CloudFlare suffered a massive security issue affecting all of its customers, including Rosetta Code. All passwords not changed since February 19th 2017 have been expired, and session cookie longevity will be reduced until late March.--Michael Mol (talk) 05:15, 25 February 2017 (UTC)

Rosetta Code:Village Pump/Please appoint more Moderators!

From Rosetta Code
Please appoint more Moderators!
This is a particular discussion thread among many which consider Rosetta Code.

Summary

The number of active bureaucrats / moderators appears to be 1. 2!

Discussion

Of the listed bureaucrats and moderators, it appears that only 4 have been active in the past year and only 2 (including Short Circuit) in 2016.

Don't get me wrong Rdm is doing a great job cleaning up after spammers, but he seems to be the only bureaucrat logging in regularly lately.

Please appoint some new bureaucrats / moderators, or at least set up a low permissions user group that can do a 24 hour editing block on users who are spamming the site until a higher perms user can make a decision on what to do. There have been several occasions in the past few weeks where I was actually logged on the site while a spam attack was in progress but could do nothing to stop it or even slow it down other than delete page content and mark the page for removal. Meanwhile the spammers continued to just make new pages. Very frustrating.

For what it is worth, I would volunteer for such a role. I have been active on the site for over 5 years and have made hundreds of edits so I have a track record. Thanks. --Thundergnat (talk) 18:00, 9 March 2016 (UTC)

Turns out I have sufficient rights to bump up your privs, so I'm making you an admin. Thanks for the efforts. Let me know if you (or other helpful folk) need further rights. Thanks again. --Rdm (talk) 09:45, 10 March 2016 (UTC)
Thanks for the vote of confidence. It is very satisfying to be able to actually shut down the spammers. I know AndiPersti has expressed interest in helping with spam in the past. (See the bottom of your talk page.) Horsth has helped by marking pages as spam on occasion. I don't know whether (s)he would be interested in doing moderation though. --Thundergnat (talk) 20:36, 11 March 2016 (UTC)
If you need another helping hand I'm still interested. --Andreas Perstinger (talk) 06:35, 12 March 2016 (UTC)
I'm not interested in getting moderator.I thought, marking as a soon as possible as spam, would keep spammers from doing so.But would it be not much easier to filter the title of a new created site after spam-buzzwords like "phone" "support" "800" "+1" "001" etc and let those site to be approved by one of the admins? --Horsth
That would not deal with PH0NE, *p*h*o*n*e* and so on... That said, currently, we're doing just fine, though it probably is worth thinking about how we are going to deal with the next attack. Just having more people ready to stand against them helps, of course.
From a wikisoftware point of view, the tools I was wishing for had to do with making it easier for me to clean up the mess, and making it harder (but not impossible - impossible is impossible to achieve, and a waste of time - also, people make mistakes even if they are administrators) for them to spam us. For example, it would be great if I could just delete a user and have all their contributions removed also. This would need some limitations (exercising that against a useful contributor would be awful, and more than once when I was looking at user contributions and seeing a bunch of spam pages at the top, I belatedly noticed that these were "marked as spam" edits, that would have been bad...). Still, the pattern seems to be that spammers use throwaway accounts (they kind of need to, since they are dedicated to making their welcome go away), so something focussed on removing history from recently created accounts would probably be a good thing. --Rdm (talk) 14:29, 12 March 2016 (UTC)
In my opinion the key to fighting spam is to move the burden of effort towards the spammer. The only way I can see that happen is when we disable automatic account creation and invite serious new contributors to drop us a line or meet us for a chat session. There are only a handful of serious new contributors per month, I think, the others are bogus, so the burden for admins would likely be less. Making regular contributions to Rosetta code will take many hours. Surely a serious contributor should be willing to deal with a small threshold. Fwend (talk) 14:45, 12 March 2016 (UTC)
Maybe have prospective members submit a solution to one of the tasks by form so that we can have a quick look at it before their account is enabled. This should be easy for a serious contributor because that's what they intend to do anyway, but quite a burden for the spammer. Fwend (talk) 15:04, 12 March 2016 (UTC)
It looks like there is an extension available which does what you want: Extension:Nuke. And it should be bundled with our current wiki version. So Mike would need to enable it.
In my experience using a blocklist works pretty well. On the Zsh Wiki there was a long-time spammer who always posted the same links on several pages. After suggesting to the admin that he should add some of the links to a blocklist the spammer quickly gave up.
All of the recent spam pages had a huge wall of text thus I think it shouldn't be to hard to find one or two words (or word sequences) which would trigger the filter. Then it doesn't matter if the spammer for example obfuscates the page title.
The MediaWiki software has builtin spam protection using a regex but again you must have access to the server to enable it. But if that option will ever be enabled I suggest to change the default text which mentions the reason for the block (i.e. the word which triggered the filter) because I don't think we want to let the spammers know what words they should avoid in their spam attempts :-) --Andreas Perstinger (talk) 17:50, 12 March 2016 (UTC)
Mmm... that sounds promising.
That said, spammers are something of a distraction - and I think we have bigger problems. I was looking at a summary of tasks solved per language, and I noticed that over the course of a year or two, J had lost several hundred entries (from the count) - this was despite a variety of new task implementations being added over that time.
Now, I don't know if that reflects a bug in the counting process, a bug in the wiki implementation, hardware failures, the consequence of malware, password stealing, or any of a variety of other possible explanations. (These are not even mutually exclusive.)
Anyways, regardless of causes and people's motivations, ultimately the integrity of the site comes down to the personal efforts put in by its contributors. Spammers serve as a reminder that there are billions of people out there, and not all of them are nice people. --Rdm (talk) 18:10, 12 March 2016 (UTC)
Is it known why the other 2 admins, Paddy3118 and Mwn3d, are not active? Fwend (talk) 14:18, 12 March 2016 (UTC)
I presume they are busy. Contributing here is a voluntary activity, and sometimes people need to deal with other things. I know I've gone and been busy elsewhere sometimes for months at a time. Real life is like that sometimes... --Rdm (talk) 14:29, 12 March 2016 (UTC)
Busy due to personal circumstances, but I still, most strongly, want RC to do well. Thanks guys - it's a great community :-)
--Paddy3118 (talk) 07:45, 30 March 2016 (UTC)