D1ce said:
I tried cleaning up after this guy. He seems to like changing the same posts again and again.
Why don't we rating-lock them?
Posted under General
Here are some more:
user #495083 (active)
user #494880 (active)
I stopped counting because I noticed a pattern very quickly in all of this:
http://danbooru.donmai.us/users?&limit=500
It's not normal for a new user to all of a sudden make a ton of new edits.
The behavior of an average new user should be analyzed, and if they behave outside the norm, then flag the moderators/admins to follow-up and validate their changes, providing a tool to easily ban, revert changes, and lock all the changes all from one interface.
evazion said:
Require a confirmed email address before making edits. Blacklist disposable email addresses. Blacklist signups from Tor IPs and known proxies. Block people from making multiple accounts with the same IP. Set an evercookie after banning someone so if they make a new account they're immediately rebanned.
I don't see any downside to all these.
Banning proxies is not a good idea either considering many countries that block danbooru. Evercookie was discussed earlier and it makes use of various backdoors, which causes anti-virus software to fire up an alarm and can potentially harm site's search result positions.
I think we should undermine the reason to create sockpuppets - in other words, make tools so that
1) any damage done is easily reversible (search & undo mod tool for versions sounds good)
2) any suspicious activity from formerly dormant users is easily detected
That way, whatever they do is easily reversed. They might not be a smartest bunch if they do that, but fighting against automated tools is a fool's errand.
Checked the last 5000 users and came up with the following:
user #495083 (active)
user #494880 (active)
user #494875 (active)
user #494874 (active)
user #494578 (active)
user #494577 (active)
user #494575 (active)
user #494570 (active)
user #494561 (active)
user #494560 (active)
user #494559 (active)
user #490655 (may be the same person...? inactive since 08-23-2016)
I also created a script that undoes all of the post edits of a user and subsequently rating locks that post, so it's tailored specifically to the above user. I plan on adjusting it so that other vandalisms can be easily rectified.
BrokenEagle98 said:
Checked the last 5000 users and came up with the following:
I also created a script that undoes all of the post edits of a user and subsequently rating locks that post, so it's tailored specifically to the above user. I plan on adjusting it so that other vandalisms can be easily rectified.
Hah, and I started to work on the same thing. Will build one anyway for own usage, but hopefully we get issue #2689 ready soon enough.
Do you intend to undo all the changes by the users you've mentioned? I see some are still live.
Yeah, I've undone all of their changes. I also created another script that scans for changes from those users (in case they make changes before they're deleted), as well as scanning for new accounts from that user.
Psuedocode for the latter is the following:
for Users created < 1 Month Ago
if already identified as sockpuppet
then
continue
if # post_changes > 5
then
compile list and numbers of all tags used
order list in ascending order
for tags in list
if tagcount > 5
then
display tag,tagcount
end
Output looks something like the following:
Checking user 494882... rating:s 52 rating:q 52
Updated
Type-kun said:
Hah, and I started to work on the same thing. Will build one anyway for own usage, but hopefully we get issue #2689 ready soon enough.
Why not port BrokenEagle's implementation to Ruby?
tapnek said:
Why not port BrokenEagle's implementation to Ruby?
Pseudocode that he has written here is more fit for adjacent issue #2690. Besides, this will miss possible sockpuppets registered in advance.
Type-kun said:
Pseudocode that he has written here is more fit for adjacent issue #2690. Besides, this will miss possible sockpuppets registered in advance.
Yeah, I went back 4 months as a testcase, and the output started to be more cluttered with legitimate users the further back in time I looked.
I could maintain a whitelist of recently created good users, but that could be exploited as well.
There's also user #495022 - only a single edit?
And user #494744, but I doubt it's the same person (platinum status, ratings changed the other way).
Anyway, while the tools are being built, report sockpuppets here, it's trivial to revert their edits with scripts.
I did an IP search based on IPs from the banned users' versions. Here are recent matching users, along with count of actions that matched the IPs:
user #490655 (user_490655) - 151
user #492510 (Tsunade_is_love_Tsunade_is_Life) - 5
user #492928 (fishman77) - 78
user #493361 (Tygggh) - 438
user #494325 (leslieK) - 1
user #494525 (tyggh) - 86
user #494535 (batlord3) - 34
user #494536 (batlord4) - 20
user #494537 (starking3) - 21
user #494539 (kingman3) - 21
user #494540 (overtill4) - 21
user #494541 (orange7) - 32
user #494551 (grooselen) - 19
user #494552 (oagrel33) - 23
user #494559 (oatmealdude) - 21
user #494560 (torbidmonster) - 22
user #494561 (liztheundertaker) - 37
user #494569 (fuckjc3) - 1
user #494570 (luckjc3) - 41
user #494572 (addudan) - 40
user #494575 (slikker1) - 41
user #494576 (oppenheim) - 37
user #494577 (liebzusein) - 26
user #494578 (blover34) - 38
user #494638 (obbellem) - 1
user #494874 (maxwellthel) - 31
user #494875 (obbellum) - 38
user #494880 (seagullteam6) - 28
user #494882 (6133959) - 1
user #494925 (molart) - 1
user #495082 (adhomunim) - 28
user #495083 (rakktert) - 49
Most are banned, some are not. Mind that IP might be that of a public proxy, so not every matching user is a sockpuppet.
evazion said:
Block people from making multiple accounts with the same IP.
Gollgagh said:
I live in a household with multiple users and will always object to this one in particular.
I mean specifically during signup. Two accounts browsing under the same IP is fine. Making five new accounts with the same IP in a few minutes is not fine. Same deal with proxies: browsing with a proxy is fine, signing up with a proxy is suspect.
If we want to restrict accounts, target suspicious accounts first. Although I'd say, instead of a week's probation, make them go on the forum and ask for activation before getting edit permission. This way legit users could still get started quickly, while suspect users could be spotted even if they're older than a week.
Email account requirements are easy enough to circumvent. Even with just Gmail you can do things like use name+1@gmail.com or n.ame@gmail.com which would all direct mail to name@gmail.com.
How about this: rating (and maybe include source and parent in this) changes require some sort of secondary confirmation step. Maybe a CAPTCHA. Gold+ accounts wouldn't have to deal with this step. It might be enough to deter vandals but wouldn't stop honest editors from making changes.
I also believe ratings are highly likely to be valid for older posts. It's probably already gone through a passive vetting process so the older a post is the more likely its rating is accurate. So beyond a threshold rating changes simply shouldn't be allowed. And if newer posts are vandalized, it's more likely to be caught and corrected.
I could have sworn I wrote a tool to mass revert any changes a user made but I'll have to investigate what happened to it or where it is.
I often correct misrated posts, and would definitely not enjoy having to pass a CAPTCHA every time I did so. With all due respect, I'd also say that there are quite a few misrated old posts, both ones that received Questionable as default rating when the system was introduced and ones that were rated when the rating standards were different. Please consider other ways to deal with rating vandals.
I did a rating:q order:id search and found a number of posts that should probably be rated Safe on the first ten pages. Examples: post #79, post #823, post #641, post #1142, post #777.
albert said:
How about this: rating (and maybe include source and parent in this) changes require some sort of secondary confirmation step. Maybe a CAPTCHA. Gold+ accounts wouldn't have to deal with this step. It might be enough to deter vandals but wouldn't stop honest editors from making changes.
What about the other things I've listed in forum #120417, such as tags, pools, and notes? We've had problems with tag blankers and stubborn people insisting on adding their favorite image to a pool despite not meeting the standard of said pool.
I also believe ratings are highly likely to be valid for older posts. It's probably already gone through a passive vetting process so the older a post is the more likely its rating is accurate. So beyond a threshold rating changes simply shouldn't be allowed. And if newer posts are vandalized, it's more likely to be caught and corrected.
I hope you don't mean permanently. I still find the occasional posts rated E in the old standard when it would fit under Q.
If you want to lock it from Gold and below after X amount of time, I'd be fine with that.