Talk:Spam blacklist - Meta

Tgeorgescu (talk) 14:23, 1 October 2024 (UTC)Reply

  Declined not problematic enough to justify global listing.   Defer to w:ro:Mediawiki talk:spam-blacklist. XXBlackburnXx (talk) 14:39, 2 October 2024 (UTC)Reply

Latest spambot spam target, I can only see two of them ([1] [2] [3]), but I'm pretty sure that most of the spambots today were attempting to spam the link. ClumsyOwlet (talk) 17:07, 1 October 2024 (UTC)Reply

Actually, [4] might be better. ClumsyOwlet (talk) 13:03, 2 October 2024 (UTC)Reply

@ClumsyOwlet:   Added to Spam blacklist. --XXBlackburnXx (talk) 14:36, 2 October 2024 (UTC)Reply

• Regex requested to be blacklisted: mostbet

Spambot gambling spam ([5] [6]). ClumsyOwlet (talk) 22:12, 3 October 2024 (UTC)Reply

@ClumsyOwlet:   Added to Spam blacklist. --XXBlackburnXx (talk) 17:12, 4 October 2024 (UTC)Reply

Compromised content farm used to facilitate cross-wiki spam, controlled by (see explanation) the hrtwiki/Мкдвики cluster (SRG archive; en SPI; nl overview). Pages at the names targeted by this cluster have been deleted in many language editions (recent deletions: bs, el, es, fr, hu, simple, ro (AfD), sl; less recent, repeated: it; many on enwiki, see instead titleblacklist and the related discussion), but they are still being created (recent creations at nl:Aleksandar Sasja Trajkovski and it:Bozza:Saša Trajkovski) and they invariably contain links to ekran.mk, i.e. rely on such self-created spam to create an illusion of independent coverage (see example of recent addition at hr:Special:Diff/7028973). Other content on the content farm which does not immediately bear a connection to the described activity is not credible and not useful.Alalch E. (talk) 23:12, 6 October 2024 (UTC)Reply

looking at this soon. I did a CU on nlwiki as well, but found nothing interesting. -XXBlackburnXx (talk) 04:34, 7 October 2024 (UTC)Reply

@Alalch E.:   Added to Spam blacklist. --XXBlackburnXx (talk) 08:41, 7 October 2024 (UTC)Reply

Cross-wiki spamming. Ohnoitsjamie (talk) 01:42, 8 October 2024 (UTC)Reply

@Ohnoitsjamie:   Added to Spam blacklist. --Count Count (talk) 04:45, 8 October 2024 (UTC)Reply

Spam [7], including spambots [8] [9] [10] [11] [12] [13] [14] [15]. ClumsyOwlet (talk) 02:48, 8 October 2024 (UTC)Reply

@ClumsyOwlet:   Added to Spam blacklist. --Count Count (talk) 04:46, 8 October 2024 (UTC)Reply

This website contains valuable financial information for many companies. Peter.Pielmeier (talk) 07:54, 6 October 2024 (UTC)Reply

Discussion continued from en:Wikipedia:Village_pump_(technical)#youtu.be_blacklist.

When you use the share button on youtube it uses the official url shortener. Blocking that makes no sense, it is only inconvenient. Let's say we have https://youtu.be/Zl8BIUx8QW0?feature=shared&t=1 then we can simply change it to https://www.youtube.com/watch?v=Zl8BIUx8QW0#t=1 and then it suddenly is allowed. But of course many people don't know that. This url shortener cannot be used for malicious purposes because it only redirects to youtube, so it is more like a domain alias than an url shortener. Polygnotus (talk) 21:32, 6 October 2024 (UTC)Reply

Beetstra explained here that this request is better suited at the English Wikipedia which can overrule this blacklist. Polygnotus (talk) 04:15, 8 October 2024 (UTC)Reply

Doesn't that youtu.be creation service embed tracking tokens in the default generated link though - something we normally want to discourage. — xaosflux ^Talk 00:43, 7 October 2024 (UTC)Reply

@Xaosflux: No, it doesn't. It only adds ?feature=shared, which track usage of the feature but is not a tracking token. Polygnotus (talk) 00:46, 7 October 2024 (UTC)Reply

Ah, based on this it seems likely that it did a year ago, but it doesn't currently. Polygnotus (talk) 00:48, 7 October 2024 (UTC)Reply

Hmmm, so I just went to a YT page, https://www.youtube.com/watch?v=HEgfuhuRwRI, and hit the "share" button - what generates is: https://youtu.be/HEgfuhuRwRI?si=jOnhNOOTYjr8E39y. Notice all that extra ?si= stuff? — xaosflux ^Talk 00:58, 7 October 2024 (UTC)Reply

@Xaosflux: Hm, it doesn't for me, and I have never seen that parameter before. I get https://youtu.be/HEgfuhuRwRI?feature=shared Possibly because we live in different jurisdictions? I live in the old world, do you live in the new world? We can use a bot that removes the tracking parameter, or even a regex that blocks its inclusion (ideally with a better explanation for the enduser). But I don't think we should throw the baby out with the bathwater. Polygnotus (talk) 01:06, 7 October 2024 (UTC)Reply

I also get the si parameter. I live in the old world. Alalch E. (talk) 01:51, 7 October 2024 (UTC)Reply

@Alalch E.: It could be a GDPR thing. You live outside the GDPR area, right? Polygnotus (talk) 01:53, 7 October 2024 (UTC)Reply

It's not the law of the land here (does not apply domestically with respect to activities that are domestic in reach). Alalch E. (talk) 02:08, 7 October 2024 (UTC)Reply

Thank you! Over here it very much is the law of the land. I think that solves the mystery. Polygnotus (talk) 02:10, 7 October 2024 (UTC)Reply

I just went throug the spamblacklist log on en.wikipedia: https://en.wikipedia.org/wiki/Special:Log/spamblacklist. highlighting a search for 'si='. That is a significant portion of the already massive list of youtu.be links that are there. Dirk Beetstra ^{T C} (en: U, T) 13:27, 7 October 2024 (UTC)Reply

See here. Polygnotus (talk) 22:48, 7 October 2024 (UTC)Reply

What do you think I am replying to? Dirk Beetstra ^{T C} (en: U, T) 03:42, 8 October 2024 (UTC)Reply

This comment is replying to Xaosflux, according to WP:INDENT, if that is what you mean. Polygnotus (talk) 03:43, 8 October 2024 (UTC)Reply

Support removing - this seems to have been blacklisted based on "No URL shorteners" as a dogma and seems to get in people's way without solving a clear problem. * Pppery * _{it has begun} 03:26, 7 October 2024 (UTC)Reply

No, it was blacklisted due to massive spambot abuse on many wikis. Dirk Beetstra ^{T C} (en: U, T) 13:02, 7 October 2024 (UTC)Reply

Is this any different from abuse on youtube.com? It isn't clear to me how yewtu.be can be any more abusive than youtube.com. Leaderboard (talk) 13:12, 7 October 2024 (UTC)Reply

Where did I say abuse on youtube.com? I said it was blacklisted due to massive spambot abuse. Dirk Beetstra ^{T C} (en: U, T) 13:14, 7 October 2024 (UTC)Reply

@Beetstra If I understand you correctly, you're saying that yewtu.be is blocked due to "massive spambot abuse on many wikis", right? Leaderboard (talk) 13:20, 7 October 2024 (UTC)Reply

That is what I said in reply to '... this seems to have been blacklisted based on "No URL shortener" as a dogma', which was not the primary reason to blacklist this.
Let me see if I still have a record of the spammers. IIRC we even set up an admin bot blocking spammers that continuously hit the spam blacklist to avoid flooding the logs. Dirk Beetstra ^{T C} (en: U, T) 13:25, 7 October 2024 (UTC)Reply

One page where spambots were spamming redirect (including youtu.be) and other blacklisted material: https://en.wikipedia.org/wiki/Special:Log?type=spamblacklist&user=&page=Cranium+%28board+game%29&wpdate=&tagfilter=&wpFormIdentifier=logeventslist. This one leads to https://en.wikipedia.org/wiki/Special:Log?type=spamblacklist&user=176.109.177.184&page=&wpdate=&tagfilter=&wpFormIdentifier=logeventslist. We also have https://en.wikipedia.org/wiki/Special:Log/spamblacklist/77.120.181.151, https://en.wikipedia.org/wiki/Special:Log/spamblacklist/46.211.91.209.
https://en.wikipedia.org/wiki/Special:Log/spamblacklist gives an enormous number of hits for youtu.be. Maybe worth an analysis. Dirk Beetstra ^{T C} (en: U, T) 13:56, 7 October 2024 (UTC)Reply

It still is not clear how yewtu.be could be abused - the ones you linked to could easily happen with youtube.com as well, right? I can see how a generic URL redirect could cause issues, but yewtu.be only goes to YouTube? Leaderboard (talk) 15:34, 7 October 2024 (UTC)Reply

What do you mean .. 'it is not clear how youtu.be could be abused', it WAS abused. And youtube contains crap, copyright violations, useless material for Wikipedia besides a subset of good material. Dirk Beetstra ^{T C} (en: U, T) 18:48, 7 October 2024 (UTC)Reply

@Beetstra If YouTube has crap and yewtu.be links to YouTube, youtube.com should be blocked, right? Leaderboard (talk) 19:49, 7 October 2024 (UTC)Reply

youtube.com wasn’t abused; youtu.be was. that’s why it got listed. XXBlackburnXx (talk) 20:08, 7 October 2024 (UTC)Reply

@XXBlackburnXx: The idea that youtu.be links are more likely to be bad than youtube.com links is false. The reason people linked to youtu.be instead of youtube is that people used the share button instead of copypasting the URL. If the links are useful or spam is irrelevant. Forcing people to copypaste the URL instead of using the Share button does nothing to prevent spam/copyright infringement/crap. Polygnotus (talk) 20:12, 7 October 2024 (UTC)Reply

That is not what we are saying. Dirk Beetstra ^{T C} (en: U, T) 03:40, 8 October 2024 (UTC)Reply

Then please explain what you are saying because these objections don't seem to hold much water at the moment. Polygnotus (talk) 03:42, 8 October 2024 (UTC)Reply

┌───────────────────────────────────────┘
Youtu.be was spammed using spambots, youtube.com was not. Dirk Beetstra ^{T C} (en: U, T) 03:47, 8 October 2024 (UTC)Reply

@Beetstra: That is incorrect, both youtube.com and youtu.be links have been spammed using spambots. Polygnotus (talk) 03:48, 8 October 2024 (UTC)Reply

Show me hammering with youtube.com links. Dirk Beetstra ^{T C} (en: U, T) 03:49, 8 October 2024 (UTC)Reply

Burden of proof is on those who assert something, not on those who point out that the assertion is incorrect. And what can be asserted without evidence can be dismissed without evidence. Polygnotus (talk) 03:52, 8 October 2024 (UTC)Reply

I quote you: “both youtube.com and youtu.be links have been spammed using spambots” … that is your assertion, show me proof that youtube.com links have been spammed using spambots. Dirk Beetstra ^{T C} (en: U, T) 03:57, 8 October 2024 (UTC)Reply

I quote you: “Youtu.be was spammed using spambots, youtube.com was not.” … that is your assertion, show me proof that this is the case. Polygnotus (talk) 03:58, 8 October 2024 (UTC)Reply

How do have to show you that youtube.com was not spammed using spambots. OK, here is the list of youtube.com spambots:

There are none, I have not seen youtube.com spambots hammering Wikipedia. I have no evidence of youtube.com being hammered. Because it was not. Dirk Beetstra ^{T C} (en: U, T) 04:03, 8 October 2024 (UTC)Reply

The domain was blacklisted at the time not only because it’s a redirector, but also due to its widespread abuse by spambots. The spam blacklist was the only effective tool to manage the spam. Also, if I or anyone else were to blacklist a specific youtube.com link, then the spammers could use the youtu.be domain to circumvent the listing. That is why redirectors are ultimately listed as they provide a way to bypass the blacklist. Just giving my 2ct :). Pinging Beetstra, who originally listed the domain. XXBlackburnXx (talk) 04:32, 7 October 2024 (UTC)Reply

@XXBlackburnXx: in the discussion on enwiki, linked at the top of this section, the proposed solution was to blacklist the video id, which ensures that both the youtu.be/%id% and /watch?v=%id% format are blocked. Polygnotus (talk) 04:35, 7 October 2024 (UTC)Reply

Just blacklisting 'W0a6L7hbD7U' doesn't really work. The spam blacklist, in simple terms, only checks the domain (everything between 'https?://' and the next forward slash), unless you include a specific path. If it did work, you wouldn't have been able to use the {{LinkSummary|youtu.be}} at the top, which actually includes external links with \byoutu\.be\b in them. - XXBlackburnXx (talk) 08:55, 7 October 2024 (UTC)Reply

@XXBlackburnXx: Ok, then \byoutu\.be\b should be changed to \byoutu\.be/.*(?:tqedszqxxzs|XePjp-H3TBI|khM48EQyVdc|A4jgXQQns8A|oVBOnv\-xrEY)\b to block specific videos but not youtu.be as a whole. As an domain alias it should be treated the same. Polygnotus (talk) 09:06, 7 October 2024 (UTC)Reply

Do you understand that that brings extra work? You have to blacklist the specific video, and the specific redirects from youtu.be to it (and I just noticed another redirect site the other day that I did not get to yet). And even with the fact that there is quite some good material available on youtube, there is even more crap there that we should not link to, as well as copyright violations and such (even with youtube doing what they can in taking those down). Moreover, though on a smaller scale, it already pays to spam youtube (post your advertising links here and get money for everyone following and watching the link). Even with the original abuse being over (and that may be an IF), I don't think it helps the wikis in making it easier to link to youtube (in terms of keeping the stuff out that we don't want). Dirk Beetstra ^{T C} (en: U, T) 13:17, 7 October 2024 (UTC)Reply

Yes I understand that it is a tiny amount of extra work to update 2 lines instead of one. It may be possible to update the regex to avoid that issue. I agree that there is a lot of crap on youtube, but that is a reason to block youtube.com and all variants, not just youtu.be. it already pays to spam youtube (post your advertising links here and get money for everyone following and watching the link). yeah no. Perhaps you get a couple of cents per view. Polygnotus (talk) 19:41, 7 October 2024 (UTC)Reply

Then we have the additional problem that not every administrator on all wikis is gonna know that. Heck, I had trouble getting an idwiki admin to fix even a small syntax issue in the simplest pattern ever. XXBlackburnXx (talk) 20:20, 7 October 2024 (UTC)Reply

@XXBlackburnXx: How is that relevant? This problem is only on this blacklist, and only has to be fixed once, here. Polygnotus (talk) 21:01, 7 October 2024 (UTC)Reply

┌─────────────────────────────────┘
If you're going to blacklist specific videos then blacklist the raw code - .*tqedszqxxzs|XePjp-H3TBI|khM48EQyVdc|A4jgXQQns8A|oVBOnv\-xrEY.* should work as a blacklisted URL and nothing else is likely to use those strings of characters, right? That's no more work, or maybe even less work. * Pppery * _{it has begun} 22:20, 7 October 2024 (UTC)Reply

Even if there would be valid reasons to blacklist youtu.be but not youtube.com, which haven't been presented yet, then it is still a bad idea to not explain to the enduser why youtu.be is considered bad, and what they have to do to fix the problem. Polygnotus (talk) 23:34, 7 October 2024 (UTC)Reply

@XXBlackburnXx (A): How is that relevant? This problem is only on this blacklist, and only has to be fixed once, here.
— User:Polygnotus 21:01, 7 October 2024 (UTC)

No, because local wikis have local youtube blacklists who then have to know how to blacklist in that way as well. Redirect sites are totally avoidable, and with a free hosting site there are problems, so lets keep it easy. Dirk Beetstra ^{T C} (en: U, T) 03:54, 8 October 2024 (UTC)Reply

Local wikis can do whatever they want. They are free to blacklist or whitelist whatever they want. Youtu.be is more like a domain alias than a redirect site. And it is still unclear to me why you disagree. Maybe try explaining it again because I am trying to understand your objections. Polygnotus (talk) 03:57, 8 October 2024 (UTC)Reply

Exactly, get youtu.be whitelisted on en.wikipedia. Local wikis can do what they want. Dirk Beetstra ^{T C} (en: U, T) 04:00, 8 October 2024 (UTC)Reply

That seems like a reasonable alternative if local blocklists overrule those on Meta. Polygnotus (talk) 04:02, 8 October 2024 (UTC)Reply

This list protects 100s of wikis, it does sometimes mean we have to protect ‘vulnerable’ wikis at the cost of bigger wikis (though we do weigh the cost). For the youtu.be redirect the cost was minimal, we could use the proper domain, youtube.com. Were this youtube.com itself that was hammered like this we would have to act differently. Dirk Beetstra ^{T C} (en: U, T) 04:11, 8 October 2024 (UTC)Reply

@Beetstra: Thank you. I am not some evil person, I just need information to understand your POV because I suck at mindreading. And if your POV is a reasonable one then I will steal it and adopt it as my own. I will retract the request and move it to the English Wikipedia. Polygnotus (talk) 04:13, 8 October 2024 (UTC)Reply

We are not evil here either. What people often fail to understand is why we blacklist. We more often (>95% of the cases) blacklist because editors add links that are unsollicited. Not because of the material what is linked to. We here do not blacklist because we did not want material on youtube to be linked, we wanted to stop spambots from adding youtu.be redirects. We do not blacklist pornhub because of the site content, we blacklist because of the many editors who use it to shock. The spam blacklist is stopping the editor from ‘spamming’, there is only little material here that is there because of problems with the site (mainly copyright violations or illegal material like child pornography; true url shorteners). Dirk Beetstra ^{T C} (en: U, T) 04:23, 8 October 2024 (UTC)Reply

I have been promised the unbreakable captcha a couple dozen times in my lifetime. Still hasn't happened. /. and HN and the like are not to be trusted. For a small wiki with a small userbase things are very different than for en.wikipedia of course. Is there a system that recommends removing a regex when no one triggers it after a while? Or when the domain is offline? Polygnotus (talk) 04:36, 8 October 2024 (UTC)Reply

There is no mechanism, that is manual. We do clean up every now and then, but it is difficult to select. And spammers are different than vandals. Spammers continue, they make money from having their links posted. I’ve seen spammer socks coming back after removal of their domains from a blacklist, and I am looking at a case where it seems the site owner is back regularly, and it is now more than 15 years we hear the same. It pays to have your site linked from wikipedia. Dirk Beetstra ^{T C} (en: U, T) 09:30, 8 October 2024 (UTC)Reply