the software, let me know. -[[User:BrianEnigma|BrianEnigma]] 16:38, 10 October 2006 (PDT)
Upgraded the site to MediaWiki 1.9.0 ([http://sourceforge.net/project/shownotes.php?group_id=34373&release_id=477544 release notes]).  I merged the styles and customizations, but dropped the "community sites" dropdown because it's too hard to maintain (for technical reasons, I can't hot-link to the JavaScript, so have to make a local cached version and merge that into the wiki monobook skin.)  As always, if you experience any issues with the software, let me know. -[[User:BrianEnigma|BrianEnigma]] 14:38, 17 January 2007 (PST)
 
:Long list of bugfixes.  The only one wihch really jumps out at me as cool is the new [[Special:Imagelist]]  A bunch of other things are quite nice as well, but if you didn't notice a problem before, you won't notice it now either.  :)  Actually it seems like most of the new upgrades have to with the programming end of things, like PHP and stuff. Thanks fFor loving us, brian :Looks terrific :) [[User:Scott|Scott]] 23:03, 10 October 2006 (PDT)
 
I don't know if it's new or if I just had not noticed it before, but [[Special:Statistics]] looks new to me. -[[User:BrianEnigma|BrianEnigma]] 07:53, 11 October 2006 (PDT)
 
:Just not noticed before :) Unless they made some code edits - it's not a new page. --[[User:Skenmy|Skenmy]] 11:59, 11 October 2006 (PDT)
 
::Actually, yeah, the updates fFile says they added some stuff.  It now lists the most popular pages.  Also, I could be wrong here, but I think they improved how those stats are compiled.  I seem to recall they used to be compiled once evry X hours, to reduce server stress.  They now appear to be compiled in realtime, more or less.  I say without actually checking that.  anyway, it is quite good. [[User:Scott|Scott]] 15:18, 11 October 2006 (PDT)


== Collaboration of the Week? ==
== Collaboration of the Week? ==
Line 54: Line 46:


A spammer got through today, so I ended up rolling back his changes and extending the Spam Blacklist plugin to also process a local list of blocked URL patterns.  That list is at [[Meta:Spam Blacklist]]. -[[User:BrianEnigma|BrianEnigma]] 15:27, 16 October 2006 (PDT)
A spammer got through today, so I ended up rolling back his changes and extending the Spam Blacklist plugin to also process a local list of blocked URL patterns.  That list is at [[Meta:Spam Blacklist]]. -[[User:BrianEnigma|BrianEnigma]] 15:27, 16 October 2006 (PDT)
===Spam Plugin Stopped Working===
Our spam blacklist plugin stopped working, and I wasn't able to determine, in 10-15 minutes, why.  For now, I'm closing down the new user signed (i.e. reverting back to the "post your info on the Unfiction thread and we'll manually add you" method.)  Tonight, I'll have a bit more time to more extensively debug.  My thought is that this is related to Dreamhost silently upgrading their PHP version, which seems to have broken a number of things (including certain features of Wordpress.)
:So it turns out the spam blaclist plugin is working fine.  The spammers just got more smart.  The blacklist works by matching keywords on the domain name of a link (not on the text of the link because that could be anything.)  In the past, spammers have linked to domains with the spammy words in the URL.  Now, it seems they are hacking student accounts (lots and lots of pages at *.edu domains), putting spammy content there, then linking to the *.edu pages.  This doesn't kick off the spam filter because *.edu is always good, right?  ;)  I went ahead and added the hacked *.edu domains to or local list of bad links.  If it turns out that we really do need to link to a resource at one of those hacked *.edu domains, then we can handle it on a case-by-case basis. [[User:BrianEnigma|BrianEnigma]] 13:15, 12 June 2007 (PDT)
==Bad-Behavior Plugin==
Also, I installed the Bad-Behavior plugin, which works wonders on WordPress and should do pretty well with MediaWiki.  See: [[Meta:Spam Blocking]] [[User:BrianEnigma|BrianEnigma]]


== Title Template and Tiny Update ==
== Title Template and Tiny Update ==
Line 63: Line 63:


:Okay, I'm intrigued.  What would you do with it? [[User:Scott|Scott]] 19:21, 28 October 2006 (PDT)
:Okay, I'm intrigued.  What would you do with it? [[User:Scott|Scott]] 19:21, 28 October 2006 (PDT)
::He means that we could change the line that says '''Perplex City Wiki:Discussion''' above the contents box to something like ''Plz to be discussing wiki here, kthxbye!'', if we were so inclined.  I just used this to change the title on my User pages so my name has a small x instead of a capital one.  I thank [[User:Skenmy|Skenmy]] profusely for this, because that capital x was driving me batty. [[User:Xnera|xnera]] 13:16, 31 January 2007 (PST)
==Bloody vandals!==
OK Seriously ... any time there are more vandalizations than actual edits to the wiki, it is time to do something.  Brian, are we still setup to only allow admin-created users?  If not, I am going to suggest that is done.  Or perhaps set it so only admins can edit, fFor a time, maybe?  I dunno, but this is ridiculous. [[User:Scott|Scott]] 08:04, 9 July 2007 (PDT)
:Yep--only admins can create users still.  Unfortunately, the spammers came in and created hundreds (if not thousands) of accounts that still exist.  They can't add their spammy URLs, but they can (intentionally or as a side effect of whatever script they're using) remove stuff, which is exactly what they are doing.  The last time a spammer created fake accounts, they were pretty easy to spot--all upercase, consisting of 6 hex digits.  I even had a script (see [[Meta:Spam Blocking]]) to kill off those users.  I tried to do that this time, but found it would blow away a bunch of valid users/usernames, so didn't continue.  A snapshot of the list of possibilities is currently at http://perplexcitywiki.com/bad_users.txt although I now realize that I could probably kill off their passwords, then if the person is a valid user, they can have the password emailed to them.  Hmmm.... yeah... maybe I'll investigate that possibility... [[User:BrianEnigma|BrianEnigma]] 17:12, 9 July 2007 (PDT)

Latest revision as of 00:12, 10 July 2007

Perplex City Wiki Discussion Section

As this is a discussion page for the setup and layout of the Wiki, i've set up this page on here instead of the forums. Regular users of the Wiki should be able to join in the discussion on topics which affect the wiki.

Site Upgrade

Upgraded the site to MediaWiki 1.9.0 (release notes). I merged the styles and customizations, but dropped the "community sites" dropdown because it's too hard to maintain (for technical reasons, I can't hot-link to the JavaScript, so have to make a local cached version and merge that into the wiki monobook skin.) As always, if you experience any issues with the software, let me know. -BrianEnigma 14:38, 17 January 2007 (PST)

Collaboration of the Week?

I would like to propose adopting some of Wikipedia's projects--especially the Collaboration of the Week project. I'm very impressed with the wealth of knowledge that already exists in this wiki; however, many pages are outdated or stubs, and could use some serious work. Article writing is right up my alley; however, it seems foolish to tackle such a huge task myself. Besides, it'd be a lot more fun to work together as a group, article by article.  :) I'd love to see the wiki shine. Thoughts? xnera 08:42, 3 July 2006 (PDT)

fFollowing up, I still think it's a good idea. Actually, xnera, what you've been doing lately is probably the best/only way a COTW will really work. pick a set of pages, and improve en masse. like with the info boxes and suchlike. Uhm, I guess I don't have much to really say here except, you know, wheee. you're doing a fFantatsic job, you know :) the wiki does indeed shine more every day you're here :) Scott 22:33, 10 October 2006 (PDT)
Now that I've had more experience editing our wiki... I don't think the formal process of the COTW, as done on Wikipedia, would work very well for us. Instead I'm thinking of more informal "smackdowns" (to borrow a phrase from LiveJournal Support <3), like perhaps making a post on the various fora and say, "Okay folks, this week we're going to work on adding the Perplexian Infobox to all character articles. GO!" xnera 12:07, 11 October 2006 (PDT)

User Security Levels

  • sysop - gives you editing power on locked pages, the ability to make new users, and other little stuff. Basically it's the gold key access.
  • bureaucrat - means you can change privs of other people as well.
  • developer - I'm not entirely sure what this does, but presumably gives greater access to backpanel controls, so you can easily change the look and fFeel of things, one assumes.

In case you were wondering, there is also a "bot" priv which make users bots. hey hey :) I'm not entirely sure what the subtleties of that are, actually. presumably you can make a user a bot, and their edits are fFlagged a bit differently, fFor better or worse as you see fFit. make scripts fFor rapid edits of stuff, or red-flag annoying users. either way. we have no bots.  :)

Open Registration + Blacklist

What does everyone think about possibly opening up free registration to all, with registration required to edit articles, but using the MediaWiki Spam Blacklist plugin? This is the same one that Wikipedia uses to prevent spammers. I'm not sure how much administrative overhead it is to manually add people to the user database--but even a tiny bit of manual intervention is an extra step that might deter a new user from contributing. I'd like to propose a "register-yourself" model with the Spam Blacklist plugin for a limited trial, until we get comfortable that it's either not working or working better than manually adding people. Then we can either continue to use it or revert back to the old way. Does anyone else have an opinion on this?

I am reluctant to open registration. This is largely because I had to deal with the onslaught of spamming which occurred a year ago, and there's a good chance I would be the one to deal with it again in the fFuture. I can tell you, adding new users is a really simple thing. I have the page bookmarked, so all I need do when given a new account request is input a name, and generate a response to the person. Pretty easy on my part. However i do fFully recognize the fFact that any effort on the part of the luddite user may be the difference between contibuting new work, and turning away and never looking back. So letting the user do their own registration would be a great thing. So. yes. a trial period might be a good idea. Basically, as I understand it, the plugin simply refers to a blacklist everytime an edit is submitted. So as long as their blacklist is well kept, it should work out dandy. My vote is yes to a trial period, then. Scott 23:17, 24 September 2006 (PDT)

Yes, it updates from Wikipedia's blacklist every 15 minutes. They're really good at controlling spam--I don't know how much of that to attribute to the blacklist and how much to attribute to manual removal, but we'll give it a chance for a few days/weeks and see what we get. BrianEnigma 17:35, 26 September 2006 (PDT)

fFollowing up on this: Yes, it seems to be working so fFar. Which is to say, we have had no outbreaks in the past 2 weeks. fFar fFrom conclusive, of course. But it makes me happy. Scott 22:33, 10 October 2006 (PDT)

As a member of the CVU over at en:Wikipedia i'd just like to drop in my two pennies on this subject. As far as I am concerned - even if we do get attacked with spam accounts:

  • It's not hard to clear up - if a clearup is needed at all.
  • 99% of them won't actually make any edits.
  • Any edits that are made are easily reverted.

And as for a malicious user - the wonderful words "Rollback" and "Revert" come to mind - as well as the trusy admin Block button. I can assist any admins who require any help using their powers or any aspect of the admin side of a mediawiki installation at all - just send me a message. --Skenmy 12:04, 11 October 2006 (PDT)

Is there anything skenmy can't do?  :) Actually rollbacks were a nuisance in, what I'll call: the spam outbreak of last year. Conniving bastards made an edit with one user, made another edit with another user, then made another edit with a third user. Rollbacks (at least, at that time) only went back one edit, so you can see how that could be anoying. I was pretty new to how mediawiki works at the time, also, and I was basicaly all alone, so i sort of went into panick mode trying to rebuild 30 attacked pages. I'm obviously more knowledgeable at this time, and better equipped to handle attacks. (Though, since you mention it, what is the best way to do reverts? I know to edit past versions of the page, but maybe there is some other way.) Additionally ... since skenmy is a genius, maybe he knows the answer to this riddle: Is there a way to delete users, not just block them? Cheeeeeers! Scott 15:38, 11 October 2006 (PDT)

Not necessarily a genius - just been working with MediaWiki for a while now. I use a few aids over at Wikipedia to assist me with vandalism - various javascript programs and other standalone windows programs that connect to a live IRC framework that then sends out edits to a team of people who gauge and act accordingly. It may be possible - if you so wish - to get a couple of the more simple vandal-fighting apps working on here. Shouldn't need any server code changes - and I could quite easily test them if you want.

As for the removal of accounts - it is possible to *clean up* user accounts with maintenance/removeUnusedAccounts.php (Brian will have to do that in shell). I'll get in touch with the devs as for other spam accounts - especially ones that have made edits. Data integrity is key to keeping a wiki running. --Skenmy 08:28, 12 October 2006 (PDT)

In addition - admins have special revert powers. I don't have too much experience with those - but it should be quite simple once I ask a WP admin. --Skenmy 08:43, 12 October 2006 (PDT)

I haven't cleaned up user accounts specifically with any of the /maintenance/ scripts, but I have blocked a bunch of obvious spam accounts in one big batch process. If anyone is interested, my notes are stored in Meta:Spam_Blocking in case I need to do it again. It looks like at least one spammer script just creates usernames made of 6 hex digits. A huge chunk of that namespace got taken up and is now blocked, so those scripts will start failing. -BrianEnigma 15:27, 12 October 2006 (PDT)

A spammer got through today, so I ended up rolling back his changes and extending the Spam Blacklist plugin to also process a local list of blocked URL patterns. That list is at Meta:Spam Blacklist. -BrianEnigma 15:27, 16 October 2006 (PDT)

Spam Plugin Stopped Working

Our spam blacklist plugin stopped working, and I wasn't able to determine, in 10-15 minutes, why. For now, I'm closing down the new user signed (i.e. reverting back to the "post your info on the Unfiction thread and we'll manually add you" method.) Tonight, I'll have a bit more time to more extensively debug. My thought is that this is related to Dreamhost silently upgrading their PHP version, which seems to have broken a number of things (including certain features of Wordpress.)

So it turns out the spam blaclist plugin is working fine. The spammers just got more smart. The blacklist works by matching keywords on the domain name of a link (not on the text of the link because that could be anything.) In the past, spammers have linked to domains with the spammy words in the URL. Now, it seems they are hacking student accounts (lots and lots of pages at *.edu domains), putting spammy content there, then linking to the *.edu pages. This doesn't kick off the spam filter because *.edu is always good, right?  ;) I went ahead and added the hacked *.edu domains to or local list of bad links. If it turns out that we really do need to link to a resource at one of those hacked *.edu domains, then we can handle it on a case-by-case basis. BrianEnigma 13:15, 12 June 2007 (PDT)

Bad-Behavior Plugin

Also, I installed the Bad-Behavior plugin, which works wonders on WordPress and should do pretty well with MediaWiki. See: Meta:Spam Blocking BrianEnigma

Title Template and Tiny Update

Brian put in some javascript today that means the Template:Title template I have copied over from my various other wikis now works here. You can use it to replace the big header text at the top of any page with any text you like. It is used as follows:

{{title|New Title Here}}

It is generally placed at the top of a page, above all the content, but I am pretty sure you could place it anywhere and it will work.

I also added the new section link magic word to the top of this page. --Skenmy 10:01, 27 October 2006 (PDT)

Okay, I'm intrigued. What would you do with it? Scott 19:21, 28 October 2006 (PDT)
He means that we could change the line that says Perplex City Wiki:Discussion above the contents box to something like Plz to be discussing wiki here, kthxbye!, if we were so inclined. I just used this to change the title on my User pages so my name has a small x instead of a capital one. I thank Skenmy profusely for this, because that capital x was driving me batty. xnera 13:16, 31 January 2007 (PST)

Bloody vandals!

OK Seriously ... any time there are more vandalizations than actual edits to the wiki, it is time to do something. Brian, are we still setup to only allow admin-created users? If not, I am going to suggest that is done. Or perhaps set it so only admins can edit, fFor a time, maybe? I dunno, but this is ridiculous. Scott 08:04, 9 July 2007 (PDT)

Yep--only admins can create users still. Unfortunately, the spammers came in and created hundreds (if not thousands) of accounts that still exist. They can't add their spammy URLs, but they can (intentionally or as a side effect of whatever script they're using) remove stuff, which is exactly what they are doing. The last time a spammer created fake accounts, they were pretty easy to spot--all upercase, consisting of 6 hex digits. I even had a script (see Meta:Spam Blocking) to kill off those users. I tried to do that this time, but found it would blow away a bunch of valid users/usernames, so didn't continue. A snapshot of the list of possibilities is currently at http://perplexcitywiki.com/bad_users.txt although I now realize that I could probably kill off their passwords, then if the person is a valid user, they can have the password emailed to them. Hmmm.... yeah... maybe I'll investigate that possibility... BrianEnigma 17:12, 9 July 2007 (PDT)