Wikipedia talk:Edit filter

Shortcuts

• WT:AF
• WT:FILTER

Please add {{WikiProject banner shell}} to this page and add the quality rating to that template instead of this project banner. See WP:PIQA for details.

Filter 276

I've created Filter 276 (logs) to handle this crazy proxy/spoofed IP insertion that is happening. See WP:ANI#Welcome to Wikipedldia!. Feel free to modify, turn on higher, turn off completely, and/or tell me I'm an idiot. Based on the number of IPs that we're seeing on it, I figured it was worth running as a filter without discussion. tedder (talk) 08:06, 21 December 2009 (UTC)

• • Incorporated into other existing filters and disabled. Thanks, NawlinWiki (talk) 17:54, 25 December 2009 (UTC)

Permission

I would like to request the edit filter right. I would like to create filters that will block any malicious-like scripts. I would also enjoy being able to view private filters. Btilm_{Happy Holidays!} 05:20, 24 December 2009 (UTC)

I can assure you that there is nothing enjoyable in the codes of private filters. Ruslik_Zero 20:12, 24 December 2009 (UTC)

Well, I will at least like to create a filter for malicious scripts. Btilm_{Happy Holidays!} 01:04, 25 December 2009 (UTC)

Can you provide an example of such malicious scripts and what code you would write to block it? Triplestop x3 01:09, 25 December 2009 (UTC)

There are many little codes that could possibly freeze one's browser. That would be this code's only harm. Here is what a vandal would type, with or without the <script> and </script>. <script>while (1==1) document.write('hello')</script>

This is a script that keeps writing hello until you close the frozen browser.

This are the conditions: !("sysop" in user_groups) & (ccnorm(added_lines) rlike "(<script>)?(\n)?while \(?.*==.*\)?\{?(\n)?\{?(document.write|alert)\('.*')\}?(\n)?\}?(</?script>)?")

I would first test the code by flagging the edit in the edit filter log. Once I get it right, I would disallow the code. Btilm_{Happy Holidays!} 17:36, 25 December 2009 (UTC)

As far as I know, the MediaWiki markup doesn't allow scripts, so what you describe wouldn't happen on Wikipedia... ╟─TreasuryTag►consulate─╢ 17:38, 25 December 2009 (UTC)

I am talking about if a vandal puts it on there js page, or if a user is testing something out. Btilm_{Happy Holidays!} 17:52, 25 December 2009 (UTC)

Is "vandals injecting malicious code" a recurring problem? Is there even a single precedent of vandals doing js mischief? What a vandal puts in his own .js will affect only his own browser anyway, not others. Looks like a solution in search of problem to me.--Zvn (talk) 20:26, 25 December 2009 (UTC)

If you know of some way to run scripts for people other than yourself that doesn't require admin rights, please contact securitywikimedia.org, as that would be a rather serious issue that should be fixed in the software. Mr.Z-man 19:04, 26 December 2009 (UTC)

You're kinda right, Zvn. Maybe an admin should try that instead of a block sometime. Another reason, now that I think about it, is to be able to create new filters wanted here. One is the addition of "you." I could do that. I will give an example.

Conditions: !("sysop" in user_groups) & (article_namespace == 0) & (lcase(added_lines) rlike "\b(you('?re?(el(f|ve))?s?|'?ll|)|y'?all'?s?)\b")

I would test it by flagging it; and then, once I get it going, I would then choose to flag the edit and tag the edit (the tag would be something like possible addition of the word you). Btilm_{Happy Holidays!} 02:49, 27 December 2009 (UTC)

Can you elaborate on what types of edits there should or should not be an abuse filter for? Triplestop x3 04:13, 27 December 2009 (UTC)

Well, the first thing I would like to point out is, if I get the abusefilter right, I would never check the box to revoke the autoconfirmed status, because I can't think of a single instance to use it on; and due to the fact that probably every filter has, or at one point had, a false positive. For example, a filter that detects when a user writes a phone number wouldn't be the best idea in the world. There could be many false positives, where phone numbers should be included in an article, like 555 (telephone number), 867-5309/Jenny, and Telephone number. A filter that wouldn't be so bad would be one that detects when new users create an article via the article wizard and leaves, under external links, example.com. Articles that have that are usually deleted. The criteria for that would probably be something like this: edit count - under 30 edits and account age - 2 days or less. If I do get the right, it would help me answer the entire why did X get flagged, but not Y business on private filters. This process would also help me discover false positives for private filters, and I will still be looking for false positives on public filters. I would probably fix some false positives and moniter the requested filters. Btilm_{Happy Holidays!} 05:32, 27 December 2009 (UTC)

 Not done I can't say with confidence after reading the above discussion that you have the knowledge of what the abuse filter is to be used for, nor can I say that you know how to code for it. NW (Talk) 16:43, 29 December 2009 (UTC)

Well, please give me a clear case to code and I will code it to the best of my abilities. Btilm 17:42, 29 December 2009 (UTC)

Please? I really have a chance of doing it. I do understand it, but you don't have confidence in me. So how about some Q and A?

Admins can now see private filters without abuse filter editor rights

The permission has been enabled in Template:Bug. This implies that there is no longer a need to (self-)assign the abuse filter editor permission to admins to be able to check private filters, so we can consider removing the permission from admins who don't edit filters, or other ways to assign it, as some had suggested. Cenarium (talk) 18:54, 26 December 2009 (UTC)

Could we consider making the whole abusefilter bundle part of the sysop package? Admins who want to edit the filters (or think they might want to in some never-to-be-realized future) self granting the right just creates clutter in my opinion. I would keep the abusefilter right around for those who have it but aren't sysops, but allow only 'crats to manipulate it. ⇌ Jake Wartenberg 19:20, 26 December 2009 (UTC)

I don't think being an admin should automatically allow you to edit the abuse filter. We choose admins for good judgment, not good programming skills. Being a good admin does not really prepare you for editing these filters as it requires technical ability beyond what is expected by an admin. While I don't see any harm in all admins being able to see the filters, I think being an admin and being able to edit the filters should remain distinct positions. Chillum ^{(Need help? Ask me)} 20:24, 26 December 2009 (UTC)

We allow admins access to other technical parts of the site -- the abilities to edit complex, highly used templates, the mediawiki namespace, and the spam and title blacklists are all part of the sysop package, among other things. We trust admins not to use their tools in places where they don't have the necessary expertise. I also don't see how this creates a "separate position" when any admin may grant herself the right on a whim. ⇌ Jake Wartenberg 02:13, 27 December 2009 (UTC)

The abusefilter differs from all of your examples as it's a tool that can make a "mark of Cain" entry on the permanent record attached to an editor. –Whitehorse1 22:35, 27 December 2009 (UTC)

This is true; however, I think it should be more widely known that the edit filter (renamed from its original name of abusefilter) carries a lot of false positives, and even the best editors get tagged by it once in awhile. For example, here's an administrator with 15 of them, none of which are actually indicative of "bad faith" edits. Hopefully more people will come to think of it as a mostly benign way of categorizing people's edits rather than a permanent reminder of past vandalism. -- Soap ^Talk/_{Contributions} 03:10, 28 December 2009 (UTC)

I would support cleansing of the userright from admins who do not edit the filter to make it easier to find admins who do. The suggestion by Jake is a separate issue and needs its own discussion as each time we discussed it (see archives), the status quo was upheld for various reasons including the fact that an admin having to grant themself the userright is a bit of a "speed bump" for them to go over - a deliberate act that hopefully makes them realize that it is a serious tool that requires caution in its application. –xeno^talk 15:28, 29 December 2009 (UTC)

Remove flag from admins who don't use it

So, a proposal, now that circumstances have changed considerably: Remove the flag from those that don't use it. The admin can always grant it back, so this shouldn't be a big deal. Perhaps we could loosely define inactivity as no actions withing a three month period? ⇌ Jake Wartenberg 22:19, 30 December 2009 (UTC)

I'd so go for it. Make the list useful again. –xeno^talk 18:36, 31 December 2009 (UTC)

Filter 82

I'm sure wikipedia has rules against posting 4shared download links to illegally uploaded media. Filter 82 was enabled to log, but not disallow. I propose that we edit it to only disallow 4shared links, then set it to disallow in order to take care of that problem.— Dædαlus ^Contribs 02:47, 28 December 2009 (UTC)

Note: this user contacted me on IRC earlier and I suggested they bring this to the wiki because there are issues here I don't feel confident handling by myself.

The filter recently logged this edit which was only inserting a malformed ref tag ... I've looked at the code and am not sure what is causing it. I am worried that there may be a quirk in MediaWiki that causes some edits to trigger the filter even though they don't contain a [nowiki] tag. I also want to point out that I dont think setting this filter to work only on 4shared would be a good idea because there are other hosting sites, and all of them can be reached via TinyURL and other URL forwarders which would not be stopped or even logged if this filter were set to trigger specifically on 4shared. Perhaps "4shared" could be added to a blacklist contained on one of the filters that is already in Disallow mode, and this one kept as log-only to keep track of less-blatant edits and possible false positives. I am sorry if I sound negative, because I agree that this filter needs to be improved. -- Soap ^Talk/_{Contributions} 03:03, 28 December 2009 (UTC)

Note that TinyURL and other such services are generally blocked on the global spam blacklist. If we want to block such links, we should also use the spam blacklist, as it can probably do it more efficiently. Mr.Z-man 04:00, 28 December 2009 (UTC)

Can the spam blacklist be configured in such a way that it will catch links surrounded by <nowiki> tags? I thought that the reason this filter was needed was because it couldn't. -- Soap ^Talk/_{Contributions} 04:03, 28 December 2009 (UTC)

The the point of the filter is to catch any link in nowikis; if we want to specifically block 4shared links, that should be done with the spam blacklist. Mr.Z-man 04:56, 28 December 2009 (UTC)

This is a reply to Soap- apparently the nowiki tags doesn't cause tinyurl to be blacklisted. Interesting. http://tinyurl.com/foo tedder (talk) 06:54, 28 December 2009 (UTC)

So, can we get some headway on this? If tinyurl is blacklisted, then I see no problem with adding it to the filter to block 4shared and tinyurl.— Dædαlus ^Contribs 05:06, 31 December 2009 (UTC)

Oh, Tedder added it a few days ago. Sorry, I'd thought you'd heard about it. I'll be watching it for false positives because I still dont really know what caused the [ref] bug. (And it is still turning up false positives such as this, although that particular user was able to fix it by removing the unnecessary nowiki tags from his edit.) -- Soap ^Talk/_{Contributions} 05:17, 31 December 2009 (UTC) I know that link will just give an error, but all that it really shows is that he's turning "disallow" on.)

(ec)Huh, weird timing. Yeah, I turned it on- see also this thread. tedder (talk) 05:20, 31 December 2009 (UTC)

Soap- that diff is definitely a FP, but .. how concerned should we be? It's not something that should be done, even if it's just a technical issue, not a bad-faith edit. tedder (talk) 05:29, 31 December 2009 (UTC)

User talk:NawlinWiki vandalism filter

If this private filter's name is an indication of its function, then I think it is an abuse of the right to edit filters. Sole Soul (talk) 04:14, 28 December 2009 (UTC)

Why would that be an abuse? tedder (talk) 06:55, 28 December 2009 (UTC)

This is a special case; given the amounst of vandalism his talk page gets, this is the most efficient way to minimize disruption. Someguy1221 (talk) 07:50, 28 December 2009 (UTC)

A recurring reason cited by filter editors to deny filter requests is that the abuse affects small number of articles (not a single talk page), and that the best way is to semi-protect because the filters cost a lot of resources. Also there is already a filter for some talk pages. I don't think this is the only talk page that gets vandalized a lot. Sole Soul (talk) 17:05, 28 December 2009 (UTC)

If I understand correctly, this filter only consumes 2 conditions of the 1000 condition limit, and the vast majority of all edits will bypass the filter after 1 condition, so it doesn't really consume very much resources. I admit I am uncomfortable with the idea of a user's talk page being protected with no unprotected talk page for IP's to post on, but the editnotice that this filter creates implies that NawlinWiki checks the filter log frequently to see if there any edits that were stopped by it, and will respond to the edits just as though they had been posted. -- Soap ^Talk/_{Contributions} 18:06, 28 December 2009 (UTC)

My main concern is the double standards, I don't think this would be allowed if a less privileged user requested a filter for his talk page (or for an article) with the same number of vandalisms. Although I assume that small things add up, so two conditions for a single page is still too much. Sole Soul (talk) 18:29, 28 December 2009 (UTC)

If you watchlist User talk:NawlinWiki, you'll may feel this is perfectly appropriate. A look through the history is probably sufficient, but make sure to check the history of individual pages listed at User talk:NawlinWiki/Archives.  Frank  |  talk  19:02, 28 December 2009 (UTC)

Sole Soul, if your page is vandalized 100 times a day, I'm sure you could be included in the filter if needed. Triplestop x3 19:07, 28 December 2009 (UTC)

I don't think so, and I don't think this page is the only talk page or article page that gets vandalized 100 times a day. Sole Soul (talk) 19:13, 28 December 2009 (UTC)

Nobody is suggesting it's the only one; what's being suggested is that this one is highly vandalized, and an edit filter is one tool in the arsenal to combat that.  Frank  |  talk  19:56, 28 December 2009 (UTC)

Nobody is suggesting that this one is not highly vandalized; what's being said is that since its not the only one, it should not be treated differently. Sole Soul (talk) 20:16, 28 December 2009 (UTC)

And indeed, the filter could be modified and then applied to others as well. We have to start somewhere.  Frank  |  talk  21:06, 28 December 2009 (UTC)

Indeed, we could, but if we don't you say it is not a problem, I say it is. Clearly, this was not intended as a "start somewhere" when the filter was created. Sole Soul (talk) 21:21, 28 December 2009 (UTC)

Looking at the log, It didn't catch anything in the last 4 days, and only 3 hits in December, 2 of them are false positives! Sole Soul (talk) 19:21, 28 December 2009 (UTC)

The filter is fine, though I'd ask NW to remember to disable it when it isn't needed. Prodego ^talk 20:54, 28 December 2009 (UTC)

The filter is not fine. "I'd ask NW", this shows the need to have an Edit Filter policy that is applied equally on everyone. Sole Soul (talk) 21:13, 28 December 2009 (UTC)

Yes. It is. Show me what policy this violates. Prodego ^talk 21:15, 28 December 2009 (UTC)

No, it isn't. You prove my point, there is no policy to prevent filter editors from creating anything, that doesn't make it fine. Sole Soul (talk) 21:27, 28 December 2009 (UTC)

Why should the edit filter be "applied equally on everyone?" User talk:NawlinWiki has more than 10x the number of watchers as User talk:Soap, and more than 5x the number of page views this month. (Ratios are similarly skewed for my own talk page in relation to NW's.)  Frank  |  talk  21:25, 28 December 2009 (UTC)

I meant to compare to User talk:Sole Soul: watchers (<30) and views (<100). Even wider disparity compared to User talk:NawlinWiki.  Frank  |  talk  21:31, 28 December 2009 (UTC)

It's obvious that that is not what I meant when I said "an Edit Filter policy applied equally on everyone". Sole Soul (talk) 21:33, 28 December 2009 (UTC)

It's not obvious, actually, I have no idea what else you could have meant. Try being a little more helpful? ╟─TreasuryTag►UK EYES ONLY─╢ 22:20, 28 December 2009 (UTC)

So you disagree with this statement: "an Edit Filter policy [should be] applied equally on everyone", keeping in mind that I said above "...with the same number of vandalisms". Sole Soul (talk) 22:50, 28 December 2009 (UTC)

Where did I say I disagreed? (Not a rhetorical question, please provide a diff.) I said, "I have no idea" what you meant. ╟─TreasuryTag►without portfolio─╢ 23:03, 28 December 2009 (UTC)

That was a question, I forget to put the question mark. Sole Soul (talk) 23:10, 28 December 2009 (UTC)

OK; what words that I typed made you think that I disagreed? What prompted you to ask the question? (Not rhetorical questions, please provide the answers.) All that I said was, "I have no idea" what you meant. ╟─TreasuryTag►senator─╢ 23:12, 28 December 2009 (UTC)

I have no interest in playing games with you, I'm reading all responses here so no need to send messages to my talk page. Sole Soul (talk) 23:21, 28 December 2009 (UTC)

I see, so you're just going to falsely accuse me of making derogotary remarks and then decline to engage in the follow-up discussion? I'm not impressed. ╟─TreasuryTag►assemblyman─╢ 23:23, 28 December 2009 (UTC)

There has been no policy, and the problem with making one is that people need to be able to quickly implement (some) filters in response to ongoing (serious) vandalism. If there is ongoing serious vandalism to a single page, any page, it is perfectly fine to create a filter to stop it. Filters that aren't the most useful ultimately get disabled by other abuse filter editors (often me). Prodego ^talk 22:09, 28 December 2009 (UTC)

(Note: I appreciate it when I saw you turning some filters public when secrecy is not needed) So you think that the lack of policy is for a specific reason, and you take advantage of the lack of policy in a discussion that has nothing to do with that specific reason? Sole Soul (talk) 22:32, 28 December 2009 (UTC)

I'm explaining why I believe a policy like the one you are suggesting be implemented here would not be feasible. Prodego ^talk 22:35, 28 December 2009 (UTC)

I'm talking about your saying "show me a policy". Sole Soul (talk) 22:39, 28 December 2009 (UTC)

(e/c)This is exactly the reason we don't have such a policy. If such a policy would prevent creating an abuse filter to stop the kind of vandalism that hits NW's talk page, it would be putting bureaucratic nonsense over actually using the filter for what its designed for. Mr.Z-man 22:40, 28 December 2009 (UTC)

The policy would not prevent such a filter if the community is fine with a filter for a single page. The policy would ensure that the standards is equally applied in all similar situations. Sole Soul (talk) 22:57, 28 December 2009 (UTC)

What standards? Prodego ^talk 23:07, 28 December 2009 (UTC)

In this case a page with high number of vandalism. Sole Soul (talk) 23:16, 28 December 2009 (UTC)

Until User:JarlaxleArtemis and his army of idiots at 4chan /b/ grow up, I would like to keep this filter. If and when a consensus is reached that I must rely on semiprotection instead, I'll do that. In the meantime, I am going to be away for about a week, and I would appreciate the filter being left on during that time. NawlinWiki (talk) 23:09, 28 December 2009 (UTC)

I don't know, for the record, I think this filter is fine. There doesn't need to be some massive beurocratic mechanism like botapproval or something like that for these things. Theres a patently obvious need here, the filter is the least intrusive means to stop this vandalism, and it works. Well within the spirit of everything at Wikipedia. If it works, go with it. --Jayron32 05:44, 29 December 2009 (UTC)

Proposal

A proposal has been made here which may be of interest. ╟─TreasuryTag►assemblyman─╢ 15:00, 29 December 2009 (UTC)