Page MenuHomeMiraheze

Hiding abuselogs on wikis I join (making it visible only for admins, BCs, CVTs, and Stewards)
Closed, ResolvedPublic

Description

Hi, I'd like to request for hiding the Abuselog from public, and making it visible only from admins, BCs. CVTs, and Stewards.
I think it can be done by editing user group rights.

I have two reasons for this.

  1. There are some logs containing phone numbers, address, or any other private information, and shouldn't be disclosed publicly.
  2. Disclosure of the Abuselog can give a hint to LTAs who try to penetrate it (because it shows blacklisted stuffs).

The wikis I'd like to have it this way are:

  1. Usopedia: https://newusopedia.miraheze.org
  2. Piowiki: https://piowiki.miraheze.org
  3. Akancyclopedia: https://akancyclopedia.miraheze.org
  4. The forked Japanese Uncyclopedia: https://ansaikuropedia.miraheze.org

As always, Thanks for your help :)

Event Timeline

The_Pioneer created this task.Aug 2 2018, 04:58
The_Pioneer renamed this task from Hiding abuselogs on wikis I join (make it visible only for admins, BCs, CVTs, and Stewards) to Hiding abuselogs on wikis I join (making it visible only for admins, BCs, CVTs, and Stewards).Aug 2 2018, 04:59

Uh, well, I guess I forgot to add sysadmins. They should also be able to see the logs. Thanks again.

revi added a comment.Aug 2 2018, 05:20

If you mark your filter private, abuselog is visible to those who can see private filters, as far as I know.

revi added a comment.Aug 2 2018, 05:24

Non-priv users can see someone hit the AF, but the details as for 'what' triggered the filter and other details are hidden.

Although all the filters are private, anyone can see which filter was triggered on which actions, pages, etc. from Special:AbuseLog. This is the very page I'd like to have it hidden.

the very "what" can contain private info or hints (because I've blacklisted creation of some pages).

@The_Pioneer Looking on testwiki with my alt account, I can only see

17:01, 4 July 2018: EricaRanson (talk | contribs) triggered an abuse filter, performing the action "edit" on User:EricaRanson. Actions taken: Disallow; Filter description: External links on userpages

for a private filter. You can change the name of the filter to "private 1", then the users cannot see anything other than the userpage and that it was stopped

The userpage itself can be dangerous, because some vandals try to register address/phone numbers for their user name. I have a filter to prevent most of them. but still it's not 100% perfect, and those vandals can intentionally create logs (which happened in my previous wiki before moving). Thus, that is still not enough.

@The_Pioneer it is technically possible to hide Special:AbuseLog from all users, by simply removing the “abusefilter-log” and “abusefilter-log-detail” permissions from the ‘*’ user group. Would you like me to do this, and, if so, which user group(s) would you like to be able to access Special:AbuseLog?

As I mentioned above, those who can access the logs should be limited to: admins (local), BCs (local), CVTs (global), Stewards (global), and Sysadmins (global).

AmandaCath claimed this task.Aug 2 2018, 13:15

Okay, I will handle this.

As an FYI, stewards, CVTs and sysadmins already have the ability to view the abuse log in their global group permissions, so there’s no need to assign that locally.

AmandaCath mentioned this in Unknown Object (Diffusion Commit).Aug 2 2018, 13:22
MacFan4000 mentioned this in Unknown Object (Diffusion Commit).Aug 2 2018, 13:26
AmandaCath mentioned this in Unknown Object (Diffusion Commit).Aug 2 2018, 13:31
MacFan4000 mentioned this in Unknown Object (Diffusion Commit).Aug 2 2018, 13:36
AmandaCath closed this task as Resolved.Aug 2 2018, 13:36

Done. Now only sysops and crats can access Special:AbuseLog locally.