Add user-agent variable for abuse filtering
Open, LowPublicFeature
Actions

Assigned To

None

Authored By

	Billinghurst
	May 20 2013, 12:45 AM

Description

One recent example of spam edits has identified the user agent

http://code.google.com/appengine; appid: s~bagswish

in recent usage. It is reasonable to expect that such and similar types of abuse is going to continue to occur, and where it is occurring then it would seem an easy and convenient means to block such user-agent components after they have been identified by checkuser process

Would be useful to have variable_name user-agent, and variable values, with regex that could be applied.

Naturally there are some dangers, however, with the clear inability to be able to checkuser for a specific user-agent, and with such spammers having the ability to operate across so many wikis, the ability to prevent is required. I envisage that at WMF this would be a global filter added by stewards only as required.

Version: unspecified
Severity: enhancement

Details

Reference: bz48623

Related Objects
Search...

		Status	Subtype	Assigned	Task
		Open	Feature	None	T50623 Add user-agent variable for abuse filtering
		Open		None	T234155 Create CheckUser-level abuse filters

Event Timeline

• bzimport raised the priority of this task from to Low.Nov 22 2014, 1:17 AM

• bzimport added a project: AbuseFilter.

• bzimport set Reference to bz48623.

• bzimport added a subscriber: Unknown Object (MLST).

Billinghurst created this task.May 20 2013, 12:45 AM

Adding the User-Agent as a variable would be rather easy to do, the issue is that we don't have a way to make sure only CUs/Stewards could use and see it.

• werdna unsubscribed.Dec 10 2014, 6:17 PM

Legoktm added a project: Stewards-and-global-tools.Oct 27 2015, 4:58 PM

Restricted Application added a subscriber: Aklapper. · View Herald TranscriptOct 27 2015, 4:58 PM

Trijnstel added a subscriber: Callanecc.Dec 21 2015, 12:07 AM

Billinghurst unsubscribed.Dec 21 2015, 12:08 AM

See for a related bug report T40297

Glaisher mentioned this in T100070: Allow CheckUsers to set User agent (UA)-based IP Blocks.Dec 24 2015, 5:02 AM

• MZMcBride subscribed.Dec 24 2015, 8:26 AM

RuyP subscribed.Dec 29 2015, 10:49 PM

Restricted Application added a subscriber: JEumerus. · View Herald TranscriptDec 29 2015, 10:49 PM

MarcoAurelio removed a subscriber: • wikibugs-l-list.Apr 18 2016, 9:18 AM

Amire80 moved this task from Backlog to Filtering features on the AbuseFilter board.May 8 2016, 9:06 AM

Matanya closed this task as a duplicate of T146837: Add ability to search by user agent from CheckUser interface.Jan 11 2017, 11:19 PM

@Matanya Hi. I don't think this is a duplicate. This is for AbuseFilter, not for CheckUser :)

Sorry, closed in error. @MarcoAurelio thanks for the ping.

MarcoAurelio removed a parent task: T43492: [DO NOT USE] Steward, global sysop and SWMT tasks bugs (tracking) [superseded by #Stewards-and-global-tools].Jan 11 2017, 11:39 PM

Reedy edited subscribers, added: MusikAnimal; removed: MF-Warburg.Jan 14 2017, 4:55 AM

I think we can close this as a dupe of T40297.

In T50623#2944977, @MarcoAurelio wrote:

I think we can close this as a dupe of T40297.

That task is restricted.

In T50623#2948163, @MZMcBride wrote:

That task is restricted.

Oh yes, my bad. I'd say topics are the same though.

Matanya moved this task from Untriaged to Medium priority on the Stewards-and-global-tools board.Apr 19 2017, 8:18 PM

T173307 related?

In T50623#3575038, @Samtar wrote:

T173307 related?

To some degree.

Here, the task requests the UA to be exposed *as a variable* (meaning that anyone who can edit a filter can see its value, or else it would be impossible to debug rules, etc)

There, the task does not ask for it to be exposed as a variable. It only asks for it to be stored along with the *private data* associated with each log entry. We do have a way to control who can see the private details of the log and can restrict it to CheckUsers only, for instance. This, answers the issue raised by Legoktm above (in 2013 for crying out loud).

Another related task is T152934 for which I have already made a patch. Once that goes in production, we have the ability to give the access I just mentioned to the CheckUsers in WMF wikis. (We don't give them this currently, because we don't have a way to keep track of who access what private information).

mxn subscribed.Oct 24 2017, 5:25 PM

Bawolff subscribed.Jul 20 2018, 7:57 PM

Daimona mentioned this in T234155: Create CheckUser-level abuse filters.Sep 29 2019, 9:21 AM

Huji mentioned this in T146837: Add ability to search by user agent from CheckUser interface.Nov 1 2019, 1:57 PM

Daimona added a subtask: T234155: Create CheckUser-level abuse filters.Dec 17 2019, 1:27 PM

Stang subscribed.Dec 30 2021, 8:23 PM

Aklapper changed the subtype of this task from "Task" to "Feature Request".Feb 4 2022, 11:13 AM

Zabe subscribed.Apr 11 2022, 11:57 PM

Jules78120 awarded a token.Oct 9 2022, 7:57 PM

Jules78120 subscribed.

LD awarded a token.Oct 9 2022, 8:13 PM

Hymeros awarded a token.Oct 9 2022, 9:14 PM