New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Spoof detector not working #212

Open
Kharkiv07 opened this Issue Jan 1, 2016 · 11 comments

Comments

@Kharkiv07

Kharkiv07 commented Jan 1, 2016

I've had two requests today where the ACC anti-spoof checker did not label them as flagged-user needed, but when I went to create them I couldn't because of too similar accounts already existing.

@Kharkiv07

This comment has been minimized.

Kharkiv07 commented Jan 1, 2016

It appears to have something to do with capitalization, from a cursory look.

@stwalkerster

This comment has been minimized.

Member

stwalkerster commented Jan 2, 2016

For reference, these are:

  • 160133
  • 160134

Curious... they're two together...

@stwalkerster

This comment has been minimized.

Member

stwalkerster commented Jan 2, 2016

Both those requests now only show one conflict from AntiSpoof - and that's the name on the request itself. (And yes, I'm querying Wikipedia directly)

@stwalkerster

This comment has been minimized.

Member

stwalkerster commented Jan 2, 2016

Possibly related to a difference in code between ApiAntiSpoof::execute() and AntiSpoofHooks::asAbortNewAccountHook(...) in the MediaWiki AntiSpoof extension.

@MJ94

This comment has been minimized.

MJ94 commented Jan 2, 2016

160196 also doesn't show 2 similar usernames.

@stwalkerster

This comment has been minimized.

Member

stwalkerster commented Jan 3, 2016

OK, so quick summary of my findings:

Reference Example Normalised Discovered on Creation Discovered on API
Requested Name Name 00 v2:NAME00 N/A N/A
Conflict 1 Name-00 v2:NAME00 Yes No
Conflict 2 Name00 v2:NAME00 Yes No
  • Two conflicting accounts detected on account creation
  • No conflicts detected on api.php?action=antispoof
  • All names normalise to the same value
  • Conflict 1 is unregistered locally, but a global account exists. Home wiki is cswiki.
  • Conflict 2 is autocreated locally, global account exists. Home wiki is ruwiki via creation

This is an upstream problem, but I'll try and reproduce the issue locally.

@stwalkerster stwalkerster added upstream and removed bug live config labels Jan 3, 2016

@stwalkerster

This comment has been minimized.

Member

stwalkerster commented Jan 3, 2016

@FunPika

This comment has been minimized.

Member

FunPika commented Feb 7, 2016

Opened a Phabricator task for this issue.

https://phabricator.wikimedia.org/T126174

@stwalkerster stwalkerster added this to Needs reproduction in oldinternal Jun 13, 2017

@stwalkerster stwalkerster referenced this issue Jun 13, 2017

Closed

CentralAuth issues #32

0 of 2 tasks complete

@stwalkerster stwalkerster removed this from Bug needing reproduction in oldinternal Jun 13, 2017

@stwalkerster stwalkerster added this to Stuff on hold / waiting for other stuff in newinternal Jun 13, 2017

@bardiharborow

This comment has been minimized.

bardiharborow commented Apr 5, 2018

I ran into this today with 223123.

@stwalkerster

This comment has been minimized.

Member

stwalkerster commented Apr 5, 2018

Urgh.

Both the requested account and the existing account are reporting the same normalised name, and both passing the AntiSpoof check, on both enwiki and mswiki (where the conflicting account is registered).

The existing account only exists on mswiki, no other wikis (incl. loginwiki).

I'll try and set up a centralauth+antispoof wiki somewhere and see if I can recreate this reliably for the phab task.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment