Page MenuHomeMiraheze
Create Task
Maniphest T8835

Do something about bots hitting special pages
Closed, DeclinedPublic
Actions

Description

They are a few bots that regularly scrape user related special pages. There's nothing of use here to any scraper.

Any actual bot that needs it should login via the API or passing OAUTH headers.

We should consider adding a hook that can check on view whether UserLogin / ChangeCredentials / Preferences is being accessed and bot is in the UA and just deny it

Related Objects

Event Timeline

RhinosF1 triaged this task as High priority.Feb 25 2022, 13:40
RhinosF1 created this task.
Herald added subscribers: Agent_Isai, Reception123. · View Herald TranscriptFeb 25 2022, 13:40
RhinosF1 added a comment.Feb 25 2022, 22:36

https://github.com/miraheze/mw-config/commit/9ab5ef745a616a484b079165e6ae6e63617149f7 is a very rough POC

Reception123 added a comment.Mar 1 2022, 14:53

@RhinosF1 Since you indicate your POC is very 'rough' what are your plans with this?

RhinosF1 added a comment.Mar 1 2022, 15:06

Make it not horrible if it makes sense

Reception123 assigned this task to RhinosF1.Mar 3 2022, 07:13
In T8835#179189, @RhinosF1 wrote:

Make it not horrible if it makes sense

Are you planning on getting this done by the end of the week? Since it is high priority...

RhinosF1 added a comment.EditedMar 3 2022, 07:14

Probably not. It would need someone to review the concept first.

Reception123 added a subscriber: Unknown Object (User).Mar 3 2022, 07:16
In T8835#179444, @RhinosF1 wrote:

Probably not. It would need someone to review the concept first.

If @Universal_Omega had time for that that would be great. Though if we're keeping things high priority we do need to actively work on them

Unknown Object (User) added a comment.Mar 3 2022, 07:20

The POC mentioned is not the best approach in my mind. I don't think a hook should be used for this if there is alternatives, but if not it cod work with many improvements and due to its global nature potentially done via MirahezeMagic. I'm honestly not really sure I see the absolute need to do this though.

What's the actual advantages of doing this, or the disadvantages of not?

Reception123 lowered the priority of this task from High to Normal.Mar 5 2022, 06:15

Per comments above, this doesn't seem to be something that urgent to do.

Reception123 lowered the priority of this task from Normal to Low.Mar 17 2022, 06:00

Moving to low as there doesn't seem to be any indication that this will be worked on soon and I don't see any particular urgency given that we've not had it for all these years.

Reception123 mentioned this in T8834: Monitor LoginNotify & failed logins.Mar 17 2022, 06:00
Unknown Object (User) closed this task as Declined.Apr 14 2022, 04:17

I don't think we should really do this. The usefulness of it doesn't really make it necessary in my mind. I guess it can be reopened if you really want to though.

Dmehus awarded a token.Apr 14 2022, 04:24