This page is currently inactive and is retained for
historical reference. Either the page is no longer relevant or consensus on its purpose has become unclear. To revive discussion, seek broader input via a forum such as the village pump. Requests for username restrictions ought to be put on meta:Talk:Title blacklist |
Administrators: Be extremely careful regarding the entries you place on this list. Simple typographical errors can block the creation of thousands of unintended usernames. Don't add a term unless you are completely sure it will not affect innocent users. For example, "EmbarassedMonkey" because it matches "ass". This is the Scunthorpe Problem. See here for general information about regexes (which are used here), and here for specific details about their use in PHP. This feature is available from an extension called Username Blacklist, written by Rob Church. Documentation can be found on the MediaWiki website.
other MediaWiki:Usernameblacklist : de, fr, es, it, ja, pt
I suggest that "Hate" and "Retard" be on the username blacklist, since they are both inflammatory words. NHRHS2010 Talk 15:33, 1 September 2007 (UTC)
I'd like to add the characters 卐 and 卍 to the list. Any user who registered a name with those would be quickly blocked. I would add it myself; I'm sure this is uncontroversial, but I'm not totally sure how to handle the regexp so it works properly and I don't want to cause damage by doing it wrong. Mango juice talk 14:32, 4 October 2007 (UTC)
Currently, all usernames of length 40 or more are being automatically reported to WP:UAA by a bot. I see no reason to allow good-faith users to create accounts that are just going to get reported for blocking immediately, so I'd like to add a regexp to limit length to at most 39. Specifically, I would add "(?i:.{40})" to the list. Any objections? There has been support for this at WT:U. Mango juice talk 15:19, 14 October 2007 (UTC)
It seems to me we should have a general discussion about what this blacklist is for, because I'd like to see it ... maybe change, maybe just be clearer.
Let's think about good faith users first - because they are really the most important. If a good faith user chooses a bad username, it's better if the interface declines it directly than if the interface allows it but they are later blocked or forced to change their username. The former is impersonal, and will probably lead to the user just picking another username. The latter is personal and unwelcoming and may discourage the user from contributing altogether. Of course, if a good faith user chooses a good username that's hit by the blacklist, it's unfortunate. There are ways around it but I'm sure that would be annoying and discouraging, and the user may feel like they aren't allowed to choose the name they want. This is probably okay to happen once but if it happens a lot to the same user they may give up altogether (one cannot always expect one's username to be available on any site, especially one as popular as Wikipedia.)
Bad faith users we just want to keep out. If they intend to be irritating with their username, and the blacklist prevents this, all the better because it didn't take human effort. But, we get tons of bad-faith accounts anyway and have lots of people watching for them, so it's not worth inconveniencing good faith users to deal with bad faith ones. So I propose that the list contain filters:
Does this seem sensible? Mango juice talk 20:48, 14 October 2007 (UTC)
We've been getting hit by the "Carboncopypro" spammer, who creates user accounts and uses them to advertise his crap. here are the accounts (so far).
Carboncopyproleads1 (
talk ·
contribs ·
deleted contribs ·
nuke contribs ·
logs ·
filter log ·
block user ·
block log)
Carboncopypromoney1 (
talk ·
contribs ·
deleted contribs ·
nuke contribs ·
logs ·
filter log ·
block user ·
block log)
Carboncopypromlm (
talk ·
contribs ·
deleted contribs ·
nuke contribs ·
logs ·
filter log ·
block user ·
block log)
Jaykubassekcarboncopypro (
talk ·
contribs ·
deleted contribs ·
nuke contribs ·
logs ·
filter log ·
block user ·
block log)
Carboncopyscam (
talk ·
contribs ·
deleted contribs ·
nuke contribs ·
logs ·
filter log ·
block user ·
block log)
Jaykubassekcarboncopy1 (
talk ·
contribs ·
deleted contribs ·
nuke contribs ·
logs ·
filter log ·
block user ·
block log)
Carboncopypro12 (
talk ·
contribs ·
deleted contribs ·
nuke contribs ·
logs ·
filter log ·
block user ·
block log)
Carboncopyscam (
talk ·
contribs ·
deleted contribs ·
nuke contribs ·
logs ·
filter log ·
block user ·
block log)
Wmicarboncopypro (
talk ·
contribs ·
deleted contribs ·
nuke contribs ·
logs ·
filter log ·
block user ·
block log)
Carboncopyproteam (
talk ·
contribs ·
deleted contribs ·
nuke contribs ·
logs ·
filter log ·
block user ·
block log)
Carboncopyproreview (
talk ·
contribs ·
deleted contribs ·
nuke contribs ·
logs ·
filter log ·
block user ·
block log)
He has used a wide assortment of links, and we have resorted to blacklisting, but the accounts are still created. Is this correct phrase *(?i:carboncopypro)
, and if not what is best to avoid any Scunthorpe Problems?
Thanks, -- Hu12 ( talk) 06:02, 21 February 2008 (UTC)
For User:Kyoko, who has been targeted by JtV for over a year now. This has been discussed on checkuser-l - Alison ❤ 23:56, 11 May 2008 (UTC)
I have made two small changes -- upgrading the "admin" regex to a simple case-insensitive, boundaryless match. We have had a large number of username creations of the form "xxxadmin" reported to WP:UAA, each of which consumes a fair amount of admin time to investigate, counsel, block, etc. The existing regex was not sufficient to prevent them. Upgrading the regex may cause an extremely tiny number of false positives (badminton fans?) but it the cost/benefit ratio is tremendous.
Also, there has been a spate of "murder" registrations, I suspect all by the same person (or maybe it's a gaming clan or similar nonsense), so I added that; it can be considered temporary as the person/persons will probably give up at some point. -- MCB ( talk) 21:12, 19 June 2008 (UTC)
The regex already handled this wisely, matching "Admin23" and "JoeAdmin" but not "badminton". The blacklist is not a bludgeon. False positives only inconvenience and deter innocent registrants; disruptors will always be able to create disruptive usernames. Preventing "xxxadmin" is helpless against "Adm1n" — Centrx→ talk • 03:59, 7 July 2008 (UTC)
Apparently our regexen are too complex and are causing server crashes. Tim has disabled the blacklist pending resolution. Stifle ( talk) 21:30, 25 July 2008 (UTC)
I agree that it should not be possible for an admin to cause the type of issue that was caused by that regex, but that seems to me to be a code issue, not a policy one. Surely it is a best practice to check the input to a parser (etc.) for excessive length or complexity? Unfortunately the lack of the blacklist is causing a lot of work for admins. As for now, surely a simple note advising people not to create excessively complex regexes would suffice, no? We trust admins not to mass-delete articles, surely we can be trusted not to break the server. So I guess I'd call this a "please fix soonest". Thanks, -- MCB ( talk) 07:13, 26 July 2008 (UTC)
Note: This feature has since been re-enabled ( Special:Version). -- MZMcBride ( talk) 20:04, 26 July 2008 (UTC)
Username blacklist functionality has been added to the TitleBlacklist extension, making this list effectively obsolete; all blacklisted titles will now also be blacklisted from creation (preventing, for example, the curious situation before where someone could create a blacklisted username, but their userspace would be protected from creation...). New blacklist entries should be added to MediaWiki:Titleblacklist instead, optionally with the <newaccountonly> parameter if only the username is to be blacklisted. krimpet ✽ 02:54, 10 August 2008 (UTC)
This page is currently inactive and is retained for
historical reference. Either the page is no longer relevant or consensus on its purpose has become unclear. To revive discussion, seek broader input via a forum such as the village pump. Requests for username restrictions ought to be put on meta:Talk:Title blacklist |
Administrators: Be extremely careful regarding the entries you place on this list. Simple typographical errors can block the creation of thousands of unintended usernames. Don't add a term unless you are completely sure it will not affect innocent users. For example, "EmbarassedMonkey" because it matches "ass". This is the Scunthorpe Problem. See here for general information about regexes (which are used here), and here for specific details about their use in PHP. This feature is available from an extension called Username Blacklist, written by Rob Church. Documentation can be found on the MediaWiki website.
other MediaWiki:Usernameblacklist : de, fr, es, it, ja, pt
I suggest that "Hate" and "Retard" be on the username blacklist, since they are both inflammatory words. NHRHS2010 Talk 15:33, 1 September 2007 (UTC)
I'd like to add the characters 卐 and 卍 to the list. Any user who registered a name with those would be quickly blocked. I would add it myself; I'm sure this is uncontroversial, but I'm not totally sure how to handle the regexp so it works properly and I don't want to cause damage by doing it wrong. Mango juice talk 14:32, 4 October 2007 (UTC)
Currently, all usernames of length 40 or more are being automatically reported to WP:UAA by a bot. I see no reason to allow good-faith users to create accounts that are just going to get reported for blocking immediately, so I'd like to add a regexp to limit length to at most 39. Specifically, I would add "(?i:.{40})" to the list. Any objections? There has been support for this at WT:U. Mango juice talk 15:19, 14 October 2007 (UTC)
It seems to me we should have a general discussion about what this blacklist is for, because I'd like to see it ... maybe change, maybe just be clearer.
Let's think about good faith users first - because they are really the most important. If a good faith user chooses a bad username, it's better if the interface declines it directly than if the interface allows it but they are later blocked or forced to change their username. The former is impersonal, and will probably lead to the user just picking another username. The latter is personal and unwelcoming and may discourage the user from contributing altogether. Of course, if a good faith user chooses a good username that's hit by the blacklist, it's unfortunate. There are ways around it but I'm sure that would be annoying and discouraging, and the user may feel like they aren't allowed to choose the name they want. This is probably okay to happen once but if it happens a lot to the same user they may give up altogether (one cannot always expect one's username to be available on any site, especially one as popular as Wikipedia.)
Bad faith users we just want to keep out. If they intend to be irritating with their username, and the blacklist prevents this, all the better because it didn't take human effort. But, we get tons of bad-faith accounts anyway and have lots of people watching for them, so it's not worth inconveniencing good faith users to deal with bad faith ones. So I propose that the list contain filters:
Does this seem sensible? Mango juice talk 20:48, 14 October 2007 (UTC)
We've been getting hit by the "Carboncopypro" spammer, who creates user accounts and uses them to advertise his crap. here are the accounts (so far).
Carboncopyproleads1 (
talk ·
contribs ·
deleted contribs ·
nuke contribs ·
logs ·
filter log ·
block user ·
block log)
Carboncopypromoney1 (
talk ·
contribs ·
deleted contribs ·
nuke contribs ·
logs ·
filter log ·
block user ·
block log)
Carboncopypromlm (
talk ·
contribs ·
deleted contribs ·
nuke contribs ·
logs ·
filter log ·
block user ·
block log)
Jaykubassekcarboncopypro (
talk ·
contribs ·
deleted contribs ·
nuke contribs ·
logs ·
filter log ·
block user ·
block log)
Carboncopyscam (
talk ·
contribs ·
deleted contribs ·
nuke contribs ·
logs ·
filter log ·
block user ·
block log)
Jaykubassekcarboncopy1 (
talk ·
contribs ·
deleted contribs ·
nuke contribs ·
logs ·
filter log ·
block user ·
block log)
Carboncopypro12 (
talk ·
contribs ·
deleted contribs ·
nuke contribs ·
logs ·
filter log ·
block user ·
block log)
Carboncopyscam (
talk ·
contribs ·
deleted contribs ·
nuke contribs ·
logs ·
filter log ·
block user ·
block log)
Wmicarboncopypro (
talk ·
contribs ·
deleted contribs ·
nuke contribs ·
logs ·
filter log ·
block user ·
block log)
Carboncopyproteam (
talk ·
contribs ·
deleted contribs ·
nuke contribs ·
logs ·
filter log ·
block user ·
block log)
Carboncopyproreview (
talk ·
contribs ·
deleted contribs ·
nuke contribs ·
logs ·
filter log ·
block user ·
block log)
He has used a wide assortment of links, and we have resorted to blacklisting, but the accounts are still created. Is this correct phrase *(?i:carboncopypro)
, and if not what is best to avoid any Scunthorpe Problems?
Thanks, -- Hu12 ( talk) 06:02, 21 February 2008 (UTC)
For User:Kyoko, who has been targeted by JtV for over a year now. This has been discussed on checkuser-l - Alison ❤ 23:56, 11 May 2008 (UTC)
I have made two small changes -- upgrading the "admin" regex to a simple case-insensitive, boundaryless match. We have had a large number of username creations of the form "xxxadmin" reported to WP:UAA, each of which consumes a fair amount of admin time to investigate, counsel, block, etc. The existing regex was not sufficient to prevent them. Upgrading the regex may cause an extremely tiny number of false positives (badminton fans?) but it the cost/benefit ratio is tremendous.
Also, there has been a spate of "murder" registrations, I suspect all by the same person (or maybe it's a gaming clan or similar nonsense), so I added that; it can be considered temporary as the person/persons will probably give up at some point. -- MCB ( talk) 21:12, 19 June 2008 (UTC)
The regex already handled this wisely, matching "Admin23" and "JoeAdmin" but not "badminton". The blacklist is not a bludgeon. False positives only inconvenience and deter innocent registrants; disruptors will always be able to create disruptive usernames. Preventing "xxxadmin" is helpless against "Adm1n" — Centrx→ talk • 03:59, 7 July 2008 (UTC)
Apparently our regexen are too complex and are causing server crashes. Tim has disabled the blacklist pending resolution. Stifle ( talk) 21:30, 25 July 2008 (UTC)
I agree that it should not be possible for an admin to cause the type of issue that was caused by that regex, but that seems to me to be a code issue, not a policy one. Surely it is a best practice to check the input to a parser (etc.) for excessive length or complexity? Unfortunately the lack of the blacklist is causing a lot of work for admins. As for now, surely a simple note advising people not to create excessively complex regexes would suffice, no? We trust admins not to mass-delete articles, surely we can be trusted not to break the server. So I guess I'd call this a "please fix soonest". Thanks, -- MCB ( talk) 07:13, 26 July 2008 (UTC)
Note: This feature has since been re-enabled ( Special:Version). -- MZMcBride ( talk) 20:04, 26 July 2008 (UTC)
Username blacklist functionality has been added to the TitleBlacklist extension, making this list effectively obsolete; all blacklisted titles will now also be blacklisted from creation (preventing, for example, the curious situation before where someone could create a blacklisted username, but their userspace would be protected from creation...). New blacklist entries should be added to MediaWiki:Titleblacklist instead, optionally with the <newaccountonly> parameter if only the username is to be blacklisted. krimpet ✽ 02:54, 10 August 2008 (UTC)