[12:04:34] [[Special:CentralAuth/タリ64]] @CVT Impersonation of Tali64 has appeared once more. "タリ64" translates to "Tali64" in Japanese, making this an impersonation attempt. [12:04:34] https://meta.miraheze.org/wiki/Special:CentralAuth/%e3%82%bf%e3%83%aa64 [12:04:35]

[12:06:24] Thanks, locked [12:06:42] You're very welcome. [12:08:37] And now I'm gonna have to update the filter again [12:09:14] Do what you can. [12:18:06] [1/2] huh [12:18:06] [2/2] https://cdn.discordapp.com/attachments/443926951292567562/1288474609850650705/image.png?ex=66f550fd&is=66f3ff7d&hm=ab41e9314eba526f2021bf5a95a635b45d13a251e95dff55388b5a10707f41aa& [12:24:36] Fortunately, most subsequent impersonation attempts have been quashed by an abuse filter [12:25:00] great [12:27:46] [1/2] https://meta.miraheze.org/wiki/Special:AbuseLog?wpSearchFilter=75 [12:27:47] [2/2] @Stewards Can you CU(privatedetails?) and seize this vandal? [13:37:03] [[Special:CentralAuth/Tarinai64]] Another impersonation attempt out of Tali64 once again, it seems. [13:37:03] https://meta.miraheze.org/wiki/Special:CentralAuth/Tarinai64 [13:37:04]

[13:40:26] 🔒 [13:40:31] Thanks. [14:22:01] [1/5] This user is advertising: [14:22:01] [2/5] > list of trusted online gambling sites [14:22:02] [3/5] These 👆 [14:22:02] [4/5] [14:22:02] [5/5] I request a Global ban on all Miraheze to User:Merry301 [14:24:59] [1/2] [[User:Merry301]] uses the "about me" to advertise online gambling [14:24:59] https://meta.miraheze.org/wiki/User:Merry301 [14:24:59] [2/2] https://cdn.discordapp.com/attachments/443926951292567562/1288506541237862512/Screenshot_20240925_162414_Samsung_Internet.jpg?ex=66f56eba&is=66f41d3a&hm=f348b6213f5668a934db60204e8d24dba9f3f70833f0c57b1e770e7a260e0896& [14:24:59]

[14:26:25] @CVT [14:34:32] Done [14:35:14] beat me by a thread [14:35:20] but I did kill the spam page [14:35:42] I thought I salted this guy, time to salt again [14:36:04] They found ways around it. [14:36:12] Yeah, was going to say there seems to be a very determined alt-producer. [14:36:17] it's not hard, his range is bloody huge [14:36:36] I'm going to probably have to wipe out part of the service provider he's using and hope there isn't much collateral [14:37:22] @tali64, @suzuneu and @darkfawfulguy64, please note any further impersonations like this on the html page on cvtwiki [14:37:34] Okay then. [14:37:42] this last one I will add myself in a bit [14:38:13] I need to encourage the habit of more than myself and very occasional others updating things [14:38:56] I think updating logs and registers is a good practice to keep record [14:39:10] I don't have access to CU but I assume these impersonators are emerging from spmode, which is a Japanese telecommunications service with a very large number of variable IPs [14:39:35] Hopefully there won't be anymore impersonators of me if the abuse filter I created works for more than a few hours at a time; preventing Waki from being impersonated will be somewhat more difficult (if I understand correctly, "waki" means side in Japanese, and for obvious reasons, blocking that could result in false positives), but may be doable [14:39:50] the impersonations are symptomatic, not a deterrent [14:40:18] if not you, waki whatever, it will become myself, na, etc [14:40:39] so it will either be striking how he gets on in the first place or whack a mole [14:41:00] html literally has nothing better to do so it's fair to classify him as a regular lta [14:41:01] Time for more emails yay [14:41:12] so far striking html actually hasn't had loginwiki collateral [14:41:18] though that could change with the upcoming scan [14:42:29] I'm not gonna jinx myself if I try saying anything that could come off as tempting fate. [14:43:02] Good point; perhaps we should add high-ranking volunteers to the anti-impersonation filter, as having the anti-impersonation blacklist be visible on a publicly accessible MediaWiki namespace page and hoping no one finds it is inherently insecure and will/perhaps already has led to bypasses [14:43:38] [1/3] How do I know of User:Merry301 is blocked or banned? [14:43:38] [2/3] I still see the user on my Special:UserList [14:43:38] [3/3] [14:43:57] Blocking a user does not remove them from the list [14:44:30] well again, the problem is not really the impersonation names: they are dead ringers and actually make our job easier. The problem is them sneaking in from the start. There's not much damage that can be done by an impersonator like that. It is harder to catch and more damaging when they go undetected [14:44:39] Technically there is no banning [14:44:53] There’s blocks global blocks and locks [14:44:59] therefore the remedy is not to prohibit the names (which can heighten false positives in any case), rather to detect and then smite them with more effective measures [14:45:09] Global bans are a community measure which use these to enforce it [14:45:20] I agree with this policy. All recognizable figures are a target of impersonation [14:45:45] That should be a last resort method if the user continues to be disruptive, or somehow a threat to the platform. [14:45:54] a very simple block against certain impersonations, fine, but we should not expend too much time trying to account for all possibilities. That's time you are spending playing their game. [14:46:04] This isn’t a global ban thing [14:46:34] This is clearly just violation of policy [14:46:37] You brought up global bans though, but just thought I'd point that out. [14:46:42] That I agree with. [14:46:45] Yeah [14:46:47] Gotcha [14:46:57] ok lets freeze on the global bans thing for a minute [14:47:09] I think Global block is better. Because it is very likely that User:Merry301 is going to add the gambling URLs on other wikis [14:47:11] avengium, do you have further questions? [14:47:18] note that merry is locked [14:47:23] unable to log in at all on the platform any further [14:47:30] If it’s multiple wikis spam only [14:47:30] Lock [14:47:38] if it's a single wiki and it's spam we lock [14:47:40] I don't have fuether questions. I was just reading the conversation [14:47:42] as compared to vandalism [14:48:01] I don’t think gblocks are ever used of even can be on accounts [14:48:05] traditional spam has no recourse and we're a little more trigger happy with it because it's easier to detect and has no recovery [14:48:06] It’s for IPs [14:48:11] yeah, global blocks are ips [14:49:17] anyway yeah, that last tali impersonator is using a broader extension of the range I already hit [14:49:25] so I'm going to need to broaden that with hopefully not too much collateral [14:49:36] Carpet bomb [15:00:24] Check Special:CentralAuth, you'll see that they are globally locked, which is the correct course of action for a spam account with no other contributions [15:03:35] Thanks for the page [15:10:12] carpet bomb applied, ping me directly for further impersonations as I did not go through the full possible ranges [16:05:26] 𝗜'𝗹𝗹 𝗵𝗲𝗹𝗽 𝟭𝟬𝗽𝗲𝗼𝗽𝗹𝗲 𝘁𝗼 𝗲𝗮𝗿𝗻 $250k 𝘄𝗶𝘁𝗵𝗶𝗻 𝗮 𝘄𝗲𝗲𝗸 𝗯𝘂𝘁 𝘆𝗼𝘂 𝘄𝗶𝗹𝗹 𝗽𝗮𝘆 𝗺𝗲 𝟭𝟬% 𝗼𝗳 𝘆𝗼𝘂𝗿 𝗽𝗿𝗼𝗳𝗶𝘁 𝘄𝗵𝗲𝗻 𝘆𝗼𝘂 𝗿𝗲𝗰𝗲𝗶𝘃𝗲 𝗶𝘁. 𝗡𝗼𝘁𝗲 𝗼𝗻𝗹𝘆 𝗶𝗻𝘁𝗲𝗿𝗲𝘀𝘁𝗲𝗱 𝗽𝗲 [21:47:38] https://cdn.discordapp.com/attachments/443926951292567562/1288617937783095348/IMG_0267.webp?ex=66f5d679&is=66f484f9&hm=01d9992ceb73a8411b3dae92e915b3ab7fa77df1162b8d536d00e99491c9ccbc& [23:58:17] looks like I'm bombing wider now