Inappropr0iate MediaWiki records in 20070908 dumps

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

Inappropr0iate MediaWiki records in 20070908 dumps

jmerkey-3

Someone has inserted a statement into the current dumps (20070908) which
causes the following message to appear on all login screens which imports
these dumps.  Since the template uses a wikitext routine to generate a
smearing statement to anyone who uses the dump, it should not be in future
dumps. Any users who login to the site or request a password are accousted
with this message.


"...

You are viewing this page on www.wikigadugi.org, which might be a proxy or
phishing site. This site can intercept your password; you are strongly
advised to log in from en.wikipedia.org.
Secure your account:
If your password only contains letters or numbers, please read our article
on password strength and consider changing it (in Special:Preferences
after you log in).
To avoid becoming a victim of phishing, always verify that you are viewing
Wikipedia's login page when logging in. The domain name must be
"en.wikipedia.org" or "secure.wikimedia.org".
Do not give out your password to anyone.
If your account is compromised, it may be permanently blocked unless you
can prove you are its rightful owner.
As insurance, you may "commit" to your identity by adding a cryptographic
hash to your user page as instructed here

..."

My mirrors are not proxy or phishsing sites, and it's inappropriate to
place this type of content into the dumps for innocent parties who may be
using the dumps simply to mirror or promote wikipedia in good faith.

I do not know whose idea this was, but its a terrible one.  I will be
removing thesde entries from my local dump.  Were it just an informational
message without referencing the site name, that's not as problematic, but
this template is designed to place this content by dynamically generating
the site name in the message.   It is therefore cachable by search engines
and improperly labels mirror sites as "phishing" sites.


Thanks

Jeff


_______________________________________________
Wikitech-l mailing list
[hidden email]
http://lists.wikimedia.org/mailman/listinfo/wikitech-l
Reply | Threaded
Open this post in threaded view
|

Re: Inappropr0iate MediaWiki records in 20070908 dumps

Rob Church
On 07/10/2007, [hidden email]
<[hidden email]> wrote:
> I do not know whose idea this was, but its a terrible one.  I will be
> removing thesde entries from my local dump.  Were it just an informational
> message without referencing the site name, that's not as problematic, but
> this template is designed to place this content by dynamically generating
> the site name in the message.   It is therefore cachable by search engines
> and improperly labels mirror sites as "phishing" sites.

Sorry, Jeff, but that's bollocks - the message is a bit
strongly-worded, but all it says is that an external site is
potentially dodgy, which is fair enough - apparently a lot of web
users don't quite get this whole "you need to use your common sense on
the web, too" thing.


Rob Church

_______________________________________________
Wikitech-l mailing list
[hidden email]
http://lists.wikimedia.org/mailman/listinfo/wikitech-l
Reply | Threaded
Open this post in threaded view
|

Re: Inappropr0iate MediaWiki records in 20070908 dumps

jmerkey-3
> On 07/10/2007, [hidden email]
> <[hidden email]> wrote:
>> I do not know whose idea this was, but its a terrible one.  I will be
>> removing thesde entries from my local dump.  Were it just an
>> informational
>> message without referencing the site name, that's not as problematic,
>> but
>> this template is designed to place this content by dynamically
>> generating
>> the site name in the message.   It is therefore cachable by search
>> engines
>> and improperly labels mirror sites as "phishing" sites.
>
> Sorry, Jeff, but that's bollocks - the message is a bit
> strongly-worded, but all it says is that an external site is
> potentially dodgy, which is fair enough - apparently a lot of web
> users don't quite get this whole "you need to use your common sense on
> the web, too" thing.
>
>

Strongly Worded?   That is indeed the case.   MediaWiki:Loginend is the
page to blank, for the record.  I think the message is ok, setting up the
template to dynamically insert the site name is inappropriate.

Jeff
> Rob Church
>
> _______________________________________________
> Wikitech-l mailing list
> [hidden email]
> http://lists.wikimedia.org/mailman/listinfo/wikitech-l
>



_______________________________________________
Wikitech-l mailing list
[hidden email]
http://lists.wikimedia.org/mailman/listinfo/wikitech-l
Reply | Threaded
Open this post in threaded view
|

Re: Inappropr0iate MediaWiki records in 20070908 dumps

Gregory Maxwell
In reply to this post by jmerkey-3
On 10/7/07, [hidden email] <[hidden email]> wrote:
>
> Someone has inserted a statement into the current dumps (20070908) which
> causes the following message to appear on all login screens which imports
...

> My mirrors are not proxy or phishsing sites, and it's inappropriate to
> place this type of content into the dumps for innocent parties who may be
> using the dumps simply to mirror or promote wikipedia in good faith.
>
> I do not know whose idea this was, but its a terrible one.  I will be
> removing thesde entries from my local dump.  Were it just an informational
> message without referencing the site name, that's not as problematic, but
> this template is designed to place this content by dynamically generating
> the site name in the message.   It is therefore cachable by search engines
> and improperly labels mirror sites as "phishing" sites.

I agree. It's a terrible idea:  The message is created via the
template system, and not via javascript. This means that in cases
where someone has setup a reverse proxy to 'live load' the site people
will not get the message, but in cases where people have properly
loaded the dumps they will.

People loading the dumps are not a real phishing risk at least for
enwp, since loading a dump is a ton of work. Setting up a proxy isn't.

Then again, there are all sorts of stupid wikipediaisms in the dumps
that are going to break things for people importing them.  These
dependencies are often introduced by users without consideration of
the implications... it's nearly impossible for us to stop it so the
burden must remain with anyone using the dumps to fix the issues.

_______________________________________________
Wikitech-l mailing list
[hidden email]
http://lists.wikimedia.org/mailman/listinfo/wikitech-l