Request to be added to ROS wiki whitelist

[130s]

Update: 2018-10-17

This issue has maxed out the number of comment that can be added to a github issue. We have created a new issue #258 where you can request to be added for access to the wiki.

---

If you would like access to edit the wiki please comment below with your ROS wiki username.

After you have been added you may want to unsubscribe from this ticket as there will be many updates. Use the button on the right sidebar to unsubscribe from future notifications.

---

UPDATE 6/7/2016; Title of the ticket originally was ROS wiki is experiencing vast amount of spams, for the record. I'm glad that this ticket serves the purpose in many ways.

http://wiki.ros.org/RecentChanges

There's easily more than 100 editions and is beyond manually revert-able.

[130s]

As @tfoote mentioned before, we can only manually revert/delete 1-by-1? Ok I'll start working on some..

[130s]

Spammers are viciously changing titles of pages, that may not be captured by looking at revision history?
E.g. Now http://wiki.ros.org/ROS/Tutorials is gone. And instead this page is there.

[130s]

Spammers are viciously changing titles of pages, that may not be captured by looking at revision history?
E.g. Now http://wiki.ros.org/ROS/Tutorials is gone. And instead this page is there.

I'm failing to revert the page name.

[130s]

Asked for volunteers.

[gavanderhoorn]

Ouch. I see multiple pages per second.

@tfoote: is there some admin interface for deleting all contributions from certain users on the wiki?

[dlaz]

It might make sense if an admin could make the wiki read-only for a little bit. There are pages that have been reverted and then re-spammed.

[dirk-thomas]

I just changed the captcha to a random string. All non-whitelisted users have to enter that string (which is unknown to anyone). Hopefully that will stop further edits. I changed it before but a human can always get the answer right which was what happened.

If you want to help cleaning up the spam but your username is not on the list please post it here and I am happy to add it.

[130s]

Some newly created pages on recently-changed page seem not exist, but they still linger on the list.
E.g. this page. This makes harder to spot the pages that need to be deleted.

[dirk-thomas]

I just wrote a script which moves pages with the substring "quickbooks" to a different location in the FS.

[130s]

@dirk-thomas that seems working great.

Now ROS/Tutorials page is renamed as I mentioned #139 (comment) (and now I don't see pulldown menu so I can't try renaming it back).

[dirk-thomas]

I have to grep through the moved pages and find the few which had content before.

[dirk-thomas]

http://wiki.ros.org/ROS/Tutorials seems to be the only renamed page. I restored it. As far as I can see it should be clean again now. If you still see any spam content please comment here and feel free to clean it up.

Thanks for all your help!

We still have to set a viable captcha again... @tfoote Any idea?

[dirk-thomas]

Just for the record: I ran this script to move spam pages to a different location:

import os
import re

for name in os.listdir('.'):
    if not re.search('quickbook', name, re.IGNORECASE):
        continue
    print(name)
    os.rename(name, '../pages_deleted/' + name)

And then searched through these to find pages with real content:

import os
import re

for name in os.listdir('.'):
    if not os.path.exists(name + '/revisions/00000002'):
        continue
    with open(name + '/revisions/00000001', 'r') as h:
        content = h.read()
    if re.search('quickbook', content, re.IGNORECASE):
        continue
    print(name)

[awesomebytes]

Good to see it's fixed!

Also just for the record I made a selenium script that giving it a list of links or articles (well, writting them inside of the script, sorry) to delete it will access the delete page and click on delete (adding a comment "spam").

https://gist.github.com/awesomebytes/7dcc241eecc322bb7dcd

Maybe it can inspire some other tool in the future.

[tfoote]

It seems like we're up against a real person since they were able to break 3 updated textchas in a row quickly.

We probably need to switch to use an external authentication source. The wiki does not have good user controls that can function at our scale.

[moriarty]

Hi @tfoote, my username on the wiki.ros.org is the same as my github username.
Thanks for responding so quickly.

[tfoote]

@moriarty you should be able to edit now.

[allenh1]

Looks like I'm a little late to the party, but let me know if there's anything I can do.

[allenh1]

My user is HunterAllen

[moriarty]

A quick Google search shows that a large number of other wikis are experiencing the same troubles.

Within the past few minutes the same type of pages are showing up on the @jenkinsci wiki https://wiki.jenkins-ci.org/pages/listpages-dirview.action?key=JENKINS . They're coming from a username which was spamming GitHub issues a few months ago and has since been shut down.

Is there any more data/information to take a more direct, grey hat approach?

[moriarty]

@tfoote, I just tried again to update the page, I didn't realise think that MoinMoin would be CaseSensitive. My username is actually Moriarty - sorry.

As for your comment on the external auth source, I'm not familiar with MoinMoin but I took a look into the options available for it. In the mean time it may be worth adding "quickbook" to the BadContent page, and perhaps "1800". https://moinmo.in/HelpOnSpam#BadContent_.2F_LocalBadContent

[allenh1]

Could we just spam filter anything containing "Quickbook pro tech support phone number"? Looking at the Jenkins wiki link above and the posts in our wiki, that seems to be the intersection between all the posts, since the phone numbers and names are inconsistent.

[tfoote]

@allenh1 I've added you. If you can propose some additions to the BadContent regexs that would match we could add them to the site. Though reviewing the titles they're really good at misspelling things or adding extra punctuation such as "s.u.p.p.o.r.t" And I do see some non-quickbooks things too.

The current regex is at http://wiki.ros.org/BadContent

[gavanderhoorn]

Could I be added as well? wiki username: GvdHoorn. Thanks.

[tfoote]

@gavanderhoorn added

[akifh]

Is there anything that I can do? My username is AkifHacinecipoglu

[croesmann]

After trying to submit all changes to my package wiki entry, I recognized the whitelist thing ;-)
Could you please add me to the list? Username: ChristophRoesmann
Thank you very much!

[allenh1]

@tfoote What about a [.,_]? ? That would check for commas, underscores and periods. We put that between all letters of the word. That would at least lessen the amount of spam... Also, I should note that this was a suggestion from @BPHays

[tfoote]

@akifh @croesmann added

@allenh1 yes, the trick is to write the regex to not have too many false positives or negatives. If you can propose some full regexs we can review them.

[tfoote]

Thanks for help cleaning up the spam. We have turned on recaptcha for the site. It should be back and operational now.

The diff is here: https://gist.github.com/tfoote/675b98df53369e199dea based on https://codereview.appspot.com/70400043 It is using https://pypi.python.org/pypi/recaptcha-client/1.0.6

If you see any issues please comment back here.

[ipa-pfs]

Please add me
username: Philipp Schnattinger

Thanks

[yyyasu]

Please add me
username: Yasuhiro Mano

Thanks

[mumiii]

hii

[mumiii]

mohamed ashraf

[jamiedbennett]

Going through most of the documentation again that would be applicable to a new starter and would like to fix minor issues as I go.
username: JamieBennett

[dhood]

@jamiedbennett @mumiii @yyyasu @ipa-pfs @nburek added

[marshallmassengill]

Please add: MarshallMassengill

[Tobias-Fischer]

Please add: TobiasFischer

[pl-kabaradjian]

@erikbeall added

@pl-kabaradjian not sure what the underlying issue is; I found your username in the whitelist already. Simple thing that I've tried is to remove it and add it again... could you let me know if anything has changed for you?

(reminder to others that you can unsubscribe from this issue to not receive notifications anymore)

Hello @dhood , I quickly checked again and I still can't edit any page, on top of pages I have:

Note: Hi there, Pierre-LouisKabaradjian! In an effort to combat spam, we require that users be added to a whitelist to gain edit permissions. To gain edit permissions for yourself, please comment on this GitHub ticket with your wiki UserName, 'Pierre-LouisKabaradjian', to be added to the whitelist. Thanks for your patience and support.

Could this come from the hyphen in my username ?

[marcusvinicius178]

Hello, I am mechanical engineering student from Brazil, I would like the access of roswiki page. I desire to contribute and learn with the community.
Thanks

[marcusvinicius178]

Hello, I am mechanical engineering student from Brazil, I would like the access of roswiki page. I desire to contribute and learn with the community.
username in roswiki.org = Marcus Vinícius Leal de Carvalho
username in rosanswer.org = marcusvini178
Thanks

[HannesBachter]

Hi, I would like to get access to edit the roswiki page:
wiki username: HannesBachter

[Roboterbastler]

Please add: JacobSeibert

[vincentberenz]

Please add: VincentBerenz

[TheFabbiusCorp]

Please add: FabioCapasso

[3vikramkumar]

Hi, please whitelist roswiki username: trivikram
Thanks.

[nmullane]

Please add: NiallMullane

[wjwwood]

For everyone, I suggest unsubscribing from this issue once you've been added.

---

@marshallmassengill @Tobias-Fischer added

---

@pl-kabaradjian

Could this come from the hyphen in my username ?

Maybe, I can try adding a new user name if you want to create on without the hyphen.

---

@marcusvinicius178 @HannesBachter @Roboterbastler @vincentberenz @fabiocapasso93 @3vikramkumar @FalconWarriorr added

[siyang66]

150412

[pl-kabaradjian]

@pl-kabaradjian

Could this come from the hyphen in my username ?

Maybe, I can try adding a new user name if you want to create on without the hyphen.

@wjwwood Ok, I created a new username : PierreLouisKabaradjian
We'll see if the problem goes away.
Thx

[dizz]

Please add: dizz

[tfoote]

@dizz @siyang66 added
@pl-kabaradjian updated w/o hyphen

[pl-kabaradjian]

@pl-kabaradjian updated w/o hyphen

I can now edit! Thanks a lot @tfoote, @dhood , @wjwwood for your time!
If the hyphen was really the cause, it might be nice to check the username for it. Otherwise there might be some regex parsing of the whitelist that is a bit too restrictive.

[cottsay]

Please add: ScottLogan

[diogoalmeida]

Please add: DiogoAlmeida

[lennarthaller]

Please add LennartHaller

[tfoote]

@lennarthaller @diogoalmeida @cottsay added

Since we have reached 2500 comments we cannot comment here anymore. If you're looking to get access to the ROS wiki please comment instead on #258 now.