Re: Wiki Abuse

On 01/15/2013 03:12 AM, Kinkie wrote:
> On Mon, Jan 14, 2013 at 7:11 PM, Alex Rousskov
> <rousskov_at_measurement-factory.com> wrote:
>> On 01/14/2013 02:47 AM, Kinkie wrote:
>>>> Can we grep the wiki data to locate those other user accounts?
>>>
>>> Yes, I found out that we can. It's 129 users total.
>>> Amended plan: create a page to explain the account policy; post to
>>> squid-users; preserve those 129, the editors, the admins, and whoever
>>> answers from squid-users; remove everyone else with no other warning.
>>>
>>> Eliezer, Alex; you are right that it'd be nice to warn each individual
>>> user personally, but:
>>> - it's 28k of them. Out of those, I estimate 8k to be real (and the
>>> estimate is VERY generous), at least 20k are drive-by spam attempts
>>> - many of the users have probably fake or spoofed email addresses
>>> (remember, no address verification is done), so the mail would be
>>> unexpected to them, and even if only 10% answered, it's an excessive
>>> amount of work.
>>> - recreating an user account is a trivial matter (even though it now
>>> requires an admin's intervention)
>>>
>>> I will keep the old user accounts around in case they are needed.
>>>
>>> Does the plan fly with you guys?
>>
>>
>> If I understand your plan and estimates correctly, you want to
>> inconvenience a few thousand of legitimate users, and we could expect a
>> few hundred of those users to come back at you so that you can manually
>> re-enable their accounts? In this case, I hope your estimates are wrong
>> both because I do not think we should inconvenience so many without a
>> very good reason, and because I do not want you to spend so much time on
>> handling those manual cases.
>>
>> Can we remove non-editing users that did not register to receive any
>> notifications? If yes, how many users will be left after that?
>
> Hi Alex,
> I suspect we are saying the same thing: I wouldn't really
> inconvenience users. Registering for an account on the wiki allows for
> a few things:
> - subscribe to page notifications
> - customize quick-links in the user's profile
> - with additional authorizations, edit the wiki
>
> I would not touch users which have done legitimately any of the above
> (some users have tried to XSS the wiki or to use their profile for
> link-spam and would be removed).
> After the cleanup, the wiki would contain about 400 registered users;
> 25334 users would be reverted to anonymous (doing so would have a
> performance benefit for them, as they could use cached pages, while
> registered users can't). I expect that the number of wrongly removed
> users be in the units, a few tens at most.

Sounds good to me.

Alex.
Received on Tue Jan 15 2013 - 14:57:32 MST