Talk:Spam blacklist - Meta

Tgeorgescu (talk) 14:23, 1 October 2024 (UTC)Reply

  Declined not problematic enough to justify global listing.   Defer to w:ro:Mediawiki talk:spam-blacklist. XXBlackburnXx (talk) 14:39, 2 October 2024 (UTC)Reply

Latest spambot spam target, I can only see two of them ([1] [2] [3]), but I'm pretty sure that most of the spambots today were attempting to spam the link. ClumsyOwlet (talk) 17:07, 1 October 2024 (UTC)Reply

Actually, [4] might be better. ClumsyOwlet (talk) 13:03, 2 October 2024 (UTC)Reply

@ClumsyOwlet:   Added to Spam blacklist. --XXBlackburnXx (talk) 14:36, 2 October 2024 (UTC)Reply

• Regex requested to be blacklisted: mostbet

Spambot gambling spam ([5] [6]). ClumsyOwlet (talk) 22:12, 3 October 2024 (UTC)Reply

@ClumsyOwlet:   Added to Spam blacklist. --XXBlackburnXx (talk) 17:12, 4 October 2024 (UTC)Reply

Compromised content farm used to facilitate cross-wiki spam, controlled by (see explanation) the hrtwiki/Мкдвики cluster (SRG archive; en SPI; nl overview). Pages at the names targeted by this cluster have been deleted in many language editions (recent deletions: bs, el, es, fr, hu, simple, ro (AfD), sl; less recent, repeated: it; many on enwiki, see instead titleblacklist and the related discussion), but they are still being created (recent creations at nl:Aleksandar Sasja Trajkovski and it:Bozza:Saša Trajkovski) and they invariably contain links to ekran.mk, i.e. rely on such self-created spam to create an illusion of independent coverage (see example of recent addition at hr:Special:Diff/7028973). Other content on the content farm which does not immediately bear a connection to the described activity is not credible and not useful.Alalch E. (talk) 23:12, 6 October 2024 (UTC)Reply

looking at this soon. I did a CU on nlwiki as well, but found nothing interesting. -XXBlackburnXx (talk) 04:34, 7 October 2024 (UTC)Reply

@Alalch E.:   Added to Spam blacklist. --XXBlackburnXx (talk) 08:41, 7 October 2024 (UTC)Reply

This website contains valuable financial information for many companies. Peter.Pielmeier (talk) 07:54, 6 October 2024 (UTC)Reply

Discussion continued from en:Wikipedia:Village_pump_(technical)#youtu.be_blacklist.

When you use the share button on youtube it uses the official url shortener. Blocking that makes no sense, it is only inconvenient. Let's say we have https://youtu.be/Zl8BIUx8QW0?feature=shared&t=1 then we can simply change it to https://www.youtube.com/watch?v=Zl8BIUx8QW0#t=1 and then it suddenly is allowed. But of course many people don't know that. This url shortener cannot be used for malicious purposes because it only redirects to youtube, so it is more like a domain alias than an url shortener. Polygnotus (talk) 21:32, 6 October 2024 (UTC)Reply

Doesn't that youtu.be creation service embed tracking tokens in the default generated link though - something we normally want to discourage. — xaosflux ^Talk 00:43, 7 October 2024 (UTC)Reply

@Xaosflux: No, it doesn't. It only adds ?feature=shared, which track usage of the feature but is not a tracking token. Polygnotus (talk) 00:46, 7 October 2024 (UTC)Reply

Ah, based on this it seems likely that it did a year ago, but it doesn't currently. Polygnotus (talk) 00:48, 7 October 2024 (UTC)Reply

Hmmm, so I just went to a YT page, https://www.youtube.com/watch?v=HEgfuhuRwRI, and hit the "share" button - what generates is: https://youtu.be/HEgfuhuRwRI?si=jOnhNOOTYjr8E39y. Notice all that extra ?si= stuff? — xaosflux ^Talk 00:58, 7 October 2024 (UTC)Reply

@Xaosflux: Hm, it doesn't for me, and I have never seen that parameter before. I get https://youtu.be/HEgfuhuRwRI?feature=shared Possibly because we live in different jurisdictions? I live in the old world, do you live in the new world? We can use a bot that removes the tracking parameter, or even a regex that blocks its inclusion (ideally with a better explanation for the enduser). But I don't think we should throw the baby out with the bathwater. Polygnotus (talk) 01:06, 7 October 2024 (UTC)Reply

I also get the si parameter. I live in the old world. Alalch E. (talk) 01:51, 7 October 2024 (UTC)Reply

@Alalch E.: It could be a GDPR thing. You live outside the GDPR area, right? Polygnotus (talk) 01:53, 7 October 2024 (UTC)Reply

It's not the law of the land here (does not apply domestically with respect to activities that are domestic in reach). Alalch E. (talk) 02:08, 7 October 2024 (UTC)Reply

Thank you! Over here it very much is the law of the land. I think that solves the mystery. Polygnotus (talk) 02:10, 7 October 2024 (UTC)Reply

I just went throug the spamblacklist log on en.wikipedia: https://en.wikipedia.org/wiki/Special:Log/spamblacklist. highlighting a search for 'si='. That is a significant portion of the already massive list of youtu.be links that are there. Dirk Beetstra ^{T C} (en: U, T) 13:27, 7 October 2024 (UTC)Reply

See here. Polygnotus (talk) 22:48, 7 October 2024 (UTC)Reply

Support removing - this seems to have been blacklisted based on "No URL shorteners" as a dogma and seems to get in people's way without solving a clear problem. * Pppery * _{it has begun} 03:26, 7 October 2024 (UTC)Reply

No, it was blacklisted due to massive spambot abuse on many wikis. Dirk Beetstra ^{T C} (en: U, T) 13:02, 7 October 2024 (UTC)Reply

Is this any different from abuse on youtube.com? It isn't clear to me how yewtu.be can be any more abusive than youtube.com. Leaderboard (talk) 13:12, 7 October 2024 (UTC)Reply

Where did I say abuse on youtube.com? I said it was blacklisted due to massive spambot abuse. Dirk Beetstra ^{T C} (en: U, T) 13:14, 7 October 2024 (UTC)Reply

@Beetstra If I understand you correctly, you're saying that yewtu.be is blocked due to "massive spambot abuse on many wikis", right? Leaderboard (talk) 13:20, 7 October 2024 (UTC)Reply

That is what I said in reply to '... this seems to have been blacklisted based on "No URL shortener" as a dogma', which was not the primary reason to blacklist this.
Let me see if I still have a record of the spammers. IIRC we even set up an admin bot blocking spammers that continuously hit the spam blacklist to avoid flooding the logs. Dirk Beetstra ^{T C} (en: U, T) 13:25, 7 October 2024 (UTC)Reply

One page where spambots were spamming redirect (including youtu.be) and other blacklisted material: https://en.wikipedia.org/wiki/Special:Log?type=spamblacklist&user=&page=Cranium+%28board+game%29&wpdate=&tagfilter=&wpFormIdentifier=logeventslist. This one leads to https://en.wikipedia.org/wiki/Special:Log?type=spamblacklist&user=176.109.177.184&page=&wpdate=&tagfilter=&wpFormIdentifier=logeventslist. We also have https://en.wikipedia.org/wiki/Special:Log/spamblacklist/77.120.181.151, https://en.wikipedia.org/wiki/Special:Log/spamblacklist/46.211.91.209.
https://en.wikipedia.org/wiki/Special:Log/spamblacklist gives an enormous number of hits for youtu.be. Maybe worth an analysis. Dirk Beetstra ^{T C} (en: U, T) 13:56, 7 October 2024 (UTC)Reply

It still is not clear how yewtu.be could be abused - the ones you linked to could easily happen with youtube.com as well, right? I can see how a generic URL redirect could cause issues, but yewtu.be only goes to YouTube? Leaderboard (talk) 15:34, 7 October 2024 (UTC)Reply

What do you mean .. 'it is not clear how youtu.be could be abused', it WAS abused. And youtube contains crap, copyright violations, useless material for Wikipedia besides a subset of good material. Dirk Beetstra ^{T C} (en: U, T) 18:48, 7 October 2024 (UTC)Reply

@Beetstra If YouTube has crap and yewtu.be links to YouTube, youtube.com should be blocked, right? Leaderboard (talk) 19:49, 7 October 2024 (UTC)Reply

youtube.com wasn’t abused; youtu.be was. that’s why it got listed. XXBlackburnXx (talk) 20:08, 7 October 2024 (UTC)Reply

@XXBlackburnXx: The idea that youtu.be links are more likely to be bad than youtube.com links is false. The reason people linked to youtu.be instead of youtube is that people used the share button instead of copypasting the URL. If the links are useful or spam is irrelevant. Forcing people to copypaste the URL instead of using the Share button does nothing to prevent spam/copyright infringement/crap. Polygnotus (talk) 20:12, 7 October 2024 (UTC)Reply

The domain was blacklisted at the time not only because it’s a redirector, but also due to its widespread abuse by spambots. The spam blacklist was the only effective tool to manage the spam. Also, if I or anyone else were to blacklist a specific youtube.com link, then the spammers could use the youtu.be domain to circumvent the listing. That is why redirectors are ultimately listed as they provide a way to bypass the blacklist. Just giving my 2ct :). Pinging Beetstra, who originally listed the domain. XXBlackburnXx (talk) 04:32, 7 October 2024 (UTC)Reply

@XXBlackburnXx: in the discussion on enwiki, linked at the top of this section, the proposed solution was to blacklist the video id, which ensures that both the youtu.be/%id% and /watch?v=%id% format are blocked. Polygnotus (talk) 04:35, 7 October 2024 (UTC)Reply

Just blacklisting 'W0a6L7hbD7U' doesn't really work. The spam blacklist, in simple terms, only checks the domain (everything between 'https?://' and the next forward slash), unless you include a specific path. If it did work, you wouldn't have been able to use the {{LinkSummary|youtu.be}} at the top, which actually includes external links with \byoutu\.be\b in them. - XXBlackburnXx (talk) 08:55, 7 October 2024 (UTC)Reply

@XXBlackburnXx: Ok, then \byoutu\.be\b should be changed to \byoutu\.be/.*(?:tqedszqxxzs|XePjp-H3TBI|khM48EQyVdc|A4jgXQQns8A|oVBOnv\-xrEY)\b to block specific videos but not youtu.be as a whole. As an domain alias it should be treated the same. Polygnotus (talk) 09:06, 7 October 2024 (UTC)Reply

Do you understand that that brings extra work? You have to blacklist the specific video, and the specific redirects from youtu.be to it (and I just noticed another redirect site the other day that I did not get to yet). And even with the fact that there is quite some good material available on youtube, there is even more crap there that we should not link to, as well as copyright violations and such (even with youtube doing what they can in taking those down). Moreover, though on a smaller scale, it already pays to spam youtube (post your advertising links here and get money for everyone following and watching the link). Even with the original abuse being over (and that may be an IF), I don't think it helps the wikis in making it easier to link to youtube (in terms of keeping the stuff out that we don't want). Dirk Beetstra ^{T C} (en: U, T) 13:17, 7 October 2024 (UTC)Reply

Yes I understand that it is a tiny amount of extra work to update 2 lines instead of one. It may be possible to update the regex to avoid that issue. I agree that there is a lot of crap on youtube, but that is a reason to block youtube.com and all variants, not just youtu.be. it already pays to spam youtube (post your advertising links here and get money for everyone following and watching the link). yeah no. Perhaps you get a couple of cents per view. Polygnotus (talk) 19:41, 7 October 2024 (UTC)Reply

Then we have the additional problem that not every administrator on all wikis is gonna know that. Heck, I had trouble getting an idwiki admin to fix even a small syntax issue in the simplest pattern ever. XXBlackburnXx (talk) 20:20, 7 October 2024 (UTC)Reply

@XXBlackburnXx: How is that relevant? This problem is only on this blacklist, and only has to be fixed once, here. Polygnotus (talk) 21:01, 7 October 2024 (UTC)Reply

┌─────────────────────────────────┘
If you're going to blacklist specific videos then blacklist the raw code - .*tqedszqxxzs|XePjp-H3TBI|khM48EQyVdc|A4jgXQQns8A|oVBOnv\-xrEY.* should work as a blacklisted URL and nothing else is likely to use those strings of characters, right? That's no more work, or maybe even less work. * Pppery * _{it has begun} 22:20, 7 October 2024 (UTC)Reply

Even if there would be valid reasons to blacklist youtu.be but not youtube.com, which haven't been presented yet, then it is still a bad idea to not explain to the enduser why the it is considered bad, and what they have to do to fix the problem. Polygnotus (talk) 23:34, 7 October 2024 (UTC)Reply