At the moment, logins to enwiki from nightshade.toolserver.org are throwing up a CAPTCHA. This is easy to check by loading http://en.wikipedia.org/wiki/Special:UserLogin in w3m or another browser from that host. Logins from willow.toolserver.org do not require a CAPTCHA at the moment.
The CAPTCHA requirement makes it impossible for bots to log in via the API. The fundamental problem is that bots are run automatically, of course. But the API also does not report the CAPTCHA requirement at all, so bot developers are given a "WrongPass" error that they have to investigate to find that a CAPTCHA is the problem.
This CAPTCHA situation has happened before, most likely due to some erroneous bot on toolserver triggering it. But individual bot operators cannot fix it, and so to them it has the same effect as a toolserver outage. Moreover, whatever bot operator caused it probably has no way to know it was them.
It seems like this may take collaboration between toolserver and wikimedia to fix, but probably the fix will involve at least some change on the wikimedia side. So I have filed a bug at https://bugzilla.wikimedia.org/show_bug.cgi?id=23982 to coordinate discussion there.
- Carl
Is this something that an en.wp admin can solve, or does it need developer intervention?
Mike
On 15 Jun 2010, at 19:54, Carl (CBM) wrote:
At the moment, logins to enwiki from nightshade.toolserver.org are throwing up a CAPTCHA. This is easy to check by loading http://en.wikipedia.org/wiki/Special:UserLogin in w3m or another browser from that host. Logins from willow.toolserver.org do not require a CAPTCHA at the moment.
The CAPTCHA requirement makes it impossible for bots to log in via the API. The fundamental problem is that bots are run automatically, of course. But the API also does not report the CAPTCHA requirement at all, so bot developers are given a "WrongPass" error that they have to investigate to find that a CAPTCHA is the problem.
This CAPTCHA situation has happened before, most likely due to some erroneous bot on toolserver triggering it. But individual bot operators cannot fix it, and so to them it has the same effect as a toolserver outage. Moreover, whatever bot operator caused it probably has no way to know it was them.
It seems like this may take collaboration between toolserver and wikimedia to fix, but probably the fix will involve at least some change on the wikimedia side. So I have filed a bug at https://bugzilla.wikimedia.org/show_bug.cgi?id=23982 to coordinate discussion there.
- Carl
Toolserver-l mailing list (Toolserver-l@lists.wikimedia.org) https://lists.wikimedia.org/mailman/listinfo/toolserver-l Posting guidelines for this list: https://wiki.toolserver.org/view/Mailing_list_etiquette
On Tue, Jun 15, 2010 at 7:29 PM, Michael Peel email@mikepeel.net wrote:
Is this something that an en.wp admin can solve, or does it need developer intervention?
It needs developer intervention.
- Carl
"Michael Peel" email@mikepeel.net wrote in message news:2C5A77A6-51B3-4C29-8374-DA5910555CDB@mikepeel.net...
Is this something that an en.wp admin can solve, or does it need developer intervention?
Mike
I assume the problem is:
1) Bot gets a bad password, or other problem logging in 2) Bot tries and fails several times to log in, thereby exceeding the login throttle 3) subsequent login attempts require a captcha and hence cannot be performed through the API 4) there is no method to reset the throttle except by waiting for it to expire
What's needed, clearly, is a throttle IP whitelist. Implementing it more cleanly than the Just Another Whitelist In A Global Variable method, is another question...
--HM
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
On 6/21/2010 6:04 PM, Happy-melon wrote:
What's needed, clearly, is a throttle IP whitelist. Implementing it more cleanly than the Just Another Whitelist In A Global Variable method, is another question...
--HM
Or beat the people who cause it with a blunt object. And IIRC it uses the IP && UserName for the throttle, so it shouldn't really matter unless there's a bunch of clueless users who all lock themselves out.
Why are we talking about a non-issue still? It was resolved like, ages ago by adding the toolserver range to the whitelist.
-----Original Message----- From: toolserver-l-bounces@lists.wikimedia.org [mailto:toolserver-l-bounces@lists.wikimedia.org] On Behalf Of Q Sent: Tuesday, 22 June 2010 10:09 AM To: toolserver-l@lists.wikimedia.org Subject: Re: [Toolserver-l] CAPTCHA can be required for logins fromtoolserver hosts
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
On 6/21/2010 6:04 PM, Happy-melon wrote:
What's needed, clearly, is a throttle IP whitelist. Implementing it more cleanly than the Just Another Whitelist In A Global Variable method, is another question...
--HM
Or beat the people who cause it with a blunt object. And IIRC it uses the IP && UserName for the throttle, so it shouldn't really matter unless there's a bunch of clueless users who all lock themselves out.
_______________________________________________ Toolserver-l mailing list (Toolserver-l@lists.wikimedia.org) https://lists.wikimedia.org/mailman/listinfo/toolserver-l Posting guidelines for this list: https://wiki.toolserver.org/view/Mailing_list_etiquette
On 06/22/2010 11:49 AM, Brett Hillebrand wrote:
Why are we talking about a non-issue still? It was resolved like, ages ago by adding the toolserver range to the whitelist.
"Ages" here specifically meaning one week and about 11 hours, apparently.
In terms of mailing lists, forums, and usenet. To be talking about an issue 1 week after it was resolved seems kinda pointless.
-----Original Message----- From: toolserver-l-bounces@lists.wikimedia.org [mailto:toolserver-l-bounces@lists.wikimedia.org] On Behalf Of Ilmari Karonen Sent: Wednesday, 23 June 2010 10:44 PM To: toolserver-l@lists.wikimedia.org Subject: Re: [Toolserver-l] CAPTCHA can be required for logins fromtoolserver hosts
On 06/22/2010 11:49 AM, Brett Hillebrand wrote:
Why are we talking about a non-issue still? It was resolved like, ages ago by adding the toolserver range to the whitelist.
"Ages" here specifically meaning one week and about 11 hours, apparently.
Carl (CBM) schrieb:
At the moment, logins to enwiki from nightshade.toolserver.org are throwing up a CAPTCHA. This is easy to check by loading http://en.wikipedia.org/wiki/Special:UserLogin in w3m or another browser from that host. Logins from willow.toolserver.org do not require a CAPTCHA at the moment.
Works fine for me, no captcha is required. I suppose this was fixed already, then?
-- daniel
Yes, The whole toolserver range was added to the captcha exemption.
-----Original Message----- From: toolserver-l-bounces@lists.wikimedia.org [mailto:toolserver-l-bounces@lists.wikimedia.org] On Behalf Of Daniel Kinzler Sent: Wednesday, 16 June 2010 4:55 PM To: toolserver-l@lists.wikimedia.org Subject: Re: [Toolserver-l] CAPTCHA can be required for logins from toolserver hosts
Carl (CBM) schrieb:
At the moment, logins to enwiki from nightshade.toolserver.org are throwing up a CAPTCHA. This is easy to check by loading http://en.wikipedia.org/wiki/Special:UserLogin in w3m or another browser from that host. Logins from willow.toolserver.org do not require a CAPTCHA at the moment.
Works fine for me, no captcha is required. I suppose this was fixed already, then?
-- daniel
_______________________________________________ Toolserver-l mailing list (Toolserver-l@lists.wikimedia.org) https://lists.wikimedia.org/mailman/listinfo/toolserver-l Posting guidelines for this list: https://wiki.toolserver.org/view/Mailing_list_etiquette
toolserver-l@lists.wikimedia.org