Wikipedia:Administrators' noticeboard: Difference between revisions

Template:Active editnotice

This page has an administrative backlog that requires the attention of willing administrators. Please replace this notice with {{no admin backlog}} when the backlog is cleared.

You may want to increment {{Archive basics}} to |counter= 38 as Wikipedia:Closure requests/Archive 37 is larger than the recommended 150Kb.

Archives

Index no archives yet (create)

This page has archives. Sections older than 6 days may be automatically archived by Lowercase sigmabot III when more than 3 sections are present.

Use the closure requests noticeboard to ask an uninvolved editor to assess, summarize, and formally close a Wikipedia discussion. Do so when consensus appears unclear, it is a contentious issue, or where there are wiki-wide implications (e.g. any change to our policies or guidelines).

Do not list discussions where consensus is clear. If you feel the need to close them, do it yourself.

Move on – do not wait for someone to state the obvious. In some cases, it is appropriate to close a discussion with a clear outcome early to save our time.

Do not post here to rush the closure. Also, only do so when the discussion has stabilised.

On the other hand, if the discussion has much activity and the outcome isn't very obvious, you should let it play out by itself. We want issues to be discussed well. Do not continue the discussion here.

There is no fixed length for a formal request for comment (RfC). Typically 7 days is a minimum, and after 30 days the discussion is ripe for closure. The best way to tell is when there is little or no activity in the discussion, or further activity is unlikely to change its result.

When the discussion is ready to be closed and the outcome is not obvious, you can submit a brief and neutrally worded request for closure.

Be sure to include a link to the discussion itself and the {{Initiated}} template at the beginning of the request. A helper script can make listing discussions easier.

Any uninvolved editor may close most discussions, so long as they are prepared to discuss and justify their closing rationale.

Closing discussions carries responsibility, doubly so if the area is contentious. You should be familiar with all policies and guidelines that could apply to the given discussion (consult your draft closure at the discussions for discussion page if unsure). Be prepared to fully answer questions about the closure or the underlying policies, and to provide advice about where to discuss any remaining concerns that editors may have.

Non-admins can close most discussions. Admins may not overturn your non-admin closures just because you are not an admin, and this should not normally be in itself a problem at closure reviews. Still, there are caveats. You may not close discussions as an unregistered user, or where implementing the closure would call to use tools or edit permissions you do not have access to. Articles for deletion and move discussion processes have more rules for non-admins to follow.

If you want to formally challenge and appeal the closure, do not start the discussion here. Instead follow advice at WP:CLOSECHALLENGE.

• Wikipedia:Requested moves#Elapsed listings
• Wikipedia:Articles for deletion/Old
• Wikipedia:Redirects for discussion
• Wikipedia:Categories for discussion/Awaiting closure
• Wikipedia:Templates for discussion#Old discussions
• Wikipedia:Miscellany for deletion#Old business
• Wikipedia:Proposed mergers/Log
• Wikipedia:Proposed article splits

Wikipedia:Administrators' noticeboard#RfC closure review request at Wikipedia:Reliable sources/Noticeboard/Archive 433#Closing (archived) RfC: Mondoweiss

(Initiated 13 days ago on 16 April 2024) - already the oldest thread on the page. starship.paint (RUN) 14:43, 26 April 2024 (UTC)[reply]

Place new administrative discussions above this line using a level 3 heading

Talk:Indo-Pakistani_war_of_1947–1948#RfC_on_what_result_is_to_be_entered_against_the_result_parameter_of_the_infobox

(Initiated 129 days ago on 22 December 2023) No new comments for over 45 days. Ratnahastin (talk) 07:24, 24 April 2024 (UTC)[reply]

Talk:Awdal#RFC - Habr Awal/Isaaq clan

(Initiated 126 days ago on 24 December 2023) ScottishFinnishRadish (talk) 21:17, 24 January 2024 (UTC)[reply]

Talk: Interstate 90#RFC: Infobox junctions

(Initiated 59 days ago on 29 February 2024) Discussion is about to expire and will need closure. RoadFan294857 (talk) 15:37, 28 March 2024 (UTC)[reply]

Wikipedia talk:Criteria for speedy deletion#RfC: enacting X3

(Initiated 52 days ago on 7 March 2024) SilverLocust 💬 22:51, 30 March 2024 (UTC)[reply]

I came here to add this discussion here. There have been no new comments for over a fortnight. Thryduulf (talk) 14:13, 25 April 2024 (UTC)[reply]

Question for other folks at CR: does my single comment in this discussion suggesting an edit to the RfC statement for clarity preclude me from closing this discussion as involved? voorts (talk/contributions) 01:26, 29 April 2024 (UTC)[reply]

Talk:2024 United States presidential election#RFC: What should the criteria of inclusion be for the infobox? (Question 1)

(Initiated 46 days ago on 14 March 2024) It's been about two weeks, since the RFC tag expired. GoodDay (talk) 14:07, 28 April 2024 (UTC)[reply]

RfC: Change INFOBOXUSE to recommend the use of infoboxes?

(Initiated 44 days ago on 15 March 2024) Ready to be closed. Charcoal feather (talk) 17:02, 27 April 2024 (UTC)[reply]

Talk:Russo-Ukrainian War#RFC on Listing of Belarus

(Initiated 44 days ago on 16 March 2024) Hello, this RFC was started on 16 March 2024 and as of now was active for more than a month (nearly 1,5 month to be exact). I think a month is enough for every interested user to express their opinion and to vote at RFC and the last vote at this RFC was made by user Mellk on 15 April 2024 (nearly two weeks ago and within a month since the start of this RFC). The question because of which this RFC was started previously resulted in quite strong disagreements between multiple users, but I think there already is a WP:CONS of 12 users who already voted at this RFC. Since the contentious topics procedure applies to page Russo-Ukrainian War, I think this RFC must be closed by uninvolved user/administrator to ensure a valid WP:CONS and to prevent further disputes/edit warring about this question in the future. -- Pofka (talk) 09:50, 27 April 2024 (UTC)[reply]

Will an experienced uninvolved editor please close this RFC. If there is a consensus that Belarus should be listed, but not as to how it should be listed, please close with the least strong choice, Robert McClenon (talk) 17:08, 27 April 2024 (UTC)[reply]

I think it should not be closed with the "least strong choice", but instead with a choice which received the most votes (the strongest choice). The most users chose C variant (in total 6 users: My very best wishes, Pofka, Gödel2200, ManyAreasExpert, Licks-rocks, CVDX), while the second strongest choice was A variant (in total 5 users). So I think the WP:CONS of this RFC question is C variant. -- Pofka (talk) 18:33, 27 April 2024 (UTC)[reply]

Talk:SpaceX Starship#RfC on IFT-3

(Initiated 39 days ago on 21 March 2024) This is a contentious issue with accusations of tendentious editing, so the RfC would benefit from a formal closure. Redraiderengineer (talk) 14:48, 14 April 2024 (UTC)[reply]

A note for the closing editor... an inexperienced editor attempted to close this discussion and didn't really address the arguments. There's been some edit warring over the close, but it should be resolved by an experienced, uninvolved editor. Nemov (talk) 19:28, 19 April 2024 (UTC)[reply]

Another note for the closing editor: beware the related discussion at Talk:SpaceX Starship#Do not classify IFT-1, 2 and 3 as success or failure. —Compassionate727 ^(T·C) 00:44, 20 April 2024 (UTC)[reply]

That discussion has only been going for two weeks and closing the RfC will not preclude editors from coming to a consensus on whether or not to remove the categorization entirely. voorts (talk/contributions) 01:28, 20 April 2024 (UTC)[reply]

RfC: Is the OCB RS?

(Initiated 34 days ago on 26 March 2024) This WP:RSN RfC was initiated on March 26, with the last !vote occurring on March 28. Ten editors participated in the discussion and, without prejudicing the close one way or the other, I believe a closer may discover a clear consensus emerged. It was bot-archived without closure on April 4 due to lack of recent activity. Chetsford (talk) 21:51, 4 April 2024 (UTC)[reply]

Talk:Libertarian Party (Australia)#Conservatism

(Initiated 30 days ago on 29 March 2024) RfC template expired. TarnishedPath^talk 01:22, 29 April 2024 (UTC)[reply]

Place new discussions concerning RfCs above this line using a level 3 heading

Place new discussions concerning XfDs above this line using a level 3 heading

Talk:Killing of journalists in the Israel–Hamas war#Merge proposal (5 January 2024)

(Initiated 114 days ago on 5 January 2024) The discussion has been inactive for two weeks, with a preference against the merge proposal. CarmenEsparzaAmoux (talk) 19:39, 24 April 2024 (UTC)[reply]

Talk:Eat_Bulaga!#Merger_of_Eat_Bulaga!_and_E.A.T.

(Initiated 114 days ago on 6 January 2024) The discussion wasn't inactive for 7 days. It seems there's no clear consensus on merging those two articles into one. 107.185.128.255 (talk) 18:16, 3 February 2024 (UTC)[reply]

It's been over a month. So, it could be a good time to close that discussion. 107.185.128.255 (talk) 17:55, 28 February 2024 (UTC)[reply]

Talk:Saleh al-Arouri#Merge proposal

(Initiated 108 days ago on 11 January 2024) Discussion has stalled since March with no new comments. It appears that there is no clear consensus. — Preceding unsigned comment added by Aviationwikiflight (talk • contribs) 11:06, 25 April 2024 (UTC)[reply]

Talk:Frederik_IX_of_Denmark#Requested_move_15_January_2024

(Initiated 105 days ago on 15 January 2024) – Requested move open for 2 months, needs closure.98.228.137.44 (talk) 18:36, 30 March 2024 (UTC)[reply]

Now has been open for three months. 170.76.231.175 (talk) 15:17, 15 April 2024 (UTC)[reply]

Talk:Maersk Hangzhou#Second merge proposal

(Initiated 96 days ago on 24 January 2024) Merge discussion involving CTOPS that has been open for 2 weeks now. Needs closure. The Weather Event Writer (Talk Page) 04:46, 8 February 2024 (UTC)[reply]

@WeatherWriter: I would give it a few days as the discussion is now active with new comments. GoldenBootWizard276 (talk) 00:00, 3 March 2024 (UTC)[reply]

As nominator, I support a non consensus closure of this discussion so we can create an RFC to discuss how WP:ONEEVENT applies in this situation. GoldenBootWizard276 (talk) 21:56, 9 March 2024 (UTC)[reply]

Talk:1985_Pacific_hurricane_season#Proposed_merge_of_Hurricane_Ignacio_(1985)_into_1985_Pacific_hurricane_season

(Initiated 90 days ago on 30 January 2024) Listing multiple non-unanimous merge discussions from January that have run their course. Noah, AA^Talk 13:50, 15 March 2024 (UTC)[reply]

Talk:2003_Pacific_hurricane_season#Proposed_merge_of_Hurricane_Nora_(2003)_into_2003_Pacific_hurricane_season

(Initiated 90 days ago on 30 January 2024) Noah, AA^Talk 13:50, 15 March 2024 (UTC)[reply]

Talk:Pharnavaz_I_of_Iberia#Requested_move_6_February_2024

(Initiated 83 days ago on 6 February 2024) Requested move open for nearly 2 months. Natg 19 (talk) 17:46, 27 March 2024 (UTC)[reply]

Talk:12 February 2024 Rafah strikes#Merge proposal to Rafah offensive

(Initiated 76 days ago on 13 February 2024) The discussion has been inactive for over a month, with a clear preference against the merge proposal. CarmenEsparzaAmoux (talk) 19:35, 24 April 2024 (UTC)[reply]

Talk:2 World Trade Center#Split proposal 16 February 2024

(Initiated 72 days ago on 16 February 2024) Split discussion started over a month ago. TarnishedPath^talk 11:19, 23 March 2024 (UTC)[reply]

Talk:Genital_modification_and_mutilation#Requested_move_26_February_2024

(Initiated 63 days ago on 26 February 2024) – Requested move open several months, needs closure. Natg 19 (talk) 22:29, 18 April 2024 (UTC)[reply]

Talk:Rupert_Sheldrake#Talkpage_"This_article_has_been_mentioned_by_a_media_organization:"_BRD

(Initiated 12 days ago on 16 April 2024) - Discussion on a talkpage template, Last comment 6 days ago, 10 comments, 4 people in discussion. Not unanimous, but perhaps there is consensus-ish or strength of argument-ish closure possible. Gråbergs Gråa Sång (talk) 07:24, 23 April 2024 (UTC)[reply]

Place new discussions concerning other types of closing requests above this line using a level 3 heading

Per WP:SO, I am copying here unblock request made by blocked user User:Leugen9001 on their talk page, for community approval. Checkuser shows no recent socking, and the blocking admin agrees (See: User_talk:Leugen9001#Standard_Offer_Unblock_Request). Vanjagenije (talk) 18:50, 26 April 2018 (UTC)[reply]

I would like to request an unblock per the Standard Offer. It has been slightly more than six months since October 1st, 2017, and I would like to return to the encyclopedia. I promise that I shall no longer engage in the disruptive and rule-breaking behaviour that I have demonstrated in the past, and I do not dispute any of the reasons for which I have been banned. I understand that the Wikipedia community has a legitimate reason not to trust my promise and am willing to accept "2nd Chance" limits like topic-bans and requirements to propose changes to articles in order to prove that I can now be a productive member of the community. Leugen9001 (talk) 4:47 am, 12 April 2018, Thursday (15 days ago) (UTC+2)

• Oppose as is my standard unless a user demonstrates they will actually be an asset to the encyclopedia and discusses what they intend to do what they return. This is just a simple rote regurgitation of the SO procedure which does not demonstrate anything other than that they are able to read an essay and paraphrase it in an unblock request. Such requests should be declined. TonyBallioni (talk) 18:58, 26 April 2018 (UTC)[reply]
  • @TonyBallioni: The user has provided an answer on their talk page, see User_talk:Leugen9001#Standard_Offer_Unblock_Request. Vanjagenije (talk) 13:40, 5 May 2018 (UTC)[reply]
    • I'm still opposed because I've had bad experiences unblocking people who just give rote explanations in their initial request, and I also don't think that with 61 edits we have anything to go off of (and no, I don't count power's reasoning below as a reason to unblock. Following the rules is required, it is not something that should be looked at as exceptional.) TonyBallioni (talk) 15:12, 5 May 2018 (UTC)[reply]
• (edit conflict) Comment. Just to be clear, I don't support (or oppose) the unblock. I have not given the issue any thought. I agree only that the community should decide.--Bbb23 (talk) 19:01, 26 April 2018 (UTC)[reply]
• @Leugen9001: As you have talked about proposing changes, I would like to know if there are there any particular articles in your mind that you would like to edit. If yes then what you would really like to change about those articles? D4iNa4 (talk) 19:07, 26 April 2018 (UTC)[reply]

• Leugen9001 was more active as a contributor in WikiNews.[1] Their block log is clean there. D4iNa4 (talk) 19:21, 26 April 2018 (UTC)[reply]

• WikiNews is also dead, so I'm not really sure its the best project to point out a track record on. TonyBallioni (talk) 19:25, 26 April 2018 (UTC)[reply]

• Support there appears to be minimal history, largely from 2016. If they're willing to go through this rigamarole rather than doing an (invalid) clean start, we should let them. power~enwiki (π, ν) 19:34, 29 April 2018 (UTC)[reply]
• Support - user made a reasonably complete unblock request last September, acknowledging their past disruptive behaviour and swearing off it, though its sincerity is questionable seeing how they were still socking at the time. Although, perhaps that's a technicality if their sock didn't actually edit here, and WP:SO does encourage blocked users to edit other wikis. The timing wasn't good, anyway. Still, the user seems to be trying to do the right thing (h/t power~enwiki) and although I'm not terribly hopeful given their request to block their IP in case they "try to do something impulsive", I don't see a good reason not to give this user one last chance. I'd prefer no specific unblock conditions that might encourage "testing the limits", instead the user should realize that if they manage to get themselves blocked again, they can expect that to be more or less permanent. Ivanvector (^Talk/_Edits) 18:51, 4 May 2018 (UTC)[reply]

• Lidiia Kondratieva (talk · contribs · deleted contribs · logs · filter log · block user · block log)
• Edit count

This person is likely an undisclosed paid editor. Their competence in English and in WP is marginal at best.

The last straw for me was this response they just made, to a DS notice given to them by User:Ronz. It perfectly encapsulates what they do here. Perfectly pleasant on the surface, but either completely incompetent or completely bad faith.

Per their edit count, 8 of the top 9 articles they have worked on, are typical targets of paid editors. They also work on some historical figures as well (probably not paid?) and one of those is in the top 9 too:

• Corys TESS
• Christel Frese (athlete) here is the diff series - entirely unsourced.
• Greg Fischbach "entrepreneur"
• Thomas J. Falk CEO
• Rony Abovitz CEO
• Olivia Hime musician
• Brian Dyson retired CEO

? Not a typical target, but pretty clearly not notable and hard to understand outside paid editing

• Lucy Young here are their edits.

historical figures

• John Hedgecoe

A bigger list is at this COIN case I filed, which somehow got no traction.

I encountered this person at Naveen Jain, where efforts to "control the message" on that page have been ongoing since 2007 per this note on its talk page from back then, and also per the extensive list of SPA/promo editors I just added at the top of Talk:Naveen_Jain. Ronz has been riding herd on that mess since the page was created.

The COIN case linked above, shows past COIN cases about the Jain page and related topics.

A lot of the promotional efforts over the past 11 years, have been directed to downplaying the Infospace debacle and trying to emphasize his more recent space efforts.

More recently the page was pending changes protected in this diff in November 2017 and the Lidiia Kondratieva account showed up after that. They have made baffling Talk contributions like this, and this and this....and done radical edits to the page like this, where they deleted all the Infospace stuff and tried to create a POV fork with it.

The DS notice was given just after Lidiia Kondratieva took yet another hack at the Infospace section.

This person is not improving WP and is a drain on everybody else. In my view they should be indefinitely blocked. Jytdog (talk) 00:29, 27 April 2018 (UTC)[reply]

I agree with Jytdog's assessment. I wish we could figure out who is behind the editing assignments that Lidiia Kondratieva is apparently getting (and the many other editors editing in a similar fashion). --Ronz (talk) 03:09, 27 April 2018 (UTC)[reply]

Endorse indef block There is something seriously amiss. @Lidiia Kondratieva: please respond here. We have grave concerns about your editing.--Dlohcierekim (talk) 03:14, 27 April 2018 (UTC)[reply]

• I came across this editor a few days back and while the topics seem rather different, I believe this is part of one of the many South Asian UPE groups that I've blocked. There is some overlap with -- "Sudheer Telaprolu" group, but I can't be sure that it's part of that group, and per WP:BEANS I'm not commenting on a couple of other tell tale signs of being part of a UPE ring. If I hadn't seen this here, I'd have likely done some investigation into this account towards a resolution, but now that we're here, I think an indef block is in order (if not superseded by a CU block as part of a UPE ring). —SpacemanSpiff 03:29, 28 April 2018 (UTC)[reply]

• Support: a clear behavioural pattern of UPE editing. --K.e.coffman (talk) 04:13, 28 April 2018 (UTC)[reply]

• just adding a comment to prevent this from being archived. This account is problematic and I hope folks look at this. thanks. Jytdog (talk) 14:54, 1 May 2018 (UTC)[reply]

I don't know how long it will be until Materialscientist has a chance to see this so I thought I would bring it to this noticeboard in case it is something that needs attention sooner rather than later. If you deem that my post here is bringing undue attention to it please feel free to remove and even R/D this section. MarnetteD|Talk 21:30, 30 April 2018 (UTC)[reply]

I've removed the personal information, but this seems more like a content dispute. Primefac (talk) 12:15, 1 May 2018 (UTC)[reply]

Miccoliband (talk · contribs) was indefinitely hard-usernameblocked on 3 February 2018. On 7 February 2018 and 30 April 2018, the user was found to have engaged in sockpuppetry in accordance with publicly-documented CheckUser evidence. Per WP:3X, this user is automatically considered community-banned. I haven't found any other examples of these AN reports, which are suggested by the policy, so I'm guessing this will be good enough. Best, Kevin (aka L235 · t · c) 22:22, 30 April 2018 (UTC)[reply]

Oops, I suppose under the policy, we need an administrator to declare that the user is well and truly automatically community banned – misread that. Kevin (aka L235 · t · c) 22:34, 30 April 2018 (UTC)[reply]

Editors who are found to have engaged in sockpuppetry on at least two occasions after an initial indefinite block, for any reason, are effectively site banned by the Wikipedia community. Publicly documented CheckUser evidence should typically be involved before a user is considered banned in this way. Users who have been banned in this way are subject to the same unban conditions as users banned by community discussion.[2]

Administrators should normally place a notice at Wikipedia:Administrators' Noticeboard alerting the community of such a ban, place Template:Banned user on the master account's user page, and add the user to any relevant Arbitration Committee sanctions enforcement list.

Are you referring to Administrators should normally..., or is some other admin declaration needed? Nyttend (talk) 22:50, 30 April 2018 (UTC)[reply]

@Nyttend: Yeah, I was referring to the "Administrators should normally ..." sentence. Thanks, Kevin (aka L235 · t · c) 23:07, 30 April 2018 (UTC)[reply]

I think the point is having a trusted user do it, rather than just any autoconfirmed user; we don't want someone going around and inappropriately tagging a bunch of long-blocked users, either through malice or through misunderstanding. We also don't want someone going around tagging the user when the alleged sock is not blocked (that would either be getting ahead of a reviewing admin, or doing something in spite of a contrary review), but here the socks have been blocked. Probably the writer of this piece imagined that an admin would perform the block and then come here to announce it. Since that didn't happen, and since SPI clerks like you are quite trustworthy, I can't see a good reason to demand an admin do it. If an admin be needed, I'll have to revert or duplicate your notice here, and I'll have to revert or duplicate your edit that added the {{banned user}} to the userpage, since the policy says that the admin has to do those things. WP:BURO, let's be satisfied with what you did :-) Nyttend (talk) 23:20, 30 April 2018 (UTC)[reply]

Thanks, works for me. Kevin (aka L235 · t · c) 01:58, 1 May 2018 (UTC)[reply]

The idea behind it was that it should be an admin so that accountability would apply. I don't think we've had much use of that part of the new policy since it was passed, because, well, most of the people who sock aren't longterm users and are mainly just trolls and spammers, who the policy wasn't really aimed as much at i.r.t. the unblock aspect. If you look at the discussion, there was some comment as to whether that part was needed, and given that I'm sure this is not the first THREESTRIKES ban, it might be worth tweaking that bit.

I think the idea that we want community oversight when this is applied to a longterm user is important, but it doesn't make the ban any less operative in cases like this. The main part of the policy is that an indefinite block plus two incidences of socking is equivalent to a ban and requires the same conditions to unblock (namely, discussion). The bureaucracy part we can tweak as conditions requires. TonyBallioni (talk) 03:10, 1 May 2018 (UTC)[reply]

I pushed to have the bureaucracy of that part worded as weakly as reasonable: 'administrators should normally', not 'the blocking admin has to tag the master and announce it here'. For me, basically, an editor who is blocked under the conditions is plainly community banned, even if it is not announced. Announcing and tagging is sometimes good (awareness by broader community, overview), but sometimes also to be avoided (don't feed the troll). Also, the wording has to be so that we don't get a sockmaster with 20 checkuser confirmed and blocked socks coming with 'I am not community banned, because a) no-one announced it to WP:AN, and my master account has never been tagged.

Q: do we have a special parameter on {{banned user}} or {{sockmaster}} for the three strikes to identify that the banned user is banned 'automatically' and not be individual discussion? I do think that that is informative. --Dirk Beetstra ^{T C} 06:32, 1 May 2018 (UTC)[reply]

Dirk Beetstra, what do you think of what I said, Probably the writer of this piece imagined that an admin would perform the block and then come here to announce it? Were you hoping for the blocking admin to do the tagging and announcing? Nyttend (talk) 11:53, 1 May 2018 (UTC)[reply]

@Nyttend: not hoping, I don't really care that the editor is tagged or not, nor whether the community has been explicitly notified. What Kevin did was fine, but, to me, superfluous. --Dirk Beetstra ^{T C} 12:50, 1 May 2018 (UTC)[reply]

OK, thank you. Nyttend (talk) 13:02, 1 May 2018 (UTC)[reply]

Yeah, I agree with Dirk. The situations where I see this is needed is for cases where we have a user who had previously been an established member of the community, who gets blocked and then starts socking. For the tagging, it might be worth updating the sock template with a parameter. This is useful for unblocks. I might tweak the wording a bit since this hasn't caught on. I still think it's a good idea to place a notice here if say someone like DrStrauss were to be socking again, but we don't need it for trolls and people who never hit extended confirmed.​ TonyBallioni (talk) 13:37, 1 May 2018 (UTC)[reply]

Alright, I misunderstood the consensus – the wording of the policy made it seem like the ban is automatic and mandatory. Got it now. Kevin (aka L235 · t · c) 14:35, 1 May 2018 (UTC)[reply]

The ban is automatic. The paperwork, etc. is a "normally" thing, and was worded as such, because like Dirk pointed out above, we don't want to feed the trolls, etc. Like I said, as there was some comments on the RfC that the paperwork wasn't always neccesary, and we haven't started posting the notice in every case, we should probably tweak it (and I'll work on that sometime later this week )​ TonyBallioni (talk) 14:38, 1 May 2018 (UTC)[reply]

So, Tony, this sounds like it's for someone like Access Denied, whose name will be known to plenty of people who aren't sock-fighters. Is it supposed to be applied retroactively to everyone (minus those who got a community or Arbcom unblock, of course), or only to people who continue socking after the provision's created? On one hand, it might make sense to apply it to someone who was making a mess a few months ago, but on the other hand it would be a bit silly to apply it to User:WoW, the original incarnation of Willy on Wheels. Nyttend (talk) 23:36, 1 May 2018 (UTC)[reply]

@Nyttend: LOL. WoW! That will certainly get the conversation moving-- on wheels!--Dlohcierekim (talk) 09:43, 3 May 2018 (UTC)[reply]

• As an SPI clerk (this seems to fall in our purview) we add sock tags unless there's some reason not to, but sockmasters are tagged pretty consistently. We could modify the {{sockpuppeteer}} template with a switch something like banned=yes or threestrikes=yes or checked=ban that would make the template say something like "This user is banned by the community because CheckUser evidence confirms the operator has repeatedly abused multiple accounts" in place of the checked=yes messaging. Also, as a clerk, if I find a tag that has been placed inappropriately I just fix it or remove it, and there are a few users I've asked not to do it because they've been making a lot of errors or using them abusively, but not that many. But if we are going to create or use a second template for this purpose, it's important that if there's a {{sockpuppeteer}} tag on the page already, it shouldn't be removed, just add {{banned user}} underneath if that's what we decide to do. Ivanvector (^Talk/_Edits) 13:49, 4 May 2018 (UTC)[reply]

Ivanvector: I think the parameter option makes the most sense, and meant to start a conversation about that after the change went through. It might be worth updating the wording of the policy page to be something re: notification at AN to read something like A notice should normally be placed at AN if the user had substantial good faith contributions before being blocked. as this seems to get at the intent there. TonyBallioni (talk) 13:55, 4 May 2018 (UTC)[reply]

Would anyone be willing to help keep an eye on Wikipedia:Geonotice, or add their name as a backup contact for it? It's not a very burdensome task - there's a couple of requests a month and mostly they just need a javascript template to be filled out. A couple of minutes work in most cases.

At the moment there's only one or two admins who frequent it. I'm mostly active on Wikidata these days, so if I don't spot it on my watchlist when I drop in, things can go weeks unanswered. I've just dealt with one I missed almost a month back (!) - thankfully it was requested a month in advance - but of course it's very useful if we can post up requested notices promptly.

I used to do a lot of maintenance work here and the page still has me on as a "poke if nothing happens" contact. I don't really think it's a great idea to have someone semi-active as the suggested contact, but equally I don't want to remove my name when it's the only one there... Andrew Gray (talk) 12:53, 1 May 2018 (UTC)[reply]

• I've watchlisted this and added my name to the list of people to poke. GoldenRing (talk) 13:32, 1 May 2018 (UTC)[reply]

@GoldenRing: Great - many thanks. Andrew Gray (talk) 18:42, 1 May 2018 (UTC)[reply]

Cross-posted from the ArbCom noticeboard: The arbitration clerks are currently looking for a few dependable and mature editors willing to serve as clerks. The responsibilities of clerks include opening and closing arbitration cases and motions; notifying parties of cases, decisions, and other committee actions; maintaining the requests for arbitration pages; preserving order and proper formatting on case pages; and other administrative and related tasks they may be requested to handle by the arbitrators. Clerks are the unsung heroes of the arbitration process, keeping track of details to ensure that requests are handled in a timely and efficient manner.

Past clerks have gone on to be (or already were) successful lawyers, naval officers, and Presidents of Wikimedia Chapters. The salary and retirement packages for clerks rival that of arbitrators, to boot. Best of all, you get a cool fez!

Please email clerks-llists.wikimedia.org if you are interested in becoming a clerk, and a clerk will reply with an acknowledgement of your message and any questions we want to put to you.

For the Clerks of the Arbitration Committee, Kevin (aka L235 · t · c) 15:27, 1 May 2018 (UTC)[reply]

Discuss this at: Wikipedia talk:Arbitration Committee/Noticeboard#Arbitration Committee seeking new clerks

Resolved

We have a motherload of pages listed in Category:G13 eligible AfC submissions that are eligible for G13 deletion. I'm not seeing it in Category:Administrative backlog yet, but I've gone through and tagged some of them and there's many more if someone wants to swing by and clean some of them out. Thanks. Home Lander (talk) 21:12, 1 May 2018 (UTC)[reply]

Empty. Feel free to one-click this. Primefac (talk) 11:48, 2 May 2018 (UTC)[reply]

@Primefac: Not so fast - there's 307 pages listed at the moment. Home Lander (talk) 14:13, 2 May 2018 (UTC)[reply]

My apologies, I misread and thought you were talking about Category:Candidates for speedy deletion as abandoned drafts or AfC submissions. For what it's worth, G13-eligible pages are not necessarily summarily deleted, they still require someone to nominate them (usually User:HasteurBot). There are some users who find "diamonds" in these pages, and so there's no reason to summarily d-batch the entire cat (otherwise we'd just have it happen automatically). Primefac (talk) 14:19, 2 May 2018 (UTC)[reply]

In other words, it is not (and will never be) part of the administrative backlog. Primefac (talk) 14:20, 2 May 2018 (UTC)[reply]

@Primefac: Yeah, I bring up a batch of pages at a time and have a quick look to see if there's anything that looks really good. Unfortunately many of them simply consist of the unsubmitted draft template followed by an empty reference section. Incidentally, there's a tag at the top of the category page that I had overlooked stating that it will put the page in Category:Wikipedia backlog if more than 500 items are pending. Home Lander (talk) 03:25, 3 May 2018 (UTC)[reply]

Huh. Colour me surprised. Primefac (talk) 15:26, 4 May 2018 (UTC)[reply]

I almost commented to that effect, but you did say administrative backlog ~ Amory (u • t • c) 15:39, 4 May 2018 (UTC)[reply]

Which is still true, I suppose, but I probably shouldn't un-strike my text, since my I too missed the {{backlog}} at the top of the cat and that was more of the point. Primefac (talk) 15:46, 4 May 2018 (UTC)[reply]

Tue bot only nominates AfC pages. When I looked a few hours ago there were over 400 non-AfC pages to tag. User:MusikBot/StaleDrafts/Report Legacypac (talk) 17:02, 4 May 2018 (UTC)[reply]

Special:Contributions/Ichabbie396. Do we have an LTA page for it?--Dlohcierekim (talk) 03:17, 2 May 2018 (UTC)[reply]

It's Wikipedia:Sockpuppet investigations/Angela Criss. No LTA page that I'm aware of, and I'd consider it a WP:DENY case. Ivanvector (^Talk/_Edits) 14:03, 4 May 2018 (UTC)[reply]

News and updates for administrators from the past month (April 2018).

Administrator changes

None

Chochopk • Coffee • Gryffindor • Jimp • Knowledge Seeker • Lankiveil • Peridon • Rjd0060

Guideline and policy news

• The ability to create articles directly in mainspace is now indefinitely restricted to autoconfirmed users.
• A proposal is being discussed which would create a new "event coordinator" right that would allow users to temporarily add the "confirmed" flag to new user accounts and to create many new user accounts without being hindered by a rate limit.

Technical news

• AbuseFilter has received numerous improvements, including an OOUI overhaul, syntax highlighting, ability to search existing filters, and a few new functions. In particular, the search feature can be used to ensure there aren't existing filters for what you need, and the new equals_to_any function can be used when checking multiple namespaces. One major upcoming change is the ability to see which filters are the slowest. This information is currently only available to those with access to Logstash.
• When blocking anonymous users, a cookie will be applied that reloads the block if the user changes their IP. This means in most cases, you may no longer need to do /64 range blocks on residential IPv6 addresses in order to effectively block the end user. It will also help combat abuse from IP hoppers in general. This currently only occurs when hard-blocking accounts.
• The block notice shown on mobile will soon be more informative and point users to a help page on how to request an unblock, just as it currently does on desktop.
• There will soon be a calendar widget at Special:Block, making it easier to set expiries for a specific date and time.

Arbitration

• The Arbitration Committee is seeking additional clerks to help with the arbitration process.

Obituaries

• Lankiveil (Craig Franklin) passed away in mid-April. Lankiveil joined Wikipedia on 12 August 2004 and became an administrator on 31 August 2008. During his time with the Wikimedia community, Lankiveil served as an oversighter for the English Wikipedia and as president of Wikimedia Australia.

I'm starting to see entries at Category:Candidates for speedy deletion that I don't understand why they're on there. There doesn't seem to be anything in the entry histories that indicate they were tagged for CSD

User:CAPTAIN RAJU/AFD

Wikipedia:Articles for deletion/Log/2018 May 2

Wikipedia:Articles for deletion/Log/Today

User:Wcquidditch/wikideletiontoday

There might be others. But these jumped out at me for not having been nominated for deletion, but appearing on the list. — Maile (talk) 20:05, 2 May 2018 (UTC)[reply]

They were transcluding one or more pages that were themselves nominated for deletion. It gets cleared once the transcluded page is handled one way or another, and the host page is recached. Someguy1221 (talk) 20:13, 2 May 2018 (UTC)[reply]

I see. Thank you for the clarification. — Maile (talk) 20:14, 2 May 2018 (UTC)[reply]

Just for completion's sake, it was Wikipedia:Articles for deletion/Hugo (software) (2nd nomination), deleted under G7. ~ Amory (u • t • c) 20:36, 2 May 2018 (UTC)[reply]

By the way, Maile66, this is a function of the Job queue. If a page is added to a category indirectly because the category is part of a transclusion, the category does not get removed immediately when the template is removed: the page has to be edited first. Not an issue if someone edits the page to remove the transclusion, but if it's removed indirectly (say it's added by a template on a transcluded page, and the template's removed from the transcluded page), or when the transcluded page is deleted, you have to wait for the job queue to catch up. Nyttend (talk) 03:13, 3 May 2018 (UTC)[reply]

Probably thousands of pages are affected, every transclusion of {{Disambiguation}} is impacted by vandalism of nested {{Disambiguation page short description}}, which itself is a new thing. I've reverted the vandalism. I don't have my admin tools anymore but IMO at least a VOA-block of Delpmart and some protection of {{Disambiguation page short description}} seems warranted, and then y'all can discuss the need for this subtemplate and/or why this was left vulnerable (I thought template-protection was supposed to cascade down to transcluded subtemplates but maybe I'm wrong). Ben · Salvidrim! ✉ 05:19, 3 May 2018 (UTC)[reply]

I'm heading to bed so I've no time to continue edit-warring with some shitty vandal, hopefully some admin will attend to this regardless of the idiot deleting this thread. Ben · Salvidrim! ✉ 05:22, 3 May 2018 (UTC)[reply]

I've protected {{Disambiguation page short description}}, and blocked the vandal. Someone more knowledgeable should take a look at the necessity of this newly-created template. utcursch | talk 05:23, 3 May 2018 (UTC)[reply]

Relevant thread (which I haven't read yet): Template talk:Disambiguation#Related templates Ben · Salvidrim! ✉ 05:30, 3 May 2018 (UTC)[reply]

Thanks utcursch, Salvidrim!. The template is part of Wikipedia:WikiProject Short descriptions campaign to populate mainspace pages with Wikipedia:short descriptions to avoid WMF using inappropriate or poor quality descriptions from Wikidata in search results. Precursory saga described at project page through links. Basically forced on us by WMF. Cheers, · · · Peter (Southwood) ^(talk): 06:40, 3 May 2018 (UTC)[reply]

The image File:Asshole hat.jpg that was used in the vandalism above is still showing transclusions onto well over 500 pages. I've put in a request to have the image blacklisted but many pages may still need to be purged. I've loaded several but it's not showing on any so far. Home Lander (talk) 16:51, 3 May 2018 (UTC)[reply]

Please note that receiving one of these notifications does not mean your account was actually compromised or hacked. You may want to review WP:STRONGPASS and WP:SECURITY to ensure you are doing all you can to protect your account, but you do not necessarily need to reset your password. Beeblebrox (talk) 20:53, 3 May 2018 (UTC)[reply]

Can you please find out who tried to break into my account? It worries me. I want to see if it was someone in my area or other. Alex of Canada (talk) 17:35, 3 May 2018 (UTC)[reply]

@Alex of Canada: Someone tried three times several hours ago to get into mine. It happens; as long as you have a secure password you should be fine. Home Lander (talk) 17:40, 3 May 2018 (UTC)[reply]

This just happened to me, too. It's not unusual, I get one or two a month, and about once a year, someone makes a whole lot of login attempts. Make sure you have a unique password for Wikipedia. Use a password manager if you don't already. Use multi-factor authentication. Consider changing your password if you are worried (or especially if it wasn't unique). I already have these set up on my account so I just ignore the warnings when they come in. You asked to find out who tried to break into your account. That information is not generally available, I'm afraid. --Yamla (talk) 17:41, 3 May 2018 (UTC)[reply]

My password is secure, but I'm worried it might be a hacker who will find out how to get into anyone eventually. Alex of Canada (talk) 17:48, 3 May 2018 (UTC)[reply]

Best case is to use a unique password here (so if they figure out who you are, can't get into anything else, such as your email) and set up extra measures. A WP:Committed identity would be a good start. Home Lander (talk) 17:53, 3 May 2018 (UTC)[reply]

That might be a legitimate worry, but it existed before some person or bot tried to brute-force some Wikipedia accounts. Hacking without guessing the password is a whole different proposition. Related stuff at Wikipedia:Village pump (technical)#two-factor authorization and User talk:Winkelvi#Compromised account attempt. ―Mandruss ☎ 17:54, 3 May 2018 (UTC)[reply]

Related discussion at VPT (permalink) with some more detailed information. Seems there's a rash of this today. ~ Amory (u • t • c) 18:04, 3 May 2018 (UTC)[reply]

Yep. Two threads at the teahouse on this same subject. Beeblebrox (talk) 18:37, 3 May 2018 (UTC)[reply]

Just tried and failed with mine. --SarekOfVulcan (talk) 18:43, 3 May 2018 (UTC)[reply]

Recommend that all admins set up 2-factor auth. Andrevan@ 18:49, 3 May 2018 (UTC)[reply]

Everyone reviewing WP:STRONGPASS and WP:SECURITY couldn’t hurt either. Beeblebrox (talk) 18:50, 3 May 2018 (UTC)[reply]

Me, too (in case anyone is keeping track of admin v non-admin attempts). SandyGeorgia (Talk) 18:59, 3 May 2018 (UTC)[reply]

Me too. I already asked a question at WP:Village pump (technical)#two-factor authorization. Martinevans123 (talk) 19:02, 3 May 2018 (UTC)[reply]

I had this today as well, but I have break-in attempts on a regular basis, with a record of several hundreds per day (not today though).--Ymblanter (talk) 19:15, 3 May 2018 (UTC)[reply]

They must like you. Martinevans123 (talk) 19:21, 3 May 2018 (UTC)[reply]

Got an attempt today as well. SQL^{Query me!} 19:20, 3 May 2018 (UTC)[reply]

Me as well. Question I should probably know the answer to: can a functionary look up the IP addresses behind these bogus login attempts and implement a technical restriction? Ivanvector (^Talk/_Edits) 19:22, 3 May 2018 (UTC)[reply]

Technically, yes. Whether it is allowed by the policy I do not know.--Ymblanter (talk) 19:43, 3 May 2018 (UTC)[reply]

Well, if there's a way to determine that an IP is being used for abusive login attempts, autoblocking that IP for 24 hours is probably a good security practice. Wouldn't stop them hacking an account probably but then at least they wouldn't be able to edit. If our policies don't support that then we should change our policies. Ivanvector (^Talk/_Edits) 19:55, 3 May 2018 (UTC)[reply]

Me too. Natureium (talk) 19:39, 3 May 2018 (UTC)[reply]

First Thursday of every May. Coincidence, perhaps. --NeilN ^{talk to me} 19:18, 3 May 2018 (UTC)[reply]

I'm probably the only editor right now that hasn't had attempted account hacks ...... Not sure if that's a good sign or a bad one lol. –Davey2010^Talk 19:32, 3 May 2018 (UTC) Inevitable happened. –Davey2010^Talk 22:25, 3 May 2018 (UTC)[reply]

Me too, Davey! --Malcolmxl5 (talk) 21:24, 3 May 2018 (UTC)[reply]

• I readily admit I am not the most experienced CU, but I am unaware of how we could look up who attempted and failed at logging in. I’ll ask for further input though in case it’s just something I don’t know about. Beeblebrox (talk) 19:50, 3 May 2018 (UTC)[reply]

Good point. So all we need to do is all simultaneously set our passwords to "password* for five minutes and simply track 'em down!!? Martinevans123 (talk) 19:56, 3 May 2018 (UTC)[reply]

Yeah, it would take far more access (database?) to determine where this is coming from. If that information is even stored. If this isn't a bot driven thing (which it probably is), then a limiter on logins per IP would be nice as well. Arkon (talk) 20:03, 3 May 2018 (UTC)[reply]

• I’ve gotten some response form the other functionaries about this, here’s what we’ve got:

• Currently, CU cannot do this
• There is a phabricator thread about notifying the user of the ip of whoever tried to log into their account. It is approved and being worked on but not functional yet
• There is some indication that this is a specifc banned user already familiar to some of the functionaries so it is possible some action will be forthcoming but I’m not sure wat it will be.

Beeblebrox (talk) 20:24, 3 May 2018 (UTC)[reply]

@Beeblebrox: There is a way to check it, but it's on Toolforge. The people that have access to it aren't functionaries but more devs I think. There'sNoTime knows more about it. Dat Guy^Talk_Contribs 09:00, 4 May 2018 (UTC)[reply]

• Apparently there have been tens of thousands of failed login attempts over the past few hours. Check this out for some idea of the scope. The back office is aware of this and we cn expect a statement from them in the near future. Beeblebrox (talk) 20:33, 3 May 2018 (UTC)[reply]

Thanks for clarifying. Martinevans123 (talk) 20:44, 3 May 2018 (UTC)[reply]

• Interesting. I got one of those failed login attempt messages too. I changed my password to something stronger and thought nothing else of it until now. – Muboshgu (talk) 20:36, 3 May 2018 (UTC)[reply]

• I just got a notification that somebody get into mine too.--Crasstun (talk | contributions) 20:44, 3 May 2018 (UTC)[reply]
• Me too, and User:SPECIFICO. We were also both targeted at Wikipedia yesterday by the same editor, but no idea if there's any connection. That editor also knows my anon Facebook and Twitter accounts. Strange. -- BullRangifer (talk) PingMe 20:52, 3 May 2018 (UTC)[reply]

User:BullRangifer You posted it here on WP when you were talking with some IP who then posted it on my talk page because he saw me arguing with you. Someone tried to access my WP account too. Factchecker_atyourservice 02:05, 4 May 2018 (UTC)[reply]

Thanks for clearing that up. Let's make sure it doesn't spread. I'll seek a revdel. -- BullRangifer (talk) PingMe 03:18, 4 May 2018 (UTC)[reply]

• Happened to me this morning. In a way i'm glad it is not an isolated incident.--SamHolt6 (talk) 21:14, 3 May 2018 (UTC)[reply]
• It happened to me too at 14:12 UTC today too. L293D (☎ • ✎) 21:32, 3 May 2018 (UTC)[reply]
• You may add me to the list of failed hack targets. I have 2FA enabled so I am not overly concerned about my account security. But I am very concerned about what looks like an orchestrated attack on the project. -Ad Orientem (talk) 22:03, 3 May 2018 (UTC)[reply]
• For what it's worth, someone (the same person?) tried to break into my account just a few hours ago. Adam9007 (talk) 22:07, 3 May 2018 (UTC)[reply]

+1 - I felt like the odd one out so kinda glad someone attempted it , Jokes aside why is there a huge influx of password resettings ? ... It doesn't seem all that productive .... –Davey2010^Talk 22:25, 3 May 2018 (UTC)[reply]

• Happened to me 7 hours ago. Silly culprit; if he was targetting editors with any care, Davey2010 and other big-name users here should have been higher on his priority list than me. No one's ever bothered to try to hack my account before. Sideways713 (talk) 22:48, 3 May 2018 (UTC)[reply]
• I got that notification as well, 2 hours ago. theinstantmatrix (talk) 22:57, 3 May 2018 (UTC)[reply]

Same here, a few hours ago. GoodDay (talk) 23:26, 3 May 2018 (UTC)[reply]

• Could this be related to today being World Password Day? ^Falling_Gravity 23:39, 3 May 2018 (UTC)[reply]

• Read up above - I heavily doubt it, since the perpetrator is apparently known to the WMF. As an aside, they tried me as well, but my password's only been strengthened since I was an admin, so they didn't get far. —Jeremy v^_^v ^Bori! 23:47, 3 May 2018 (UTC)[reply]

Me too, although I'm pretty sure who tried doing it... Am i famous now?💵Money💵emoji💵^Talk 23:46, 3 May 2018 (UTC)[reply]

• For the first time ever, I received notification that someone had tried to log into my account today. I am not an admin. This needs to be investigated.Smeat75 (talk) 00:09, 4 May 2018 (UTC)[reply]

• Read the thread above. I'm fairly certain the WMF is already on it. —Jeremy v^_^v ^Bori! 00:11, 4 May 2018 (UTC)[reply]

• Russians? ^{[FBDB] Atsme📞📧} 02:11, 4 May 2018 (UTC)[reply]

I was waiting for someone to say the Russians :) GoodDay (talk) 02:17, 4 May 2018 (UTC)[reply]

• Me too. (And yes, I have two-factor authentication.) Heimstern Läufer (talk) 12:41, 4 May 2018 (UTC)[reply]

According to this graph of the Wikimedia User Login Attempts, this account hacking attempt has resumed today and is still continuing, as of this writing. There are a lot more "Throttled logins" today than in yesterday's attacks, which now appears to comprise the vast majority of the latest attack wave. (And yes, this LTA/hacker took a swipe at my account yesterday and a couple more times today.) This is getting ridiculous. LightandDark2000 (talk) 23:30, 4 May 2018 (UTC)[reply]

I suspect this attack may have something to do with the recent Twitter password leak [9]. Is it possible that someone has got a copy of this "internal log" and has now got a botnet trying to find Wikipedia accounts that match the Twitter ones? (Yes, I got an attempt against my account too, and no, the other QuietOwl on Twitter is not me, I don't use this username anywhere else, or any social networking site, for that matter.) QuietOwl (talk) 02:48, 5 May 2018 (UTC)[reply]

Okay, this time, the next attack wave is longer than the first one, and it's still ongoing right now. This can't be a good sign. LightandDark2000 (talk) 06:34, 5 May 2018 (UTC)[reply]

I've added a picture of the graph depicting the mass-cyberattack attempts. I estimate that at least 400,000 accounts may have experienced some attempt to break in. It should be noted that this is the largest account-hacking attempt that Wikimedia has experienced at least in the last 5 years (possibly the largest such attack ever). I also noticed today that the attacks seemed to have stopped. I wonder what happened to the hacker. What's keeping him? ;) LightandDark2000 (talk) 06:22, 6 May 2018 (UTC)[reply]

Today, only 30 minutes ago, someone (probably the same hacker) tried to break into my account 3 more times. I guess it must have something with me uploading the picture. Though I already hardened my password 2 more times, so it won't really help them at all. What in the hell is wrong with this person? The WMF seriously needs to block the access for the IP network responsible; at least Globally Rangeblock the IP if it will help. LightandDark2000 (talk) 19:56, 6 May 2018 (UTC)[reply]

Oh, God, they're doing it again! This time the attacks are almost entirely "login throttles". Seriously? Someone needs to block off the IP network hosting the attacks, or at least add in some new firewall rules to Wikimedia Foundation computers if this is some kind of offline attack. LightandDark2000 (talk) 10:40, 7 May 2018 (UTC)[reply]

PSA: Admins should enable two-factor authentication

As an additional security measure, admins and editors with similar permissions can (and should) use Special:Two-factor authentication to prevent account hijacking. Sandstein 21:51, 3 May 2018 (UTC)[reply]

• (edit conflict)I would gladly use 2FA (and I was also the subject of a hack attempt) if the code was emailed, in addition to (or instead of) being sent to a mobile number. We have a cell phone but it's usually off, but my email is generally available. I may not be the only admin in a similar situation. Miniapolis 22:51, 3 May 2018 (UTC)[reply]
• I really really do not agree, Sandstein. We've had several cases of admins, including technically savvy admins, who have been in despair because they lost their whatsits — I don't remember what they're called — some magic formulas that you need for your account when you have two-factor authentication — and apparently the magic gets lost every time you get a new phone. Ouch. Eventually, after much stress, these people have been rescued through being able to e-mail people who can vouch for them because they recognize the way they talk. (Hello, Jehochman, hope your account is OK these days.) People who habitually edit from internet cafes or library computers, or who have a mischievous twelve-year-old or a hard-drinking sister-in-law around the house, may possibly need the system, but everybody else had much better instead get a really strong password and not use that password anywhere else. In my opinion. Bishonen | talk 22:57, 3 May 2018 (UTC). (PS: And yes, I've had the attempts today and so has Bishzilla. Considering the numbers of people who have, I find it hard to believe WWII editors have been singled out.) Bishonen | talk 23:02, 3 May 2018 (UTC).[reply]

You're both right, to some degree. Bish, the magic you're thinking of is a scratch code (I'm not sure if that's what our implementation calls it) and it is just a plain text code that you're supposed to keep somewhere safe, so that if you do lose your authentication device (i.e. get a new phone) then you can use that code to reset your 2FA and re-implement it on your new device. If you lose your password AND your device AND those codes AND nobody can vouch for you, then yeah, you're fucked, but that's a lot of concurrent failures. If I remember right, when you enable 2FA here the codes you need are all displayed on the screen (you scan a QR code and the scratch codes are plain text), not sent by text or emailed or whatever. Maybe that depends on what authenticator you use. Ivanvector (^Talk/_Edits) 23:07, 3 May 2018 (UTC)[reply]

• <<ec>>What Bishonen said. Every time I read the instructions my blood runs cold. With the two factor authentication I have w/ my bank and emails, there is a backup and authentication involves sending a request to my phone. The process here sounds dangerously complicated, and the grater risk is that I lose my whatsit.--Dlohcierekim (talk) 23:09, 3 May 2018 (UTC)[reply]

Is it true that once you do this there's no going back? I don't want to do something irrevocable. And I have a strong password.--Dlohcierekim (talk)

No, not at all, you can turn it off any time as long as you have access to your account. I get that we're still calling it "beta", but I turned it on the day my RfA closed, and I've never had a problem. Ivanvector (^Talk/_Edits) 23:22, 3 May 2018 (UTC)[reply]

Blood-chillingly complicated is right, Dlohcierekim. And it sounds to me like the whole log-in operation, otherwise so smooth, gets much more fiddly with 2FA, every time you do it. That's quite a problem for people with a lot of socks![10] Bishonen | talk 23:30, 3 May 2018 (UTC).[reply]

Not by much, no, there's one extra step. The squirrel still gets in just fine. Ivanvector (^Talk/_Edits) 23:49, 3 May 2018 (UTC)[reply]

• I use Authy (authy dot com) for my 2FA here. It allows one to use multiple devices as well as back up the seed. There is a slight security hit since more than one device can be used but for me it is worth it to remove the single point of failure. Jbh ^Talk 23:45, 3 May 2018 (UTC)[reply]
• I have to say I was intimidated by it at first as I am not super technically minded but once it is set up it is remarkably easy to use, and I made sure I have those scratch codes in a safe place in case I ever need them. Beeblebrox (talk) 00:19, 4 May 2018 (UTC)[reply]
• I actually am a techie person, but I do agree that the instructions and setup appear intimidating. But once it is set up, 2FA really is easy to use. Enter your password as usual, then it asks for a number. Open the app on your phone/tablet/whatever, and it displays a number. Type in that number. And as long as you do remember to record the original scratch codes somewhere, the whole thing can always be reset in the event of a disaster. As for login attempts, I've had one rather than the multiple attempts that many are getting - presumably it stopped at the first 2FA challenge. Boing! said Zebedee (talk) 08:55, 4 May 2018 (UTC)[reply]
• I use 2FA, but as someone who seems to drop or otherwise break their phone at least once per year, I agree with others that the way 2FA works is a royal pain in the neck. If I'm unable to access my old device, I have to (a) find where I wrote down the scratch codes (b) use one to login & disable 2FA (c) re-enable 2FA with the new device and (d - and this is the worst bit) write down a whole new set of scratch codes. If you've lost your scratch codes, you are basically screwed and are looking at registering a new account and convincing anyone who will listen that the two are connected. Committed identity helps with this - but of course you have to be able to find the file you used to create it. Things that would help with this situation are (a) only generate a new set of scratch codes when a user requests it or when the last one is used, not every time 2FA is enabled, so that at least you don't have to write down a whole new set every time you use one and (b) have some back up way of resetting authentication on the account. The latter would involve the WMF holding some way of getting in touch with you or proving your identity. I guess for people who have identified to the WMF this is already possible; otherwise, of all the websites I use, enwiki is the one where it is hardest to recover your account - and it seems it is often impossible. I thought there was a phab ticket to improve this situation, but I can't find it just now (fun diversion: try searching '2FA' on phab and you'll see how many people have difficulties with it - it seems that at least sometimes it is possible to convince the devs to twiddle bits). GoldenRing (talk) 11:20, 4 May 2018 (UTC)[reply]

• Two factor authentication, as implemented on Wikipedia, is farkakt. Jehochman ^Talk 18:12, 4 May 2018 (UTC)[reply]

  gesundheit--Dlohcierekim (talk)

• Regarding losing scratch codes - does no one else use a cloud storage or cloud backup service? --NeilN ^{talk to me} 20:08, 4 May 2018 (UTC)[reply]

  negative. I consider nothing in the cloud or otherwise online secure.--Dlohcierekim (talk) 20:09, 4 May 2018 (UTC)[reply]

• @Dlohcierekim: Sigh. ^{[citation needed]}... --NeilN ^{talk to me} 20:14, 4 May 2018 (UTC)[reply]

Psssst, Neil...be careful not to use too many *sighs* ^{[FBDB] Atsme📞📧} 20:38, 4 May 2018 (UTC) [reply]

Hidden Tempo? Is that like a Ford Tempo but with a quieter engine? Martinevans123 (talk) 08:21, 5 May 2018 (UTC)[reply]

PSA: Admins might be better off with a long passphrase rather than two-factor authentication

Just so you know, not everyone agrees that 2FA is a magic bullet.

https://www.economist.com/blogs/economist-explains/2017/09/economist-explains-9

https://www.schneier.com/blog/archives/2016/08/nist_is_no_long.html

https://krebsonsecurity.com/2016/09/the-limits-of-sms-for-2-factor-authentication/

https://www.theverge.com/2017/7/10/15946642/two-factor-authentication-online-security-mess

I'm just saying. --Guy Macon (talk) 20:03, 4 May 2018 (UTC)[reply]

• Just as a reminder, users with advanced permissions are required by WP:STRONGPASS to have a strong password anyway. 2FA is just another option to strengthen account security. Beeblebrox (talk) 20:08, 4 May 2018 (UTC)[reply]

  @Beeblebrox: Personally, I don't understand why the (not particularly strict, IMHO) requirements for privileged users don't apply to all users. Nearly every insignificant forum on the web has stricter password requirements than Wikipedia, for heaven's sake! Gestumblindi (talk) 14:26, 5 May 2018 (UTC)[reply]

@Gestumblindi: The reason is simple: consensus was against it when the policy was developed. The reasoning was that it might discourage new users. Beeblebrox (talk) 18:14, 5 May 2018 (UTC)[reply]

@Beeblebrox: I remember, but consensus might change. Maybe it's now the time for proposing slightly stricter requirements more similar to those customary anywhere else on the web? I don't get the "it might discourage new users" reasoning - after all, people should be well accustomed to having to use reasonably strong passwords by now. As it is, the password requirements for regular users are extremely and most unusually low, and the requirements for admins are still rather below standard. Gestumblindi (talk) 18:31, 5 May 2018 (UTC)[reply]

• Hopefully 20 bytes is enough.--Dlohcierekim (talk) 00:58, 5 May 2018 (UTC)[reply]

20 characters is almost certainly enough. A password that meets the requirements set forth in STRONGPASS (8 characters) will be broken by an offline password-guessing program in under a minute.[11][12][13][14][15] --Guy Macon (talk) 01:33, 5 May 2018 (UTC)[reply]

• It should be noted that most of those articles are about 2FA using SMS codes, or using such SMS codes as backups for the type of 2FA we have. Neither of which we do for that exact reason. Which is also the reason you are so screwed on this site if you loose your scratch codes AND your phone. However I agree that having a 20 character password that you only use on en.wp is probably more important than having 2FA. But I use 2FA on ALL my accounts wherever I can, and because i use it for so many services, it has stopped being bothersome. —TheDJ (talk • contribs) 09:11, 5 May 2018 (UTC)[reply]
• Yup. Make sure it passes the dictionary attack though. rhin0cer0usstransgal4cticdifferential is easier to remember and just as good as 25 characters of random gibberish. ^{cinco de} L3X1 ◊distænt write◊ 13:13, 5 May 2018 (UTC)[reply]
  • The passphrase Rhinoceros transgalactic differential. (with the initial capitalization and the ending period) is stronger still. Even better would be "My rhinoceros has a transgalactic differential." -- harder for a computer to crack and easier for a human to remember; just remember that it is a valid sentence using standard English spelling and grammar. Replacing o with 0, a with 4, etc. just makes it harder to remember without adding much in the way of difficulty for a password guessing program. --Guy Macon (talk) 20:26, 5 May 2018 (UTC)[reply]

Source on that. The few times I've had to turn my previous laptop into a wireless router (long story), the password was something like "screwoffyoucommiespybastardsthisismygoddamnwifi" or similar full sentences.

Now, it still needs to be multiple words, because single words are not a problem for dictionary attacks. Ian.thomson (talk) 20:55, 5 May 2018 (UTC)[reply]

User:Guy Macon: Re A password that meets the requirements set forth in STRONGPASS (8 characters) will be broken by an offline password-guessing program in under a minute. - Does WikiMedia not have, or could they not develop, a system where three (or so) failed attempts to log in to an account, lock the account? For a comparable example, if someone tries to use an ATM card and puts in an incorrect code three times, on the third try the ATM will eat the card. Couldn't WikiMedia have some way of locking an account after three (or X number to be decided) failed attempts at entering the password? --MelanieN (talk) 01:31, 6 May 2018 (UTC)[reply]

• So you first lock all the admin accounts, then you go vandalize at will. This would work well. Remember, everything can be gamed, and this plan is game-able in two seconds flat. The reason teh ATM example works is because someone already has your card. Courcelles (talk) 01:36, 6 May 2018 (UTC)[reply]

  Actually, I am pretty sure the number of attempts per minute is limited (and not to 10^10), but I do not remember where I have seen this and what the number actually is.--Ymblanter (talk) 07:13, 6 May 2018 (UTC)[reply]

I think there is some form of rate limiting although I don't know the details. I'd note a system which completely locks an account after 3 tries requiring some sort of reset is open to abuse since it means people who want to annoy an editor can keep locking their account. Nil Einne (talk) 16:40, 6 May 2018 (UTC)[reply]

(If the following is too long for you, just read https://xkcd.com/936/ and https://xkcd.com/538/ ).

Every time I have looked into the nuts and bolts of how the WMF does security, it has always, without fail, turned out that they do it right, so I am not even going to bother finding out how they stop an attacker from either making millions of guesses per second or being able to lock out an admin by trying to make millions of guesses per second. Clearly the WMF developers read the same research papers that I do.

That being said, as explained at Kerckhoffs's principle#Modern-day twist, while doing things like rate limiting are Very Good Things, we are not to rely on them. We are to assume that the attacker knows every byte of information on the WMF servers (and in fact the attacker may actually be someone who has knows every byte of information on the WMF servers -- If a nation-state offered a key WMF employee millions of dollars if he complied and made a credible threat to torture and kill his family if he didn't, there is a 99%+ chance that they would end up knowing every byte of information on the WMF servers.)

The WMF does not store your passphrase anywhere. When you enter it it a cryptographic hash is performed and the result compared with a stored hash. This means that an attacker who knows every byte of information on the WMF servers can perform a high-speed offline passphrase-guessing attack, but cannot simply look up your passphrase and use it to log on. So according to Kerckhoffs's principle, you should choose a passphrase that is easy to remember and hard for a high-speed offline passphrase-guessing program to guess. I will call that that "Macon's principle" so that I don't have to type "choose a passphrase that is easy to remember and hard for a high-speed offline passphrase-guessing program to guess" again and again.

Bad ways to follow Macon's principle

• Passwords instead of passphrases (single words instead of strings of words with spaces between them).
• Random gibberish.
• Short passwords or passphrases. 8 is awful, 16 is marginal, 24 is pretty good, 32 is so good that there is no real point going longer.
• Character substitutions (Example: ch4r4ct3r sub5t|tut10ns)

Good ways to follow Macon's principle

• Use a standard English sentence with proper grammar, spelling, and punctuation.
• Make it longer than 32 characters and have it contain at least three (four is better) longish words plus whatever short words are needed to make it grammatically correct.
• Make sure that sentence has never been entered anywhere on your hard drive (including deleted files) or on the internet. "My Hovercraft Is Full of Eels" is bad because a dictionary that contains every phase used in Monty Python's Flying Circus would find it.[16]
• Make it meaningful, easy to remember, and something that generates a strong mental image.
• Make it meaningful to you, but unguessable by others (don't use your favorite team, first kiss, mother's maiden name, etc.)

An example of a good passphrase that follow Macon's principle would be:

 Sherwood painted his Subaru pink so that it would blend in with his flamingos.

(This assumes that you actually know someone named Sherwood and that he owns a non-pink Subaru. Replace with a name/car from among your acquaintances)

That's 78 characters that nobody in the history of the earth has ever put together in that order until I just wrote it. Typos really stand out (Sherwood paibted his Subaru pink so that it would blend in with the Flamingos) and are easy to correct. The sun will burn out long before the fastest possible passphrase-guessing program completes 0.01% of its search. And yet it would be far easier to remember than the far easier (for a computer) to guess BgJ#XSzk=?sbF@ZT would be. --Guy Macon (talk) 18:16, 6 May 2018 (UTC)[reply]

I feel there is some confusion in this thread around password security I'd like to clear up:

• re MelanieN: Guy Macon is referring to an "offline" attack, which is a fancy way of saying how long it would take if the attackers found a way to bypass all rate limiting and had a copy of the password file from WMF's servers. In an "online" attack (When somebody tries to login via Special:userlogin many time), rate limiting does come into play. Currently the rate limit is set to at most 50 in five minutes (Which honestly, is a little on the high side for a short term limit), and no more than 150 tries in a 2 day period. Long before the hard limit comes into play, there is a soft limit where people need to enter a captcha in order to continue logging in. Of course we also record whenever their is a failed login and may take manual action if it appears an attack is happening.
• re WP:STRONGPASS - the requirement for admin passwords enforced by the system is a minimum requirement, largely aimed (at least in my opinion) to prevent an online attack. People are of course encouraged to use even stronger passwords. The passphrase method Guy Macon mentions is one good way of generating strong passwords. Another popular method is to use a password manager to manage your random passwords for you. In addition to using a strong password, it is vitally important to use a unique password. It is much more common for attackers to get your password from other websites than it is for them to brute-force it.
• re 8 character random password cracked in minutes. I don't think that calculation is correct. If we assume a random 8 character password (And I mean truly random, e.g. generated via dice or a password manager, not randomly chosen by a human as humans are terrible at randomly choosing a password), that's about 40 bits of entropy. Based on [17] we have about 23012000000 hashes/sec and we're using 128000 rounds PBKDF-sha256. 2^(6*8)*128000/23012100000 ≈ 1565645769 seconds = 49 years. That said, longer passwords are much better, and most people are very bad at picking random passwords. Of course, if your 8 character password is '12345678' it will be cracked in milliseconds. In any case, I'd still highly highly recommend a password longer than 8 characters. BWolff (WMF) (talk) 21:09, 6 May 2018 (UTC)[reply]

  My first password was the name of a fictional place. The, a number, then a combination. Now its a 15+ keystroke monster that requires hints. So far, I've stayed ahead in this Red-Queen's race.--Dlohcierekim (talk) 22:29, 6 May 2018 (UTC)[reply]

• No, and I don't care what anybody else thinks. "Use a standard English sentence with proper grammar, spelling, and punctuation." assumes there is a "standard English". English spelling, phrases and punctuation tends to vary by country, and often by personal background. Also, not everybody participating on English Wikipedia has English as a first-language. And God forbid anybody's account gets compromised, and they have to not panic long enough to type out the sentence. Not everybody has the same abilities, either technological or mental. I personally have encountered users (plural) who have motor skill limitations, and/or physical limitations, that would make this difficult on them. Not all users have the same level skill or abilities at anything. Please do not make it worse for people struggling already. — Maile (talk) 21:27, 6 May 2018 (UTC)[reply]

The advice to use standard English is usually meant as Don't use abbreviations or misspellings in your password because that doesn't make your password any harder to break. If you are using the, "use a long sentence as a passphrase method", you should spell out your long sentence in whatever way you normally write. The downside to the long sentence method is that it can be difficult to enter such a long thing into a password box (even if you don't have motor skill/physical limitations, but obviously its much harder for people who do have such limitations). For people who have difficulty entering long passwords, probably the best approach is to use a password manager program, which means you don't have to enter the password at all as the program takes care of it for you. Password managers are an approach that I personally would recommend in general as being the easiest way to have a secure password. BWolff (WMF) (talk) 21:54, 6 May 2018 (UTC)[reply]

U wot, M8? Standard English ya say? That'd limit me choises, now woulden' it?--Dlohcierekim (talk) 22:33, 6 May 2018 (UTC)[reply]

I use a password manager, but I still need to remember the passphrase to get at all the other passwords in the password manager. --Guy Macon (talk) 22:37, 6 May 2018 (UTC)[reply]

No need to do the math. Steve Gibson has done it for us. See [ https://www.grc.com/haystack.htm ].

The calculation is done locally, using Javascript, so the password doesn't leave your computer. To be extra safe, try

• HZn?m+jW
• PhBixXL4
• qza7nm3g
• pgupwmxn
• 54606559

as your 8-character test password.

I just generated the above from my atomic decay true random number generator, set to chose from:

• The 95 ASCII printable characters (0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ `~!@#$%^&*()-_=+[{]}\|;:'",<.>/?)
• The 62 ASCII a-z/A-Z/0-9 characters (0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ)
• The 36 ASCII a-z/0-9 characters (0123456789abcdefghijklmnopqrstuvwxyz)
• The 26 ASCII a-z characters (abcdefghijklmnopqrstuvwxyz)
• The 10 ASCII 0-9 characters (0123456789)

BTW, an 8x Nvidia GTX 1080 system is pretty low powered for this. If you want to read the details, see [On the Economics of Offline Password Cracking - Purdue CS].

Key quotes:

"Nevertheless, our analysis suggests that even PBKDF2-SHA256 with 100,000 hash iterations is insufficient to protect a majority a user passwords [from an offline attack]"

"Bonneau and Schechter observed that in 2013, Bitcoin miners were able to perform approximately 2^75 SHA-256 hashes in exchange for bitcoin rewards worth about $257M. Correspondingly, one can estimate the cost of evaluating a SHA-256 hash to be approximately $7 x 10^-15."

Or, we can just skip the math and see what happens when we try "Sherwood painted his Subaru pink so that it would blend in with his flamingos." on the GRC calculator. The time to crack goes from 27.57 seconds to 10.05 million trillion trillion trillion trillion trillion trillion trillion trillion trillion trillion centuries. --Guy Macon (talk) 22:37, 6 May 2018 (UTC)[reply]

I feel so inadequate, now. Mine would only take 100 trillion years!--Dlohcierekim (talk) 23:06, 6 May 2018 (UTC)[reply]

Account hacking of World War II editors?

Hello all, something is definitely afoot at the Circle K. I am seeing some reports about people who edit World War II articles having attempts made by someone to access their accounts. User:LargelyRecyclable alerted two other World War II editors of this problem [18] and just this afternoon the Wikipedia system alerted me that someone had tried to log into my account multiple times from a new location. On top of it all, there was a strange occurrence a few weeks ago, where someone impersonating an administrator called my job and asked I be "investigated" for my World War II related work on Wikipedia. User:Kierzek and I are both well known WWII editors and I wonder if others are having these experiences too. I changed my password this afternoon, I would encourage others to do the same if they are being affected by this. The most troublesome thing is that the group making mention of this are all World War II history editors, which is why I brought it up here. If for no other reason, then just to alert the powers-that-be that something is going on. -O.R.^Comms 21:43, 3 May 2018 (UTC)[reply]

I can confirm an attempt was made on mine. As mentioned on the linked discussion above, I suspect that Prüm was successfully compromised. I'm not sure when exactly it happened but some of the implications of the comments the account left at ArbCom are very worrisome. That someone called your work is also a very serious issue. This seems to be targeted and possibly related to the ArbCom case. LargelyRecyclable (talk) 21:50, 3 May 2018 (UTC)[reply]

This is probably unrelated, as it has been almost five years since I edited anything related to WW II, but I received notice of someone trying to log into my account from another computer today, and someone left a comment on my user talk page in the Arabic Wikipedia, which I have never touched. Donald Albury 21:56, 3 May 2018 (UTC)[reply]

See this thread. I don't think is World War II-related, it's someone trying to hack into a great many unrelated accounts. -- Euryalus (talk) 21:59, 3 May 2018 (UTC)[reply]

(edit conflict) There's a thread about these hijacking attempts about two sections up. It's been going on all over, all day. It doesn't appear to be targeted at any one group or subgroup that anyone can tell so far. ♠PMC♠ (talk) 22:00, 3 May 2018 (UTC)[reply]

(edit conflict)I have not had any issues, so far, but given the current atmosphere, so to speak, I am not surprised. Kierzek (talk) 22:01, 3 May 2018 (UTC)[reply]

(edit conflict) It may be a site-wide attempt and not targeted, I've seen similar concerns above. The additional facets of O.R. having his worked called specifically about WWII editing and comments made with the Prum account at ArbCom may be unrelated but I'd still advise additional caution for any editors who've done work in that area. LargelyRecyclable (talk) 22:01, 3 May 2018 (UTC)[reply]

Just notified of a failed attempt on my account. Cinderella157 (talk) 22:08, 3 May 2018 (UTC)[reply]

I also had a failed attempt, as did another member of WP:Indigenous. Other user is not an admin, both attempts failed. Checking with other admins who did not have attempts made. There may be a pattern with targeting wikiprojects and those who edit in controversial areas. Or it could be random. I lean slightly to the former, but no hard evidence yet. - CorbieV ^☊ ☼ 22:20, 3 May 2018 (UTC)[reply]

It's random. I barely edit and I just got a failed attempt. Valeince (talk) 23:04, 3 May 2018 (UTC)[reply]

Me too., and I'm not involved in any of the projects mentioned above. It seems to be some kind of wide-ranging attack. Coretheapple (talk) 23:15, 3 May 2018 (UTC)[reply]

• Yep, I had an attempt about 9hours ago. I've changed my password, which was decent, to a much stronger one. Blackmane (talk) 23:21, 3 May 2018 (UTC)[reply]

Likewise. ♦ J. Johnson (JJ) (talk) 23:22, 3 May 2018 (UTC)[reply]

• I just got notified there was a failed attempt to log into my account. — Maile (talk) 23:25, 3 May 2018 (UTC)[reply]
• I'm all buy quiescent these days in terms of editing and I got an alert as well. Obviously someone working through a list, though whether it's admins or something else... Tabercil (talk) 23:36, 3 May 2018 (UTC)[reply]
• Again, everyone, there were over 70,000 attempted logins per hour for several hours. Basically, they tried to reset the password of everyone. Beeblebrox (talk) 00:09, 4 May 2018 (UTC)[reply]
• This also came up at the help desk (where I mentioned that an attempt had been made on my account too), although that discussion has apparently been closed to try to centralize discussion here. The attacks are on far more than just World War II editors. I don't know where Beeblebrox's 70,000 figure is coming from, but I wouldn't doubt it. Master of Time (talk) 00:18, 4 May 2018 (UTC)[reply]

The number comes from the WMF. I have been told they are releasing some sort of statement about this soon. [19] Beeblebrox (talk) 00:22, 4 May 2018 (UTC)[reply]

Statement from WMF

Just noting here that the Wikimedia Foundation has sent a statement out to the wikimedia-l mailing list: [20]. Mz7 (talk) 00:30, 4 May 2018 (UTC)[reply]

General Advice from a Non-Admin

My advice, both to non-admins who can't use two-factor authentication, and to admins, who can use it, is simply to check your User Contributions regularly and make sure that they are all your own. If so, your account has not been compromised, and if your password is strong, it is not likely to be compromised. Robert McClenon (talk) 01:21, 4 May 2018 (UTC)[reply]

This really seems more like a really elaborate troll than a genuine attempt at compromising tens of thousands of accounts. Just look at how much discussion, verging on panic, it has generated. I’m sure whoever made the bot tht did this is very pleased with themselves right now. Beeblebrox (talk) 01:34, 4 May 2018 (UTC)[reply]

Should this all be rev-delled under DENY? L3X1 ◊distænt write◊ 02:04, 4 May 2018 (UTC)[reply]

(edit conflict)Having a Wikipedia:Committed identity isn't a bad idea if you might ever have to recover your account. Additionally - I believe editors whom are admins on any wikimedia wiki can enable 2FA. SQL^{Query me!} 01:34, 4 May 2018 (UTC)[reply]

No, the attempt is likely a serious attempt at gaining credentials. If a hacker logs into User:Example's account, and User:Example reuses their username somewhere else ([email protected]) with the same password, they can be royally screwed. The usurpation of Wikipedia identify is most likely not what they are after and the leaset of your worries if that happens. E.g. if it's a dummy email, no really consequence comes of it. But if you use that email to conduct every day business, your banking, have sensitive information, etc... well the people involved would now have access to that, and use that new information to further acquire other information and credentials. Headbomb {t · c · p · b} 04:09, 4 May 2018 (UTC)[reply]

SQL is correct, an editor who is an admin on any wiki can enable/disable 2FA on their account. I've been experiencing attempts to access my account for over a week now and I have enabled 2FA through being an admin at test wiki. -- Dane ^talk 05:31, 4 May 2018 (UTC)[reply]

A strong password is the solution. If you are mostly editing from one place (say home) just write on a piece of paper a random combination of characters, 25 characters long (make sure you are not able to memorize it - otherwise make it longer) which contains small and large case letters, numbers and special characters - and possibly even letters of other alphabets if you can reproduce them with your keyboard. This will be your Wikimedia password. Have it written on the paper in a secure place (no chance to lose) and never use it elsewhere, on any other websites.--Ymblanter (talk) 05:47, 4 May 2018 (UTC)[reply]

"Mr. Owl—how many flops does it take to get to the Tootsie-Roll™ center of a Tootsie Pop™?" Factchecker_atyourservice 14:46, 4 May 2018 (UTC)[reply]

I strongly suspect that whoever is doing this is using a list of passwords leaked from other sites, rather than trying to brute force their way into each account. I doubt they're even trying variations on the password that's on that list. That's why most of us are only getting one failed login attempt and that's it. While it's good to have a strong password anyway, if what I think they're doing is what they're doing, changing the password is the kicker. Ian.thomson (talk) 14:55, 4 May 2018 (UTC)[reply]

It looks indeed like yesterday they did not really attempt to break down any accounts, just let know that they exist to the largest possible amount of active user. However, this is not an isolated incident. We had recently two admin accounts broken, apparently because they re-used the passwords from other sites which were in the yahoo leak, or some other massive leak. I mentioned above that I regularly get attempts to break in to my account, sometimes up to several hundreds per day. It is obviously not possible to break a strong password which is not used on any other sites, however, it should be possible to break a weak password or to steal the existing password from elsewhere. 25 characters may be an overkill, but gives pretty much the guarantee - assuming they do not break in physically to one's house and there is no fire.--Ymblanter (talk) 15:08, 4 May 2018 (UTC)[reply]

Don't know if anyone mentioned yesterday's twitter breach, but if you used the same password there as here, you should change both quickly.--Dlohcierekim (talk) 15:24, 4 May 2018 (UTC)[reply]

My user name and password are unique to this site. --Dlohcierekim (talk) 15:27, 4 May 2018 (UTC)[reply]

Here's some handy advice. Lugnuts ^{Fire Walk with Me} 17:14, 4 May 2018 (UTC)[reply]

Since everyone is giving advice I may as well chime in. The main reason people don't use strong passwords unique to each account is that it's practically impossible to remember all those passwords. But you can use a password manager to keep track of them and to at least partially automate the process of entering passwords. I use something called KeePass but there are lots of alternatives -- see our List of password managers. Shock Brigade Harvester Boris (talk) 03:18, 5 May 2018 (UTC)[reply]

It happened again, two more attempts. If you can find out who, please ban him. Do I have any reason to be nervous, if my password is safe? Alex of Canada (talk) 17:33, 4 May 2018 (UTC)[reply]

In a word, no. Primefac (talk) 17:38, 4 May 2018 (UTC)[reply]

User:Alex of Canada - I agree with User:Primefac. If your password was and is strong and it hasn't been compromised, you are all right. Just check your User Contributions from time to time. I will comment that the hacker or bot may be hoping to get people to panic and to change their strong passwords to new weaker passwords, but that is only my guess. Robert McClenon (talk) 13:21, 5 May 2018 (UTC)[reply]

I will also comment that password regimes that require frequent changes of passwords, and that prohibit the use of a previously used password, are well-meaning but actually make things worse, because they increase the likelihood that the user will need to write down the password. This comment applies both to Wikipedia and to employer or government systems. Robert McClenon (talk) 13:21, 5 May 2018 (UTC)[reply]

• 1. MeToo, earlier today. --BrownHairedGirl (talk) • (contribs) 20:03, 4 May 2018 (UTC)[reply]

Yes, I got a failed-login warning a couple of days ago, but thought nothing of it at the time: I'm surprised there aren't more brute-force attacks. Perhaps this is where some sort of anti-bot measures might help? -- The Anome (talk) 09:22, 6 May 2018 (UTC)[reply]

See Wikipedia:Administrators' noticeboard#PSA: Admins might be better off with a long passphrase rather than two-factor authentication. --Guy Macon (talk) 20:06, 4 May 2018 (UTC)[reply]

A wise Owl indeed.--Dlohcierekim (talk) 19:16, 5 May 2018 (UTC)[reply]

page break

looks like it's falling off.--Dlohcierekim (talk)

• They're at it again today (I just got an alert that multiple failed attempts had been made to log into my account...). - Tom | Thomas.W ^talk 11:43, 7 May 2018 (UTC)[reply]

A discussion about potential block evasion at User_talk:Terry Foote#Authorship_of_photo? was recently brought to my attention. It seems that Terry Foote had two accounts, his original account as User:Terry Foote and then a second account that was indefinitely blocked as User:Googie_man. Terry Foote has continued editing on the former account, contributing productively for a rather long period of time (ten years is my understanding). I let Jehochman know about the situation since he was the original blocking admin, and then pinged Alex Shih to weigh in on the situation. Despite the gravity of block evasion, it seems clear to me that since deception was not the intent in this case, we can just leave the Googie_man account blocked and let Terry Foote continue to contribute productively. Still, I wanted to bring the discussion to the community's attention nonetheless. ceranthor 14:21, 5 May 2018 (UTC)[reply]

• While I agree block evasion is one of the worst offences here, and deserves the present summary block on sight system, I also believe this one stands out. A decade is a long time, Wikipedia has completely transformed within these years.Since there's no clear intent of disruption or any infraction all this while, I suggest this to be resolved with no action, and the user be left to continue editing. –Ammarpad (talk) 18:46, 5 May 2018 (UTC)[reply]
• If the user isn’t causing a problem, let’s leave them be. Jehochman ^Talk 18:58, 5 May 2018 (UTC)[reply]
• I concur with the thoughts above. "Blocks are used to prevent damage or disruption to Wikipedia, not to punish users." (taken from the lede of WP:BLOCK). --joe decker^talk 00:36, 6 May 2018 (UTC)[reply]
• Leave be = net positive. While I don't know how we know this, he has been editing constructively, and without repeating the problems from the other account, for a very long tme. Long past the time when he could have received the standard offer. But what for? He does not need that tainted account, and he is constructive with this one. --Dlohcierekim (talk) 05:49, 6 May 2018 (UTC)[reply]
• Blocking at this juncture would be punitive, not to mention doing so for the sake of blind adherence to process damages WP more than it improves it. IAR and let bygones be bygones. Blackmane (talk) 03:12, 7 May 2018 (UTC)[reply]

• Please do this (ref discussion at User talk:Anthony Appleyard#Eminem albums discography):
  1. Delete Eminem discography, but not Talk:Eminem discography or Talk:Eminem discography/Archive 1 or Talk:Eminem discography/Archive 2.
  2. This is the long delete: delete Eminem albums discography. (Warning: it is sitting over 2 old deleted redirect edits (01:10, 1 January 2015 by User:Chasewc91 and 00:57, 17 August 2014 by User:SNUGGUMS .)
  3. This is the long undelete: Undelete all edits of Eminem albums discography except (a) 16:36, 4 May 2018‎ by User:SNUGGUMS and all later edits, and (b) the 2 above-mentioned already-deleted redirect edits.
  4. Move Eminem albums discography to Eminem discography, do not leave a redirect.
  5. Redirect Eminem discography to Eminem#Discography.
  6. Undelete the remaining deleted edits at Eminem albums discography, but not the 2 old redirect edits.
  • Thanks. Anthony Appleyard (talk) 21:47, 5 May 2018 (UTC)[reply]
• Only people why can do this are the stewards. Courcelles (talk) 21:49, 5 May 2018 (UTC)[reply]

• If any stewards see this thread, then please be sure to help with the above ASAP. Snuggums (talk / edits) 00:48, 6 May 2018 (UTC)[reply]
• I have moved both archives (Archive 1 and Archive 2) back. But the rest of the steps above still require a steward. GeoffreyT2000 (talk) 01:11, 6 May 2018 (UTC)[reply]

You'll probably get a faster response if you post directly to steward requests page on meta. -FASTILY 05:12, 6 May 2018 (UTC)[reply]

@Anthony Appleyard: Not a steward here, but I highly doubt you'll be able to get this done because the history at "Eminem albums discography" contains over 9,000edits. The servers will probably have great trouble loading "Special:Undelete" because of the extremely high number of edits. When DerHexer and I tried to do a similar operation at the Madrid article (which then had over 7,600 edits), we had quite extreme difficulty with it, and in my experience the servers have only gotten more finicky about operations like that since then. They were never designed/optimised for this kind of work. Graham87 08:32, 6 May 2018 (UTC)[reply]

Rather disappointing, but if anyone somehow beats the odds and accomplishes this, it would be quite appreciated. Snuggums (talk / edits) 14:59, 6 May 2018 (UTC)[reply]

Could someone delete the oldest 1000, then the next day the next-oldest 1000, etc? Or is it the number of past edits and not the number of deletions that give the servers problems? --Guy Macon (talk) 18:20, 6 May 2018 (UTC)[reply]

• Good question. I never even thought about that. Snuggums (talk / edits) 18:31, 6 May 2018 (UTC)[reply]
• No. Deletion is all-or-nothing; the only way to delete part of an article's history is via a process similar to what Anthony wrote above, and always has to begin with deleting the entire article. (You can revision-delete parts of the history, but that wouldn't be helpful - deletion and revision-deletion have essentially nothing in common other than policy, terminology, and that their end result is to hide some chunk of information from most users.) —Cryptic 18:40, 6 May 2018 (UTC)[reply]

• The deletion is all-or-nothing, but if done in small batches, it shouldn't be impossible to restore a couple hundred revisions at a time. It probably would be better if a stew looked at it, but if not it can be done by an admin with a lot of patience. Primefac (talk) 20:57, 6 May 2018 (UTC)[reply]

Note by a steward: I can delete and undelete pages all-or-nothing with an unlimited number of revisions but I don't think that I can access Special:Undelete when there are more than a couple of thousand edits to select some to be restored. It might be possible from the database site but for that you will need a database admin. Best, —DerHexer (Talk) 22:51, 6 May 2018 (UTC)[reply]

I've restored 6000 revisions at once before, so it can be done, though it was of course very slow. Probably depends on how much existing strain is on the server. That said, with 9,700 edits, I don't want to delete the article and then be unable to recreate it. Best to start a phabricator ticket to handle this if it really needs doing. -- Ajraddatz (talk) 23:26, 6 May 2018 (UTC)[reply]

Resolved

Hi, please could an admin correct the admin-only template Template:ArbCom Arab-Israeli enforcement?

It needs this amendment (made to the ARBPIA editnotice), removing the words “of the revert”, as they do not appear in WP:ARBPIA3#Motion:_ARBPIA_.22consensus.22_provision_modified.

Also pinging @El C: who added the words originally but seems to be on a wiki-break. Onceinawhile (talk) 06:28, 7 May 2018 (UTC)[reply]

Seems to have been  Done by Onceinawhile. Primefac (talk) 11:36, 7 May 2018 (UTC)[reply]