Wikinews:Admin action alerts/Archive 4

I can't add {{copyvio}} to articles ... it says it is being block by the spam filter?!? --SVTCobra 11:03, 26 February 2009 (UTC)[reply]

Are you sure it is the template and not the URL parameter? If it is the URL a warning from the blacklist would suggest the page simply be deleted. --Brian McNeil / ^talk 11:46, 26 February 2009 (UTC)[reply]

I even tried it with no URL at all. --SVTCobra 11:49, 26 February 2009 (UTC)[reply]

Anyway ... it works now ... weird. --SVTCobra 11:51, 26 February 2009 (UTC)[reply]

The blacklist is kept on Meta, perhaps someone temporarily screwed it up. --Brian McNeil / ^talk 11:55, 26 February 2009 (UTC)[reply]

Not sure if this qualifies for speedy deletion, seeing that it's a talk page? Or does that make any difference when deleting a spam page? ♪Tempo di Valse ♪ 14:18, 5 March 2009 (UTC)[reply]

Spam? Delete on sight - userpage or not. --Brian McNeil / ^talk 15:04, 5 March 2009 (UTC)[reply]

Strongly agree. Cirt (talk) 16:36, 5 March 2009 (UTC)[reply]

There are a lot of these, and they mostly seem to be fixing typos of month names (or possibly instances where a foreign name for the month has been used). Given the number of them, is this something that could be semi-automated with AWB or something? In which case, could someone with such a tool have a go at them? Chris Mann (Say hi!|Stalk me!) 23:40, 5 March 2009 (UTC)[reply]

It took me four hours, but I finally archived all of our articles up to March 1st, 2009. WN:TOARCHIVE is a very helpful tool. ♪Tempo di Valse ♪ 20:21, 8 March 2009 (UTC)[reply]

Kudos Tempo. You did a great job. R.T. 20:26, 8 March 2009 (UTC)[reply]

I was watching RC as the end occured, very impressive work there! Blood Red Sandman ^{(Talk) (Contribs)} 20:27, 8 March 2009 (UTC)[reply]

Wow! This is amazing. Well done Tempodivalse. Anonymous101^talk 20:31, 8 March 2009 (UTC)[reply]

wow. Great work. Bawolff ☺☻ 20:37, 8 March 2009 (UTC)[reply]

Now we need to check November 2008 and earlier. I know there is some there. DragonFire1024 (Talk to the Dragon) 20:51, 8 March 2009 (UTC)[reply]

Are you sure? I'm certain I got them all. ♪Tempo di Valse ♪ 23:05, 9 March 2009 (UTC)[reply]

I must agree, I searched high and low through the old archives yesterday but found nothing. R.T. 23:07, 9 March 2009 (UTC)[reply]

I just know that I did all of December 2008. And anything before that I have no clue about. DragonFire1024 (Talk to the Dragon) 11:59, 10 March 2009 (UTC)[reply]

It's all done, Dragon. See WN:TOARCHIVE. Now, we do have some protected edit requests to clear. So to the newer admins, don't make corrections that are based on facts that came out after the story was published. Cheers, --SVTCobra 12:16, 10 March 2009 (UTC)[reply]

Which should be ok, since as I note above a large chunk of them appear to be either typos or foreign names for months that should be translated. Chris Mann (Say hi!|Stalk me!) 01:31, 13 March 2009 (UTC)[reply]

Hi, could someone please respond to my query at the above link, so that I'm not talking to a wall this time? Sorry for spamming, but I don't think I'm going to get a response otherwise (last time I posted a question on that page, a few weeks ago, I never received any answer). Thanks. ♪Tempo di Valse ♪ 20:37, 14 March 2009 (UTC)[reply]

Be bold. No answer, is generally a Its ok (as a general rule). Bawolff ☺☻ 23:41, 14 March 2009 (UTC)[reply]

Per an SPI case at enwiki a CheckUser was requested, CU evidence (here) and editing habits confirm that User:33ohmygad is one of many abusive sockpuppets at enwiki. After checking with the SUL utility I figured I would alert you guys that one of the 20+ accounts has registered here and am requesting an indefinite block on the account. Thanks, Stepshep (talk) 00:45, 15 March 2009 (UTC)[reply]

  Not done We (usually) do not block users based on their actions on other projects. If this account starts vandalising, sockpuppeting, or behaving suspiciously on this wiki, then I will consider blocking, but not now -- the user in question has made no edits here yet. Best regards, ♪Tempo di Valse ♪ 01:48, 15 March 2009 (UTC)[reply]

Thanks. Some wiki have been blocking, others haven't. I wasn't sure as to the exact rule of thumb here so I figured it was best to let you guys run with the info. Thanks again, Stepshep (talk) 02:20, 15 March 2009 (UTC)[reply]

I don't want to sound suspicious or anything, but could somebody explain the meaning of these edits? I don't understand why an administrator would do something like this. ♪Tempo di Valse ♪ 18:42, 15 March 2009 (UTC)[reply]

It is an imposter account, as noted at the time on this page here. Blood Red Sandman ^{(Talk) (Contribs)} 18:46, 15 March 2009 (UTC)[reply]

Oh, that makes sense, I didn't see the talk page notice. Never mind then, thanks. ♪Tempo di Valse ♪ 18:49, 15 March 2009 (UTC)[reply]

Could someone please confirm the results for WN:POTY08. It needs to two admins to verify the results. Anonymous101^talk 10:03, 8 March 2009 (UTC)[reply]

  Done by Zachary (talk · contribs). ♪Tempo di Valse ♪ 23:08, 9 March 2009 (UTC)[reply]

I just wanted to bring someone's attention to the fact that a new user has placed adverts/spam on his talk page. Shouldn't it be deleted?  ♪TempoDiValse♪  03:22, 9 February 2009 (UTC)[reply]

Never mind. Looks like someone got around to deleting it, thanks.  ♪TempoDiValse♪  03:50, 9 February 2009 (UTC)[reply]

This is an ongoing issue, accounts are being created to spam. Users I've seen involved with this are: JohnAnnie, Ingerso, Beardsle, Iredell, JohnAlgernon, Brenten, and Carlly. From checkuser - suspected socks.

Instances of this should be met with hard blocks - no editing of talk page or sending of email. Please check the blocked account's contributions to see they haven't been creating sleeper accounts. --Brian McNeil / ^talk 10:27, 10 February 2009 (UTC)[reply]

Does checkuser show anything which could be blocked to stop it from continuing to happen? Daniel (talk) 11:14, 10 February 2009 (UTC)[reply]

A range block would cover all but the most recent. I've raised the issue on the checkuser mailing list as some of those accounts were created on other wikis. --Brian McNeil / ^talk 11:36, 10 February 2009 (UTC)[reply]

There was a similar 'spam attack' on Feb 6 (see block log). The pattern seems to be setting up sockpuppets over a bit of time and then spamming from all of them at some time. When blocking such an attack, remember to block editing of the talk page as well, or they just continue spamming there. Cheers, --SVTCobra 23:08, 10 February 2009 (UTC)[reply]

• A further point to note with these attempts to spam is the URLs involved. These can be added to the blacklist over on meta, I'll admit I have been a bit lazy about this - I have included the information while alerting the checkuser mailing list and let someone else deal with it. As you can guess from the number of usernames involved, investigating this is a fairly time-consuming process of checkusering and scanning for open proxies. --Brian McNeil / ^talk 10:57, 14 February 2009 (UTC)[reply]

• I don't know if it is a prelude to more spamming or not, but I found User talk:Interview and User talk:Toddst2 slightly suspicious. No actual spammy URLs yet, so I don't really think it merits a checkuser, but it would be a real surprise if these are two separate individuals. --Brian McNeil / ^talk 12:16, 26 February 2009 (UTC)[reply]

I strongly recommend that Florentino Floro (talk · contribs) should be blocked for multiple instances of willful blatant copyvio, in direct violation of our site policies.

As Florentino floro, this user is currently indef-blocked at en.wikipedia for Personal attacks or harassment.

Florentino Floro (talk · contribs) is already aware of the copyvio issue, as he was warned by Gopher65 (talk · contribs) about copyvio back in December 2008 [1].

This comment by the user is extremely troubling: Please do not be annoyed if sometimes, (due to stress and human factor - plus the fact that as lawyer and judge, I never ever had enrolled in any journalism subject), I would tend to relax the copyright rules and style guide... - style is one thing, but copyright rules should not be "relaxed". This is a tacit acknowledgment by the user that he knows he is violating site policies.

Here are some examples of Florentino Floro's copyvio:

These site policy violations create more work for dedicated project members. Most recently, at the article Philippines is culling 6500 hogs after Reston ebolavirus outbreak, the first review [2] done by ShakataGaNai (talk · contribs), and the second review [3] done by myself, were both failed due to blatant copyvio issues.

As the user Florentino Floro (talk · contribs) has already been warned about copyvio, and is aware of the issue as evidenced by his comment about the issue above, I do not think another warning would be appropriate at this point in time but instead strongly recommend blocking. Cirt (talk) 08:01, 7 March 2009 (UTC)[reply]

• I will say, as a frequent reviewer, that a number of his articles that I've run into have numerous copyvios (not just one or two). Yes, Sometimes a word or two is changed in the sentence, but I'm fairly good at catching them... when I'm really into it. Part of the problem is that his articles are so lengthy that they require a _ton_ of effort in order to review properly and sometimes they _don't_ get the review attention they should. --ShakataGaNai ^{^_^} 08:05, 7 March 2009 (UTC)[reply]

If people know of other examples of copyvio, please add them to the table in the format I have used, above. Cirt (talk) 08:16, 7 March 2009 (UTC)[reply]

• I've had problems with Floro before, not copyright-related, but rather defamation-related. The above evidence is rather compelling, but given my stop-start activity, I'll leave it to those who have dealt with him on a more long-term basis to decide this rather than throwing in my less-useful-than-theirs opinion. Cheers, Daniel (talk) 08:15, 7 March 2009 (UTC)[reply]

I think blocking someone who is not actively causing disruption is a bad thing to do. While copyvios are definitly not appropriate, the user is not hostile, and seems perfectly willing to take advice and whatnot. A more stronger warning would be the logical next step. Going from oh btw, this sentence was to close to comfort to the source to a block seems a bit harsh. Bawolff ☺☻ 08:27, 7 March 2009 (UTC)[reply]

Most of these cases aren't "too close for comfort", they are copy and paste jobs. See the review on the 6500 hogs, this is copy and paste, not "paraphrased closely". --ShakataGaNai ^{^_^} 08:33, 7 March 2009 (UTC)[reply]

I don't dispute that. I'm just saying he was given (from what I gather from up top) a (very) casual warning about paraphrasing sources too closely. Although he probably should get the copyvio is not acceptable message from the failed reviews, I think jumping to a block is a bit much. At the very least he should be given a harsh warning about the issue before we resort to blocking.

Admittedly, I have not been monitoring what he does very closely as of late. (for that matter, I havn't been all that active as of late either). But it appears to me the user in question both wants to make nice articles, and is generally cooperative. Giving him the benefit of the doubt (AGF and all) perhaps he just needs to have plagerism/copyvio etc explained to him more clearly. Blocking should generally be used as a last resort, and I don't think we're there yet. Bawolff ☺☻ 08:40, 7 March 2009 (UTC)[reply]

Couple the fact that he has been warned of copyvio already, and has openly acknowledged I would tend to relax the copyright rules... - I do not think a second warning would be appropriate or accomplish anything. Cirt (talk) 08:42, 7 March 2009 (UTC)[reply]

Well he says he tends to relax the rules, while still keeping within their spirit. Sounds like he just needs to have it explained to him that copyvio/plagerism is not one of the rules that can be bent. (maybe he read to much into WN:IAR or something). Even after he made the tend to relax the copyright rules statement, I don't see anyone telling him that is not allowed. (although its implied from the failed reviews, we shouldn't rely on implied things to get the message across). If after it has been patiently explained why we do not allow plagerism/copyvio rules to bend in the slightest, and he continues to post copyvios, then would be the time to block imho. Bawolff ☺☻ 08:52, 7 March 2009 (UTC)[reply]

[unindent] Honestly, his one warning reads more like a friendly suggestion than a warning to me. Generally for blocks for people who consistently break policy, we should first make "efforts to educate" the user, "followed by warnings". Based on what I've read, I'd say there was one real attempt to educate the user, which wasn't followed up when it appeared to have failed. I really wouldn't count Gopher's message as a "warning". Bawolff ☺☻ 09:04, 7 March 2009 (UTC)[reply]

Respectfully disagree. Failed reviews are not simply "implied" comments that there is a problem. There is a specific field for copyvio on the review template and this has already been made quite clear to him, multiple times. Cirt (talk) 09:05, 7 March 2009 (UTC)[reply]

hmm, you do have a point, that the reviews should have gotten a message across. But blocking based on failed reviews seems quite iffy to me. I'm interested in what other's people's opinions are, because I don't think anyone has ever been blocked before for this specific sort of thing. Bawolff ☺☻ 09:26, 7 March 2009 (UTC)[reply]

This discussion seems to be over, but just for the record, the first "warning" about a copyright vio that I give isn't meant to be a warning as long as I perceive their editing to be in good faith, which I did at the time in this instance. What I try to do is helpfully point out several instances where they went wrong, and hope that they clue in. If they don't, then I start warning. Gopher65_talk 20:59, 12 March 2009 (UTC)[reply]

Here we have Floro's response to me trying to get across the copyright issues/concerns. I believe there is scope to issue a stern - perhaps final - warning based on this. Floro asked to be mentored, and not having as large a contributor base as WP we don't run something like that. Can we come up with a plain and unambiguous counter to Floro's attitude of, "I'll keep editing until anybody passes it"?

My personal approach on a synthesis article is to read three or four sources - which I select depending on how well I think they represent or cover the story I am writing. Once or twice I have been caught out where I've written nearly the same wording as a source, but I have no thought that the reporters writing the articles I source from are 'monopolising' the best words. --Brian McNeil / ^talk 11:20, 7 March 2009 (UTC)[reply]

I think that somebody ought to contact Florentino Floro about this discussion, so that we can hear what he has to say. ♪Tempo di Valse ♪ 15:32, 7 March 2009 (UTC)[reply]

Notified: User_talk:Florentino_Floro#Copyvio_issues. Cirt (talk) 18:26, 7 March 2009 (UTC)[reply]

[unindent] Also, what kind of block do you recommend? A temporary one? Or indefblock? ♪Tempo di Valse ♪ 18:34, 7 March 2009 (UTC)[reply]

With the situation as it stands, Floro must commit to writing in his own words. If such a commitment is not forthcoming, and adhered to, then I suppose it would have to be an indefinite block. --Brian McNeil / ^talk 18:38, 7 March 2009 (UTC)[reply]

My two cents: Has floro admitted to not follow NPOV on occassions? yes. Has he admitted to not following copyright rules? Yes. Has he been accused of being a nut? Yes. (But I can name others as well as myself who have been accused of such things). But with all that said, is this enough to ban him? No. What can be done is simple: His article get written, get tagged appropriately, and eventually deleted. That is assuming this is so bad. Fact: we review articles. So if he copyvios, they don't get published. Am I against banning him? No. Am I necessarily for it? No. But would I protest it? No. So in the end, what difference would it make? DragonFire1024 (Talk to the Dragon) 19:57, 7 March 2009 (UTC)[reply]

When I think about it, I think this is much more an issue of plagiarism, rather than copyright infringement. At one point he said, "There are jurists who say that the rule of thumb, is 5-10% of the article published can be copied or quoted for research" before it is considered copyright infringement. IANAL, and have no idea if this is true or not, but i think our main concern here is not so much if the article would be legally considered in violation of copyright laws, but rather the ethical problem of using somebody else's work in our articles without their permission. 24.65.82.136 (user:Bawolff not signed in) 21:27, 7 March 2009 (UTC)[reply]

I am sorry but I have to disagree above with DragonFire1024 (talk · contribs) - our current {{review}} process is not enough to catch all copyvio problems on articles as long as those by this user, and if you look over the great number of "articles" he has done, I am sure that you will find a great majority of his older ones that were unfortunately successfully passed and appeared on the Main Page, still have lots of instances of copyvio in them to this day and should be deleted. That is 70+ articles that need to be evaluated.... Cirt (talk) 03:32, 8 March 2009 (UTC)[reply]

I personally think that Florentino Floro should be given another chance -- I don't think he considers copyvio to be a serious issue, and the "warning" that was given on that one occasion seemed more like a suggestion than anything else. I suggest that he be told, in no uncertain terms, that copyright violations are a very serious matter, and only block him if he continues making copyvios after that. ♪Tempo di Valse ♪ 03:56, 8 March 2009 (UTC)[reply]

@Tempodivalse - you seem to be ignoring the fact that multiple reviews on his "articles" have been failed for copyvio. And also the fact that each time this has occurred, it is noted on template {{Peer reviewed}} - which includes a bolded link to Wikinews:Copyright, which states, in no uncertain terms, quote: Do not submit copyrighted material to Wikinews, unless it is released under a license compatible with Wikinews. There is no way that this has not been made explicitly clear already. Cirt (talk) 04:17, 8 March 2009 (UTC)[reply]

Hm ... you have a point there. I wasn't aware of that. ♪Tempo di Valse ♪ 04:21, 8 March 2009 (UTC)[reply]

It should be noted that while Floro is blocked for "Personal attacks or harassment" on the English Wikipedia, there were multiple and long-persisting issues with the quality of content he was adding to articles. He had been given warnings but did not change his behavior or demonstrate an ability to adapt to criticism. TheCoffee (talk) 11:58, 8 March 2009 (UTC)[reply]

I don't really think that is relevant. Excluding the issues with copyvios, the quality of the content of his articles are quite good. The depth of his articles seem to be consistently above the standard. (imho) Bawolff ☺☻ 20:37, 8 March 2009 (UTC)[reply]

Excluding the issues with copyvios ??????? Cirt (talk) 01:04, 9 March 2009 (UTC)[reply]

I'd like to point out that while they did not comprise the bulk of the problems, copyright violations were one of the many "quality of content" issues Floro's work had during his 2-3 years on Wikipedia, so this problem reaches further back than you might think. Also, I'm one of the ones he's been personally attacking and harassing on Wikipedia so don't be surprised if he comes hurling some bizarre accusations at me. --Cma (talk) 02:23, 9 March 2009 (UTC)[reply]

To clarify my previous comment. Copyright, plagerism, etc are ethical issues in my mind. While they are definitly important quality means something different in my mind (the depth, breadth, grammer, stylistic choices, how nice the piece is to read, etc). Your definition may vary. Bawolff ☺☻ 02:40, 9 March 2009 (UTC)[reply]

To clarify my previous comment - copyright issues are disruption. Especially after this has been made explicitly clear on multiple review templates with a bolded link to the policy page, the language of which is not ambiguous: Do not submit copyrighted material to Wikinews. Cirt (talk) 06:11, 9 March 2009 (UTC)[reply]

There's some rambling thing on my Wikipedia talk about Floro. Sort-of seems to be some attempt to imply he is being hounded by a 'gay mafia'. Bizarre. --Brian McNeil / ^talk 10:39, 12 March 2009 (UTC)[reply]

yep got that too. They also apparently spammed DF and jimbo. Probably others too. Bawolff ☺☻ 11:15, 12 March 2009 (UTC)[reply]

WTF...I read the message, which was reverted from my WP talk page, and I didn't understand it one bit. To me it was just a rant by someone who has extreme hatred for Floro. DragonFire1024 (Talk to the Dragon)

Not quite. On Wikipedia, Floro had a long history of making sockpuppets for the purposes of circumventing blocks and talking about his primary account's actions in the third person. If you'll compare these rants with any of his old ones or even his current userpage, I think it'll be pretty clear that it's him circumventing his WP block as usual. --Cma (talk) 12:42, 12 March 2009 (UTC)[reply]

In light of recent events and Cma (talk · contribs)'s comment, would be best to do a checkuser on en.wikinews and en.wikipedia. Cirt (talk) 13:13, 12 March 2009 (UTC)[reply]

Note the en.wikipedia block log: Block evasion: User:Florentino_floro, spamming talk pages. Cirt (talk) 13:30, 12 March 2009 (UTC)[reply]

In light of the above, and now in addition to the cross-project spamming which references this discussion [4], [5], [6], [7], [8], [9], [10], [11], Florentino Floro (talk · contribs) should be indef-blocked. Cirt (talk) 13:37, 12 March 2009 (UTC)[reply]

Yep, I got this message too. Not sure what's going on here, but the WP block log and a quick whois of the IP seems to make it clear that the anonymous user is most likely Florentino Floro. ♪Tempo di Valse ♪ 14:31, 12 March 2009 (UTC)[reply]

Yes, but checkusers at en.wikinews and at en.wikipedia would be able to tell (possibly) if Florentino Floro (talk · contribs) had other recent socking going on. Cirt (talk) 14:43, 12 March 2009 (UTC)[reply]

  Blocked While I couldn't do a CU (someone who can, please feel free to check things out). I looked at the IP's edits and compared the dates & times to Floro's edits here. Most of them were within an hour of him doing something on en.wn. Which, could be a coincidence, but I checked enough dates that it is highly unlikely. Frankly, if he's going to run around and do talk page spamming for our little discussion here, which I believe was leaning to just a warning... we don't want them around. Indef Blocked. --ShakataGaNai ^{^_^} 16:56, 12 March 2009 (UTC)[reply]

I have notified Florentino Floro about the indefblock here. He can still edit his talk page to argue his case, so I would recommend watchlisting it to see if he responds. ♪Tempo di Valse ♪ 17:56, 12 March 2009 (UTC)[reply]

Just a heads up, his talk page at en.wikipedia had to be full-protected by an administrator because: Inappropriate use of user talk page while blocked: Indefinitely blocked user, who posts conspiracy theories and attempts to justify his actions with religion. Cirt (talk) 18:00, 12 March 2009 (UTC)[reply]

Thanks for the heads-up. However, I would not recommend protecting the page unless he abuses it, in which case I shall certainly full-protect the page and full-block the user. ♪Tempo di Valse ♪ 18:03, 12 March 2009 (UTC)[reply]

Agreed. Cirt (talk) 18:27, 12 March 2009 (UTC)[reply]

Checkuser request for Floro filed at WN:CU. ♪Tempo di Valse ♪ 13:42, 13 March 2009 (UTC)[reply]

Umm, back up - Since one do we block people for actions taken on another project, which may or may not be the user in question here? Since one do we checkuser people if there is no evidence of them doing anything on Wikinews? He did bad things on wikipedia, fine, but they didn't happen here. If you're going to block him, block him for something related to wikinews (and only stuff related to wikinews). Am i missing something? Bawolff ☺☻ 03:23, 14 March 2009 (UTC)[reply]

Bawolff has a point, it's not usually our policy to block users based on their actions on other wikis. ♪Tempo di Valse ♪ 03:06, 16 March 2009 (UTC)[reply]

Said actions were clearly in response to events on this wiki, though. Spamming Wikipedia editors via email is a blockable offense on Wikipedia, so I would think spamming Wikinews editors over Wikipedia to be analogous. In any case, I was under the impression that his penalty was primarily for copyvio on this project anyway, and that the block was a result of his disproportionate response to the criticisms. --Cma (talk) 07:28, 16 March 2009 (UTC)[reply]

The block is appropriate. And yes it shows in the block log that it was primarily for actions on this project. Cirt (talk) 10:42, 16 March 2009 (UTC)[reply]

Okay, thanks. I'm convinced that the block was appropriate now -- just wasn't completely sure what the blocking policy was on this. ♪Tempo di Valse ♪ 14:06, 16 March 2009 (UTC)[reply]

Please see Wikinews:Water_cooler/technical#AbuseFilter. Cirt (talk) 03:34, 18 March 2009 (UTC)[reply]

I noticed that the number of admins in the recent changes header has dropped to 49. It was at 50 ever since Red Thunder was elected, and as far as I know, there were no RfdAs since then. Who lost admin status? Or is it a bug in the header? ♪Tempo di Valse ♪ 02:30, 20 March 2009 (UTC)[reply]

No one to my knowladge.User Rights log doesn't list any de-adminships in that time period. Counting up the names on WN:A gives 49 (47 not including Brion and the bots). No one has changed that page recently either AFAIK, so i don't think anyone lost adminship. Bawolff ☺☻ 06:09, 20 March 2009 (UTC)[reply]

I'll back up Tempo on this, I am 90% positive that it said 50 on Recent Changes a day or so ago. Does this count when a Steward gives themselves admin rights to do something on a wiki? --Brian McNeil / ^talk 09:14, 20 March 2009 (UTC)[reply]

Aha, I think I found the answer. I looked at this awhile ago, and it had 50 admins on the list ... now there are 49. Looking carefully, I can see that the person that seems to be missing from the list is User:Brion VIBBER. ♪Tempo di Valse ♪ 14:06, 20 March 2009 (UTC)[reply]

Well, Brion doesn't need admin access - he can just log into the server and tinker directly with things using SQL statements. --Brian McNeil / ^talk 14:31, 20 March 2009 (UTC)[reply]

Hmm, apparently i fail at counting. I could of sworn WN:A had 49 names on it (including Brion). Here's the log btw (geuss i should of also looked at that log too). Apperently dev rights are being tidied up across many wikis Bawolff ☺☻ 07:36, 22 March 2009 (UTC)[reply]

I was checking recent changes recently, and noticed that the header indicated that we had 100,015 registered users. I checked the user account creation backlog, and found that this person was our 100,000th user. I sent him a congratulatory note. ♪Tempo di Valse ♪ 01:45, 22 March 2009 (UTC)[reply]

Please check the permissions requests page, there is an RfA up there. Your input is needed. Sorry for spamming, but the last few times we haven't had many votes on RfAs, making consensus hard to judge, and I don't want that to happen again. Thanks. ♪ Tempodivalse ♪ 03:12, 5 April 2009 (UTC)[reply]

This page is generally intended for alerts necessitating admin action. Cirt (talk) 03:25, 5 April 2009 (UTC)[reply]

He's back blanking pages, and appears to be editing from different IPs -- probably has a dynamic IP address. Is there any way to do a "range block" or something, to stop him from editing? He seems to be mostly focusing on Portal:Bucharest. A few of his edits are here: [12] [13] [14] ♪Tempo di Valse ♪ 16:44, 26 March 2009 (UTC)[reply]

These IPs are all over the place - a range block catching them would block most of the Internet. This means it is more likely the IPs are proxies. --Brian McNeil / ^talk 17:03, 26 March 2009 (UTC)[reply]

If they are proxies, doesn't that mean they should be indefblocked? ♪Tempo di Valse ♪ 18:15, 26 March 2009 (UTC)[reply]

Probably, but doing so is easier said and done, as proxies go up and come down all over the place all of the time. It's hard enough for WP to keep up with them, let alone a smaller project like this. Lankiveil (talk) 11:54, 28 March 2009 (UTC).[reply]

The approach on WP is generally to block proxies for a year - as opposed to indef. On Wikinews we've generally gone for indef, and the {{proxyblock}} template. The headache is working out if an IP actually is a proxy - it could also be a compromised machine (eg part of botnet) or a Tor exit node. A while back (like maybe a year or more ago) I dug up a website listing Tor exit nodes and blocked all of them; it took a long, long time. More recently, but still some time back, I blocked 100+ open proxies from one of these sites that lists them. In a lot of cases, these were likely pwnd machines - something you can tell when you look up the name(s) associated with the IP address.

Zenmap can be found here, and I would recommend it to anyone who is curious about researching a suspect IP. An intense scan of an IP can take up to ten minutes, and to understand the results it returns you may need to go off and read the Internet RFCs; you're going to need to know what services are likely to run on any open ports you find, and how to dig a little deeper. I'm going to dig through the initially alerted IPs, post my results, and conclusions. Please ask questions! This is detective work any admin can do where a 'suspect' posts via an IP address. Where it is someone who has registered an account, you have to leave this to Checkusers who can obtain the 'private' IP information. Behind the scenes there is checkuser-l, a private mailing list for anyone on any project who has the CU privilege. There is cross-project coordination on vandals such as the "Ass Pus" guy, and sometimes this gets escalated to global blocks across all projects.

Results to follow... --Brian McNeil / ^talk 12:37, 28 March 2009 (UTC)[reply]

• • • First IP: 195.159.135.38. Name: n3.fileflow.com (the "n3" prefix suggests this is meant to be a domain name server). Open ports: 443 (https:// service), 8080 (See here for some background on 8080, it sits outside the 'reserved' range of ports but has a most frequent use as an alternative to 80 for http traffic. As you can see here, it's running Apache TomCat on that port; rather suspicious for a machine you'd guess is a nameserver from the DNS entry.

Let's plug that data into this proxy checker...

195.159.135.38:443 - result, not a proxy.

195.159.135.38:8080 - result, not a proxy.

This is not conclusive, it could be that you go to http://195.159.135.38:8080/proxy.cgi and there is a web proxy. --Brian McNeil / ^talk 12:54, 28 March 2009 (UTC)[reply]

• • • Second IP: 211.232.79.105. Name: static.211-232-79-105.nexg.net (is nexg.net an ISP? might be someone who gets a fixed IP). General weirdness on the port scan, stuff dropped and obviously fake data on time to get a response - the machine may be running an IDS (Intrusion Detection System). Open port: 139 (Windows NETBIOS). Certainly doesn't look like a publicly open proxy, could be an owned machine that the cracker has secured against other people getting into. --Brian McNeil / ^talk 13:10, 28 March 2009 (UTC)[reply]

• • • Third IP: 77.77.0.56. Initial scan gave nothing/said was down (was actually my $%#&ing ISP resetting my connection). No name. One open port: 3476 (outside the reserved range - could be anything). Took a long time to scan this IP. --Brian McNeil / ^talk

Word of warning! Depending on who you have for an ISP they may not take kindly to you running these sort of scans. It is fairly unlikely the owner of the target IP will complain, but if they have some stupid firewall software you could make it scream at them they're being subjected to a hacker attack. If they act on that, and complain to your ISP, you may have to explain why you scanned an IP - most ISPs don't expect you to be doing this sort of thing. --Brian McNeil / ^talk 13:27, 28 March 2009 (UTC)[reply]

It seems quite unwise to indef block Tor exit nodes, many are dynamic IPs right? Nyarlathotep (talk) 14:47, 9 April 2009 (UTC)[reply]

Yes and no. Most Tor exit nodes that people will pick to use (or - as we're more likely to see - abuse) are fixed IPs. This is down to having a fixed IP generally meaning you've paid a premium and have a decent speed connection. A lot of the Tor nodes you'd likely class as dynamic are more likely to be someone who hasn't configured the package correctly - if they had a clue they'd shut off all outbound Tor traffic, it's just too dumb to make yourself a potential accessory to the downloading of (cue hot-button) kiddie porn.

For static versus dynamic, it really depends on the ISP. If you've paid for static, that's in the contract - you get it. If you've taken a 'consumer' connection it is likely to be dynamic, but if you're leased an IP from the ISP then the DHCP server will, in a lot of cases, just reissue you with the same IP. This is less likely to happen if the lease expires when you're offline and don't come back on for several hours. It also becomes more likely you'll get a new IP if your ISP has oversold their netblock - few have, but apparently there's some real shady ISPs in the US do this.

A block on a Tor exit node should, I think, be months if it is not indefinite. However, talk page editing should not be blocked. On the more technical details of the block, even logged in users should be blocked from access via a Tor node. This is from a bad experience Wikipedia had - a rogue admin got lots of brownie points blocking loads of Tor nodes (but left accessible by logged in users) this rogue admin then created various sockpuppets for trolling and so, and used the Tor nodes he'd 'blocked'. I don't know if we have it on en.wikinews, but there is an IPBlockExempt feature in MediaWiki - this was developed to help people in China use Tor to pole-vault over the great firewall. --Brian McNeil / ^talk 16:12, 9 April 2009 (UTC)[reply]

There's an AR up there that's almost two weeks old and has only one vote, could someone provide some more input? Thanks. ♪Tempo di Valse ♪ 03:27, 27 March 2009 (UTC)[reply]

User:Rklawton's WN:AR can probably be closed now. --Killing Vector (talk) 16:33, 4 April 2009 (UTC)[reply]

Done, now someone needs to close Van der Hoorns AR too. tempodivalse 13:33, 8 April 2009 (UTC)[reply]

The bot is flooding recent changes, and hasn't been approved at WN:BOT, it seems. It's not really malfunctioning, but should it be blocked anyway, for not having been approved? ♪Tempo di Valse ♪ 14:04, 28 March 2009 (UTC)[reply]

Check my user page - I asked the bot owner to 'cool it', seems to have done so and requested a flag. Need to establish if it's 'demo' edits have all been constructive. --Brian McNeil / ^talk 14:26, 28 March 2009 (UTC)[reply]

There are six bot requests up there, and some of them haven't been closed for months. Just wondering, why does it take so long for them to get approved? Or did the b'crats simply forget about them? ♪Tempo di Valse ♪ 21:22, 1 April 2009 (UTC)[reply]

I closed several as unsuccessful. Only one or two votes in favour does not instil confidence that the bot has been double-checked. Also, many were missing the botblock template. Promoted Anonymous101's bot, and left two - again these are not getting enough wider attention to take a decision on. --Brian McNeil / ^talk 10:04, 2 April 2009 (UTC)[reply]

Someone seems to have done something to this page so that I can't sight it -- seems to have been "validated" or something instead of the usual "sighting", and that causes the sight function to not work. Could someone take a look and see what, if anything, is wrong? Thanks, ♪ Tempodivalse ♪ 21:19, 4 April 2009 (UTC)[reply]

Replied on your talk page per your message on my talk page! :) --Skenmy ^talk 22:22, 4 April 2009 (UTC)[reply]

68.177.37.202 (talk • contribs (logs) • block (block log)) Kudos to Resplendent. - Amgine | ^t 04:52, 8 April 2009 (UTC)[reply]

  Done by Cirt (talk · contribs) --Skenmy ^talk 07:06, 8 April 2009 (UTC)[reply]

He's just posted a long message at his talk page, demanding to be unblocked and given an apology, along with a threat of sending curses on us (?) if we don't. I'm not sure what to think about all this? tempodivalse 13:59, 10 April 2009 (UTC)[reply]

Let's just get out the popcorn and the shotguns. We can pick off the dwarves as they try to sneak across the lawn. :S --Brian McNeil / ^talk 16:21, 10 April 2009 (UTC)[reply]

Should his talk page be protected, to prevent abuse, perhaps? tempodivalse 16:35, 10 April 2009 (UTC)[reply]

Cirt has indef-protected Floro's talk page. tempodivalse 20:14, 10 April 2009 (UTC)[reply]

Yeah, it is inappropriate to use one's user talk page to make threats against other users such as "my enemies, including Wikipedia and Wikinews editors/sysops will 100 times suffer the dire fate-pains-deaths that were suffered by the people who suffered in the news articles I created". Cirt (talk) 20:17, 10 April 2009 (UTC)[reply]

User has been hard-blocked. Should we seek a ban? tempodivalse 20:38, 10 April 2009 (UTC)[reply]

When there is not consensus to unblock that is pretty much it, especially after this length of time since the indef block, plus the threats against users. Cirt (talk) 20:48, 10 April 2009 (UTC)[reply]

There is an ongoing issue with some disruptive characters making password reset requests for admins across all WMF projects. Main targets are admins. If you get a mail saying your password has been reset, ignore the new password, and let me know details (apart from the offered new password - blank this). --Brian McNeil / ^talk 14:34, 18 April 2009 (UTC)[reply]

I didn't get anything of this sort (yet). Will keep an eye on my inbox, though. tempodivalse 14:59, 18 April 2009 (UTC)[reply]

Wikinews has not been particularly targeted with this - Wikiquote has. I've seen one here, but there's been a lot of it discussed on the checkuser-l list. --15:18, 18 April 2009 (UTC) —The preceding unsigned comment was added by Brianmc (talk • contribs)

Could someone with the proper permissions perhaps checkuser this buffoon, to uproot any possible socks? He seems to be more active recently, I've already had to delete two or three of his nonsense/vandalism pages within several hours and blocked more than a few socks. tempodivalse 02:44, 19 April 2009 (UTC)[reply]

•   Done Was in via proxy - account created on another wiki, CU mailing list notified.

Can you give me a list of socks - I suspect additional proxies being used. --Brian McNeil / ^talk 07:53, 19 April 2009 (UTC)[reply]

Likely socks here [15]. Cirt (talk) 08:10, 19 April 2009 (UTC)[reply]

Other socks not listed at that list are: Soylent Bean (talk · contribs) and Otto Fritz (talk · contribs). There are many others, but those are the ones that first come to mind. tempodivalse 16:44, 19 April 2009 (UTC)[reply]

68.81.95.145 (talk · contribs), who was indefblocked recently for being an open proxy, has requested an unblock, saying that his IP is no longer an open proxy. I don't know how to check if this is true, could someone who knows how to do so take a look at this? Thanks, tempodivalse 03:51, 1 May 2009 (UTC)[reply]

You'd need to use Xenmap (Google it), post the results of an intense scan on my talk page and I'll give an analysis for you. I'd scan it myself, but this is not my computer and I'm not installing that on it. My own might be set up later today and I can then do the scan. --Brian McNeil / ^talk 07:43, 1 May 2009 (UTC)[reply]

Given this user has a history of vandalism and disruption in the past, and was previously blocked for it, I'm a bit suspicious that this might be a trick to get us to unblock him so he can start vandalising again. tempodivalse 14:03, 1 May 2009 (UTC)[reply]

The unblock request still hasn't been responded to, after two weeks. Could someone do a check? I'd do it myself, but that requires software I don't have, and I don't really want to install any more stuff on my computer. Tempodivalse [talk] 21:16, 13 May 2009 (UTC)[reply]

I checked this, still open SOCKS on port 1080. Also, several vandal accounts were created through this IP. I'll bet its also blocked on enwp too. --Brian McNeil / ^talk 10:46, 22 May 2009 (UTC)[reply]

I was correct. Persistent pain in the ass on enwp, to the extent that talk page has been protected. --Brian McNeil / ^talk 11:07, 22 May 2009 (UTC)[reply]

Some rather disruptive usernames were created recently, looking at recent changes. Could someone perhaps checkuser them for the underlying IP address and block it? Thanks, tempodivalse 16:05, 3 May 2009 (UTC)[reply]

Probably won't do any good. Its probably Willy on Wheels. DragonFire1024 (Talk to the Dragon) 16:11, 3 May 2009 (UTC)[reply]

I suspect open proxies are being used to create these accounts, otherwise the autoblock should have stopped a single IP from creating them. tempodivalse 16:13, 3 May 2009 (UTC)[reply]

Probably. But nonetheless people have too much time lol. DragonFire1024 (Talk to the Dragon) 16:30, 3 May 2009 (UTC)[reply]

Checkuser done and passed to mailing list. Can't proxy check here. --Brian McNeil / ^talk 16:31, 3 May 2009 (UTC)[reply]

This bloke is pretty persistent. Another dozen bad accounts or so were created in the last two hours, it probably wouldn't hurt to do a check on those too. tempodivalse 20:01, 3 May 2009 (UTC)[reply]

This has to be the most persistent vandal I have ever seen. Most folks would have gotten bored by now. Is there any way to get some of the phrases used in these names on the MediaWiki:Titleblacklist, to prevent the accounts from being created in the first place? simple.wikiquote had a rash of bad usernames created recently, and their blacklist seems to have stopped it. tempodivalse 21:08, 3 May 2009 (UTC)[reply]

<unindent>There are a number of things that allow these abusive names to be created. Frequently it is proxies, but in other cases it can be accessing the Internet via a cellular network. These have large ranges and short IP leases. At the moment all I can do is pass CU results onto the mailing list as my own machine is not on the net here. --Brian McNeil / ^talk 12:38, 4 May 2009 (UTC)[reply]

Over at en.wikiquote, I took the liberty of importing templates q:Template:Sockpuppet and related templates from en.wikipedia - these help to track socks of abusive sock masters by automatically tagging and categorizing them (see q:Category:Suspected Wikiquote sockpuppets of Bubbaloo). I'll create those templates on this project too at some point soon, unless someone else wants to get to it first. Cirt (talk) 10:37, 4 May 2009 (UTC)[reply]

Are these templates related to offensive usernames? These should be publicised as little as possible. I've had to delete a number of talk pages recently when people have been indef. blocked for unacceptable usernames. Please don't folks. --Brian McNeil / ^talk 12:38, 4 May 2009 (UTC)[reply]

The templates are for tagging sockpuppets, not necessarily related to the usernames. See w:Template:Sockpuppet for more info on how the templates are widely used on en.wikipedia. Cirt (talk) 12:43, 4 May 2009 (UTC)[reply]

<unindent>He's back at it again. I must have blocked at least a dozen of this obscene usernames within the past few hours. This is getting out of hand. Isn't there anything we could do to stop the creation of these usernames? CU doesn't seem to be very effective. tempodivalse 18:58, 4 May 2009 (UTC)[reply]

It really is impossible in the absence of ESP to guess which IP will be used next. As far as I can tell these have been proxies from all over the place and you'd need to block the entire Internet to get them.

CheckUser is, as you state, not a huge help here. All you can do is identify the IP, check if proxy, and block as appropriate. The different IPs used have generally not even been in the same /16. A block on a /16 is 65535 IP addresses, a handful of blocks like that have a high probability of collateral damage and no guarantee you'll prevent future vandalism. --Brian McNeil / ^talk 08:58, 9 May 2009 (UTC)[reply]

I have placed a block on this range as the origin of pelican shit vandalism. This was per a checkuser, with the offending user coming in through several addresses in that range. The block is only a week, so please keep an eye from anything from here. --Brian McNeil / ^talk 09:00, 9 May 2009 (UTC)[reply]

The "Good site, admin" user, who has been recently going around blanking pages and replacing them with nonsensical content, is actually a vandalbot editing from open proxies. If you see it making edits, please block it on sight, without warning (but verify it's an open proxy first, before applying an indefblock!). For more info see this post at simple.wiki. Cheers, Tempodivalse [talk] 19:06, 18 May 2009 (UTC)[reply]

Thanks for the notification, cross-wiki coordination is a good thing. Cirt (talk) 19:17, 18 May 2009 (UTC)[reply]

Looking at rc lately, I see that about 40 accounts in a row were created in the past hour and a half. This is a bit suspicious, because all of the usernames contain ten characters, have capital letters for the first and sixth characters, and were created within minutes of each other. Not sure what's going on here? A spambot, perhaps? Tempodivalse [talk] 13:25, 22 May 2009 (UTC)[reply]

I know I'm not an admin yet, but I noticed this too. User creation log. I'm not super familiar with the patterns of the UCL, but it looks a bit suspicious to me. Here is a list from the recent changes: User:CtacoOrboc; User:CoerrElolo; User:CnaerDrono; User:CnaboLibas; User:EldomC4tda; User:ElvarRolbo; User:Kbndurgarao - doesn't match pattern; User:GetacRoala; User:Erc4tNovim; User:Cc4tpAstrd; User:CavinOcacc; User:BasliRolac; User:AldroNboco; User:AcelzElget; User:AccolIzelr; User:BocalCcvid; User:BocraCvarn; User:CacozEloro; User:C4ttrLilet; User:C4tcnAoude; User:LaricAcelr; User:LiacdRonvi; User:RorolC4tde; User:RoldrOnaco; User:RacleToerd; User:Pasc4Tsitb; User:Semajay - does not fit the pattern; User:TroccOerro; User:VarroRovim; User:TroctAc4ta; User:TrocgEtolo; User:OumonErbas; User:OrricBasmo; User:LidomChira; User:LibodArcat; User:LiaceLc4tb; User:Noc4tCaacr; User:NoeltRotro; User:OrnocOdela; User:OloacElric; User:NoermOnels; User:ZelbaSlali. Calebrw (talk) 14:35, 22 May 2009 (UTC)[reply]

This is a known cross-wiki issue (not just on WMF wikis). Most are created through open proxies, but need checkusered and proxy checked to verify this. I'll start on that now and update the checkuser mailing list, watch for use of {{proxyblock}} --Brian McNeil / ^talk 15:00, 22 May 2009 (UTC)[reply]

So should we start mass blocking all these accounts, or will blocking the proxies behind them be sufficient? Tempodivalse [talk] 15:30, 22 May 2009 (UTC)[reply]

I'm blocking as I check, but it is very slow doing some of the proxy checks. We are close to getting an ISP to file a report with. --Brian McNeil / ^talk 16:39, 22 May 2009 (UTC)[reply]

All above users blocked (spotted one not to pattern). Clear proxies blocked. Possible proxies only autoblocked. Results for possible ISP complaint shared on checkuser mailing list. --Brian McNeil / ^talk 17:27, 22 May 2009 (UTC)[reply]

<unindent> Another few: OloouSittr (talk · contribs), OrgetGetac (talk · contribs), BasacElget (talk · contribs), CnaboLibas (talk · contribs) --Brian McNeil / ^talk 17:33, 22 May 2009 (UTC)[reply]

Here's a stupid question: If the user goes via open proxies... How do you track down an ISP to complain to? Blood Red Sandman ^{(Talk) (Contribs)} 19:15, 22 May 2009 (UTC)[reply]

Not all proxies are anonymous proxies. --Brian McNeil / ^talk 19:47, 22 May 2009 (UTC)[reply]

There is currently a proposal to install a m:flood flag at this wiki. Please see: Wikinews:Water cooler/proposals#Enable flood flag?. Comments and input are needed. This, if enabled, would be of some importance to administrators, so I thought it would be appropriate to link to the discussion here. Thanks, Tempodivalse [talk] 03:11, 23 May 2009 (UTC)[reply]

Enabled. See Special:AbuseFilter. I added some from q:Special:AbuseFilter that have already been tested and work pretty well. Cirt (talk) 09:19, 27 May 2009 (UTC)[reply]

A malbot has been running around recently from different IP addresses, replacing the content of certain pages with nonsensical text. I'm almost certain all its edits are from open proxies, and have blocked some of them for a month's time, but could someone run a proxy check to make sure? Tempodivalse [talk] 17:11, 11 June 2009 (UTC)[reply]

Does anybody know why User:Diagramma Della Verita is in the list of speedy-delete requests in the red box at the top of this page, despite not having a {{delete}} tag on it and not being in the speedy delete category? I can't get it to go away. Tempodivalse [talk] 18:30, 14 June 2009 (UTC)[reply]

Its because the page used to include User:Diagramma Della Verita/Userboxes which had {{delete}} on it. The transcluded page was deleted, but for some reason the category members/ template included list was not updated (If you go to edit the page, it says {{delete}} is included). This is weird and some sort of bug with mediawiki. we should probably ask the devs. Bawolff ☺☻ 21:20, 14 June 2009 (UTC)[reply]

I just made a null edit to the page, which seemed to refresh the list of categories it is in. According to the api its no longer marked as speedy delete, so it should get out of the other list. Bawolff ☺☻ 21:25, 14 June 2009 (UTC)[reply]

Yep, that seemed to have worked, thanks.   Tempodivalse [talk] 21:25, 14 June 2009 (UTC)[reply]

In case anyone's looking at the RC and wondering about my seemingly erratic behaviour deleting and restoring pages, I'd like to explain: I thought the page User:Joseph Spence, Sr. was in the main namespace and deleted it on sight (it was a biography). Only after I pressed "delete" did I realise that it was a userpage (and thus exempt from WN:SD). Sorry! Tempodivalse [talk] 18:05, 16 June 2009 (UTC)[reply]

And I just zapped User:Miss Jamaica, the two seem unrelated though. --Brian McNeil / ^talk 18:50, 16 June 2009 (UTC)[reply]

Category:Protected edit requests = 23 pages here. Cirt (talk) 06:41, 28 June 2009 (UTC)[reply]

I went through a bunch of them. Bawolff ☺☻ 09:45, 29 June 2009 (UTC)[reply]

Keep an eye on this IP. Warned the IP on the talk page. Going on Wikibreak tomorrow so I can't do it. Thanks. Calebrw (talk) 05:57, 2 July 2009 (UTC)[reply]

there seems to be a re-occuring vandal who inserts offensive things into user talk page. I keep blocking the guy, but he tends to come back about an hour after i block him. Just a heads up to everyone. Bawolff ☺☻ 10:33, 4 July 2009 (UTC)[reply]

Would checkuser be helpful in this case? John JM, John JK, John Joh, John JJJ and more (see recent block log). Seems to be able to evade blocks. --Jcart1534 (talk) 14:13, 4 July 2009 (UTC)[reply]

Blocked a /18 for a week. --Brian McNeil / ^talk 14:32, 4 July 2009 (UTC)[reply]

Could I get my talk page semi-protected for a week or so? Thanks, –Juliancolton | ^Talk 18:51, 4 July 2009 (UTC)[reply]

  Done. Cirt (talk) 18:54, 4 July 2009 (UTC)[reply]

This user name looks like an attempt at vandalism, and if not is a silly and offensive user name.KTo288 (talk) 18:54, 5 July 2009 (UTC)[reply]

It's been blocked by Blood Red Sandman (talk · contribs). –Juliancolton | ^Talk 18:57, 5 July 2009 (UTC)[reply]

I was hoping to prevent too much attention being drawn, since this could be a return of a previous vandal. Blood Red Sandman ^{(Talk) (Contribs)} 18:59, 5 July 2009 (UTC)[reply]