User talk:AmandaNP/Archives/2014/November

This page is an archive of past discussions. Do not edit the contents of this page. If you wish to start a new discussion or revive an old one, please do so on the current talk page.

17:28, 3 November 2014 (UTC)

DQ, what you make of 104.207.136.83 (talk · contribs · count)? The geolocate is weird, and it's blacklisted out the kazoo.--Bbb23 (talk) 02:13, 4 November 2014 (UTC)

@Bbb23: It's a webhosting company range which I have now blocked. -- DQ (ʞlɐʇ) 17:01, 4 November 2014 (UTC)

Thanks, DQ. Is there a way I could have figured this out? Can I use the tool that Ankit used? Is it good enough so I could issue a rangeblock on my own, or should I check with a CU?--Bbb23 (talk) 22:59, 4 November 2014 (UTC)

I've just blocked 107.191.32.197 (talk · contribs · count) for one year. I believe they are using the same service, although the characteristics are not identical. I'll leave it up to you if you want to issue a rangeblock. Please let me know what you decide (for educational purposes ). Thanks.--Bbb23 (talk) 23:14, 4 November 2014 (UTC)

Sorry to throw this at you piecemeal, but I didn't realize there were two new ones. The second is 209.222.15.226 (talk · contribs · count).--Bbb23 (talk) 23:23, 4 November 2014 (UTC)

No worries, I blocked the appropriate ranges. What I do is use the tool DomainTools Whois and I will either look for the name of the company (all the big companies you will come to recognize as you go on) or the domain part of the abuse email address provided. I then go look that up through google or directly in my browser, see what services they offer, if Colocation is in there, I sadly have to use a less preventative measure {{colocationwebhost}}. I also make sure they don't offer residential IP service. Once that is done. I go back and find the appropriate range listed on the whois report and block it. There can be two ranges, or no range, and if no range you have to calculate it using inetnum or NetRange. If you have two ranges, you go with the one that matches with the company you looked up. -- DQ (ʞlɐʇ) 16:23, 5 November 2014 (UTC)

At work I use CentralOps because I feel it provides more complete information; just throwing it out there in case you find it useful. If you have anything that points back to an ISP I work for, feel free to poke me. ;) ☺ · Salvidrim! · ✉ 23:12, 5 November 2014 (UTC)

Apart from the pywikipedia framework, and the Python source codes on GitHub, does the UAA task of DQB require anything else? --Ankit Maity _{«T § C»} 04:36, 4 November 2014 (UTC)

There's no pywikipedia directory anymore. It's either compat or core (so some folder in them). But there's no folder called pywikipedia anymore. So, what do I configure it as? --Ankit Maity _{«T § C»} 10:54, 4 November 2014 (UTC)

Pywikipedia is not a framework that was made by me. The link shall provide you with what you need. You will also need to edit "DeltaQuadBot / UAA / localconfig.py" to your custom settings for whichever wiki your using. You would also need to setup the appropriate blacklist, whitelist and similar pages on your wiki. I should also warn you i'm still trying to find the time to fix a core issue with the whitelist at the moment. -- DQ (ʞlɐʇ) 17:05, 4 November 2014 (UTC)

I know that you didn't make the framework :D . I have localized all the settings I could find. And just a question, are you able to log in using the core branch, for me it's not really working out unless I log in using compat's login.py. Just a question was what is the purpose of winpath or linuxpath for that matter? --Ankit Maity _{«T § C»} 12:43, 5 November 2014 (UTC)

I got it. It looks for the localconfig.py file in the specified path. God, damn it! I must be blind. --Ankit Maity _{«T § C»} 12:44, 5 November 2014 (UTC)

Does the bot have any false-positives in relation to the usernames specified in regex (in the blacklist page). And as a note, this is my wiki. --Ankit Maity _{«T § C»} 12:59, 5 November 2014 (UTC)

I've used extended login just fine. Sometimes it's because you can't use captcha. I used to fix that by just logging in on the web and then trying it. Any Regex blacklist you have always has false positives when it reports the names. And just to be sure, your not deploying it on enwiki are you? -- DQ (ʞlɐʇ) 16:26, 5 November 2014 (UTC)

Nope, I'm not deploying it. You bot is already there, isn't it? I'm just trying to understand how the bot works. And localizing the code for other wikis is what I'm trying to achieve. The only question remaining is the function of Time. --Ankit Maity _{«T § C»} 17:00, 5 November 2014 (UTC)

Ahh ok. Time is a native function within python, i'm not sure how much I can offer up on that. -- DQ (ʞlɐʇ) 15:53, 7 November 2014 (UTC)

Eurodyne (talk) 06:52, 7 November 2014 (UTC)

Replied. -- DQ (ʞlɐʇ) 16:12, 7 November 2014 (UTC)

Hi DQ!

Regarding this case: Wikipedia:Sockpuppet investigations/E4024...I just want to check whether you had stored the CU logs. Thanks. Étienne Dolet (talk) 20:18, 9 November 2014 (UTC)

The CU logs (what IP/user was checked, by whom, and when) is stored on WP and never expires. The CU data, which we actually make our conclusions on, expires after a certain amount of time, and I did not store it, as our normal practice only stores it on long term abusers. -- DQ (ʞlɐʇ) 22:29, 9 November 2014 (UTC)

That's understandable. Thank you. I also had another question, since the master account is topic banned from all topics related to Greece, Turkey, and Armenia, isn't it appropriate to revert all his contributions under the SPA in those areas? Can the rollback feature be applied in this case? Thanks in advance, Étienne Dolet (talk) 07:43, 10 November 2014 (UTC)

I certainly wouldn't have though so, but apparently it is authorized at WP:G5, under certain conditions. -- DQ (ʞlɐʇ) 17:00, 10 November 2014 (UTC)

15:00, 10 November 2014 (UTC)

Could you chime in at WP:AN#hack in progress? please? Someone's afraid that his account's been hacked; he's asking for self-CU to see if the account's been accessed by anyone other than him. Nyttend (talk) 17:50, 10 November 2014 (UTC)

Thanks for the help! I feared that you would decline it because it was a request for a self-check and not exactly "Vandalism, sock puppetry, disruption (or potential disruption) of any Wikimedia project, or legitimate concerns about bad faith editing". Appreciate your willingness to IAR in this situation. Nyttend (talk) 22:44, 10 November 2014 (UTC)

No worries, and no, we check for potential hacks and I feel it falls under potential disruption clause of that. Not the first time i've checked an account on such grounds, just one of the few times I haven't blocked. As for the actual, as CU doesn't log password changes, but only reset requests, there is no indication of any hacking. -- DQ (ʞlɐʇ) 05:06, 11 November 2014 (UTC)

Here's a more routine CU request. User:Biblioworm (the userpage itself) was vandalised by a lot of new accounts (explanation at WP:AN#Userpage being vandalized continually) before someone semiprotected it. Could you check to see if the vandal created any other accounts? Nyttend (talk) 16:47, 12 November 2014 (UTC)

The mention here showed up on my notifications, so I thought I'd chime in and mention that there's yet another account called Bibliotroll. It was blocked for violation of the username policy before it could be used, but I'm quite certain that it is another member of the attack-Biblioworm sockfarm. --Biblioworm 17:00, 12 November 2014 (UTC)

They are all from the same area, but blocks of the accounts is all we can do for now. -- DQ (ʞlɐʇ) 17:12, 12 November 2014 (UTC)

Thanks for the check! Nyttend (talk) 21:10, 12 November 2014 (UTC)

		The Checkuser's Barnstar
		Thank you for all your efforts with ACC and SPI. You're a great asset to the community and I want you to know that your tireless work has not gone unnoticed. Mike V • Talk 20:33, 12 November 2014 (UTC)

Thanks! -- DQ (ʞlɐʇ) 02:53, 13 November 2014 (UTC)

Hi. Can you offer your opinion in this consensus discussion? I know you did this last month, but it wasn't a formal consensus discussion, but now it is. Thanks. Nightscream (talk) 00:30, 13 November 2014 (UTC)

Could you please link to where I was previously involved with this topic? -- DQ (ʞlɐʇ) 02:49, 13 November 2014 (UTC)

Hi Delta, I was doing some poking around at Mickey's House of Villains, an article that was being manipulated by recently exposed sock Soy Hermoso. I happened upon yet another account similar to Benjalindo, Benjalocolito, namely Benja the Beauty Boy. Turns out Soy Hermoso and the rest may be socks of Bambifan101. Whatcha think? Disney Villains seems to be a hotbed of activity. The user tends to keep referring to himself and/or his beauty. Benja the beautiful (masculine), little crazy Benja, Benja the Beauty Boy, I am Beautiful. I've posted this stuff at the SPI too. Regards, Cyphoidbomb (talk) 03:09, 14 November 2014 (UTC)

I've purposely stayed away from the complicated behavioral profile of Bambifan 1) Because other people usually detect it first 2) I've got many other sockmasters in my head. @Bsadowski1: should be able to provide some insight. -- DQ (ʞlɐʇ) 05:16, 14 November 2014 (UTC)

You might want to have a look at [28] in connection with the SPI [29]. I am not sure where should I mention this because I found the SPI case is already archived. BengaliHindu (talk) 07:11, 16 November 2014 (UTC)

There aren't any obvious contribs or deleted contribs either for that IP. I'm not sure if he is supplying his real address or not. If on the other hand there happens to be an account that used that address then there might be a sock at the end of it.
 — Berean Hunter (talk) 15:22, 16 November 2014 (UTC)

No worries, thanks for letting us know. I can't say what i've done with the information, but it has been put to use. -- DQ (ʞlɐʇ) 04:51, 17 November 2014 (UTC)

Thank you gentlemen. BengaliHindu (talk) 17:38, 17 November 2014 (UTC)

I've been seeing questionable activity over the past year on a Power Rangers related page. Would you mind taking a look?—Ryūlóng (琉竜) 03:18, 17 November 2014 (UTC)

That's extremely vague and gives no indication what I'm looking for. You will need to be more specific. Plus, I really don't remember much about BCD behavior wise and would have to re-familiarize myself with the case. I'd be willing to do so if you can point me in the direction. -- DQ (ʞlɐʇ) 04:56, 17 November 2014 (UTC)

I trust you mean that you would work to "alleviate" rather than "elevate" the e-mail backlog. :) Regards, Newyorkbrad (talk) 15:44, 17 November 2014 (UTC)

Oh boy...yes...thank you kind sir, it is fixed. -- DQ (ʞlɐʇ) 15:48, 17 November 2014 (UTC)

18:28, 17 November 2014 (UTC)

King of Hearts has left an inquiry for you at UTRS (#12278 in the CU queue).--Jezebel's Ponyo^{bons mots} 22:21, 18 November 2014 (UTC)

Thanks, replied. -- DQ (ʞlɐʇ) 18:11, 19 November 2014 (UTC)

Regarding this, just wanted to remind you that you and I made it clear about a month ago that I was not using more than one name or making edits under an IP. I will very much appreciate it if you ran a quick CU on User:TheSawTooth (which was created less than a month ago whom I suspect being another puppet of User:Mar4d, editing from Brisbane, Australia, [32]) and User:Faizan (whom I suspect as being User:Faizannehal / User:Faizanalivarya, a resident of Karachi, Pakistan).--Krzyhorse22 (talk) 22:33, 21 November 2014 (UTC)

These guys decorate their main Ids as constructive editors but are falsifying Wiki information/P.O.V. pushing/attacking Afghans and Indians under sockpuppets.--Krzyhorse22 (talk) 22:37, 21 November 2014 (UTC)

Replied on the SPI. I'm considering the matter closed. -- DQ (ʞlɐʇ) 17:29, 25 November 2014 (UTC)

I do not understand this I gave evidence of similar language and habits too. It was not enough? ---TheSawTooth (talk) 19:52, 29 November 2014 (UTC)

You may have said that in words, but you need to link diffs to the previous sock(s/master) doing the same thing also. There is not a single link in your evidence statement of a diff from the master account or one of it's socks. That's what I'm looking for you to present. -- DQ (ʞlɐʇ) 05:33, 30 November 2014 (UTC)

[33] [34] [35] These were diffs in investigation he is using same language "I recommend TheSawTooth be blocked" "I recommend you be blocked" and all. Do I need more evidence than writing style and point of view? You can check his IP that he is Lagoo sab after these diffs? ---TheSawTooth (talk) 20:54, 30 November 2014 (UTC)

As I made comment to on the SPI, I've already checked him (more than once) for reasons unrelated to this investigation. At the times I checked, there was no connection to Lagoo Sab. So what your going for now, if anything, is a behavioral block that a clerk or patrolling admin would make at SPI. And the threshold for evidence is a lot higher for a block than it is a CheckUser. -- DQ (ʞlɐʇ) 02:28, 1 December 2014 (UTC)

Although I'm not familiar with the master, I'm guessing that this is actually a sock of User:Mr Wiki Pro. Take a look at this edit by one of the new accounts, and there is also a confirmed Mr Wiki Pro sock with a similar user name: User:User Userz.--Bbb23 (talk) 16:51, 22 November 2014 (UTC)

I am sure it is Mr WikiPro. I have seen enough of his socks. Everything points to him, I have retagged them. -- GB fan 21:30, 22 November 2014 (UTC)

I was fairly convinced when yet another sock appeared (after I left the first post here). I see you tagged that one, too. Thanks.--Bbb23 (talk) 21:57, 22 November 2014 (UTC)

More editing userz, Editing wiki userz and Editing userz are  Confirmed. And it's highly likely they are all him. -- DQ (ʞlɐʇ) 22:07, 22 November 2014 (UTC)

I've changed the tags from suspected to confirmed. What about the last one: User:Brfbgatevvafe?--Bbb23 (talk) 22:20, 22 November 2014 (UTC)

Looks to be him again, no rangeblocks possible atm. -- DQ (ʞlɐʇ) 22:26, 22 November 2014 (UTC)

19:31, 24 November 2014 (UTC)

Hi, DeltaQuad! I saw that you reverted my change to the guide. I went ahead and put the proposed changes in my sandbox (you can read the proposed changes here). When you have time, can we you explain exactly what loopholes that my edit created so that I can revise them? I think that this section of the guide is unclear in some parts, and it's also missing some cases that I've run into after only being granted access to the tool a few days ago, which concerns me. I'd really like to make it much simpler for users to refer to. ~Oshwah~ ^{(talk) (contribs)} 22:52, 29 November 2014 (UTC)

In 1.1, the section flashes out with an infobox, and then has exceptions below. People will by default tl;dr it and defer it. I don't think we should encapsulate that in a box.

In 1.2 the first line tries to explain school blocks in a vague format, and could allow for wrong interpretations. Lets separate the two ideas and put in a 'if it's a school block, see 1.3'.

In 1.2, the AOL comment is useless, lets nuke it.

Otherwise that should be good. There are some additional changes that may be worth it, but at this time they still need to be worked out. -- DQ (ʞlɐʇ) 22:01, 28 November 2014 (UTC)

Hi, DeltaQuad. Thank you for taking the time to address the concerns with my edit to the guide in so much detail. I agree with your input and have changed the draft to reflect your suggestions. Can you review my changes (here) and let me know if you still have any concerns or suggestions? ~Oshwah~ ^{(talk) (contribs)} 22:51, 29 November 2014 (UTC)

A few formatting changes I still wish to make, I'll roll those in tomorrow on my day off. -- DQ (ʞlɐʇ) 18:38, 2 December 2014 (UTC)

Hi Delta, I was hoping to pick your brain as quickly as possible before filing an SPI report. I'm coming to you because I've bugged Ponyo a lot lately. :) Looking through the editor list from the List of Lego Ninjago: Masters of Spinjitzu episodes history, I'm coming across a lot of single purpose accounts and IPs that are adding unsourced future content to the article. It started with an observation of Danbob531, who at this article adds a very specific future season end date here. Lloyd TheGoldenNinja adds the same date here. Danbob again adds it here. A lot of the problematic content is removed by ConspicuousNinja who I can't help but notice is a freshly created account with a similar name, which is followed by another SPA Oooooooopooooooooopooooooojhffvnvccvv adding the March 22, 2015 date again. Who do I report? Everybody? And for full disclosure, I reported Danbob531 to AIV for disruptive behavior but my report was declined by Diannaa because she felt I should contact Danbob again, which I have attempted to do. It was while talking to her that I discovered this other bizarre behavior. Thanks, Cyphoidbomb (talk) 04:20, 27 November 2014 (UTC)

I would try and find additional clues just beyond editing the one similar article before filing an SPI (time lineups, signatures, other articles, etc). It can also help determine who is not involved and avoid the potential damage to the account. The stronger the evidence you have at the start, the more likely it's going to get some blocks, even if only behaviorally. Hopefully this gets you on a starting point and feel free to come back if you have more questions. -- DQ (ʞlɐʇ) 22:06, 28 November 2014 (UTC)

Hey delta. I need some help regarding a CU... Can you please perform a check user and see if the following IP belongs to User:Faizan after which I will open an SPI (for evading block and sanctions and by logging out to make problematic edits on an article):

• 39.41.185.43 (t · th · c · del · cross-wiki · SUL · edit counter · pages created (xtools · sigma) · non-automated edits · BLP edits · undos · manual reverts · rollbacks · logs ^{(blocks · rights · moves)} · rfar · spi · cci) (assign permissions)^{(acc · ap · fm · mms · npr · pm · pcr · rb · te)}
• 39.41.212.125 (t · th · c · del · cross-wiki · SUL · edit counter · pages created (xtools · sigma) · non-automated edits · BLP edits · undos · manual reverts · rollbacks · logs ^{(blocks · rights · moves)} · rfar · spi · cci) (assign permissions)^{(acc · ap · fm · mms · npr · pm · pcr · rb · te)}
• Faizan (t · th · c · del · cross-wiki · SUL · edit counter · pages created (xtools · sigma) · non-automated edits · BLP edits · undos · manual reverts · rollbacks · logs ^{(blocks · rights · moves)} · rfar · spi · cci) (assign permissions)^{(acc · ap · fm · mms · npr · pm · pcr · rb · te)}

Any help will be appreciated. Saadkhan12345 (talk) 07:40, 29 November 2014 (UTC)

Well, this is unfair accusation. The IP is not aiding me there, in fact it is probably a new one, besides 6 other users which took part in the conflict. So how does this prove the IP my socks? Faizan 19:41, 29 November 2014 (UTC)

I made a statement about this mess at an SPI, please read it. CheckUser will never be ran without evidence, which is absent right now, and I can't reveal any connections from IPs to accounts. Also the fact that your asking for a precursory checkuser to an SPI you haven't filled, and your having issues presenting evidence in previous cases does not instill any confidence in me. If you still wish administrative action on this, based on behavior, please file a well evidenced SPI, and you may wish to speak to a clerk first to assist you in seeing if you have a viable case. -- DQ (ʞlɐʇ) 05:40, 30 November 2014 (UTC)

Ok thank you DQ for replaying. I will file an SPI. Btw those were the noob times. lol Saadkhan12345 (talk) 06

10, 30 November 2014 (UTC)