MediaWiki talk:Usernameblacklist

From Wikipedia, the free encyclopedia

Administrators: Be extremely careful regarding the entries you place on this list. Simple typographical errors can block the creation of thousands of unintended usernames. Don't add a term unless you are completely sure it will not affect innocent users. For example, "EmbarassedMonkey" because it matches "ass". This is the Scunthorpe Problem. See here for general information about regexes (which are used here), and here for specific details about their use in PHP. This feature is available from an extension called Username Blacklist, written by Rob Church. Documentation can be found on the MediaWiki website.

---

Contents 1 Working? 2 Proposed edits 2.1 bot? 2.2 Good resource 3 Case sensitive 4 Repetitions in usernames 5 For future requests 6 Malfunctioning? 7 Add tank engines to this list 8 The Race 9 Code

[edit] Working?

I'm not having much luck using this page (see my most recent username creations). If you have a chance, take a look, I must be doing something completely wrong. See here for documentation. alphachimp 05:24, 29 March 2007 (UTC)

Doesn't appear to work. --Jeffrey O. Gustafson - Shazaam! - <*> 05:35, 29 March 2007 (UTC)

As an admin, you can override it, but as anon, it works. _→AzaToth 17:26, 29 March 2007 (UTC)

Just tested this and confirmed it. alphachimp 17:31, 29 March 2007 (UTC)

Hmm... WP:POINT? :-P Maybe MediaWiki needs some time to refresh the content of this list. -- ReyBrujo 05:38, 29 March 2007 (UTC)

[edit] Proposed edits

The list we have here is great, but it doesn't take advantage of... shall we say, the magic of regexes. I suggest the following list, and also suggest that someone who has worked with regexes for longer than I have take a look before implementing this. This blacklist is extremely powerful, in the sense that it allows no exceptions. I have them numbered here, but that should be changed to bullets:

1. \bass?!(ess|oc|yr|em|is)

   Perhaps add the British spelling, but similar provisions (for assess, association, assyrian, assembly, assistance, etc.) would have to be made. Either that, or we could take the approach of only filtering out certain permutations -- when followed by nothing, "hole", "hat" (maybe), etc. Gracenotes^T § 19:49, 29 March 2007 (UTC)

   "ass" is just too short and simple. Even with \bass\b it could be appropriate to appear some where ("Bob the ass assin"?) —Centrx→talk • 21:37, 29 March 2007 (UTC)

   That name might be blocked for containing sexual innuendo, even unintentional. With what's here, "assassin" would not be allowed, but that can be fixed by adding "|assin". Gracenotes^T § 21:48, 29 March 2007 (UTC)

   There are many acceptable usernames that might contain the string "ass", for any letter of the alphabet that might follow, enough that \bass\b would be the only possibly appropriate blacklist entry. —Centrx→talk • 21:56, 29 March 2007 (UTC)

   Hm. As a compromise, how about \bass(hole|hat|es)?\b ? Gracenotes^T § 22:01, 29 March 2007 (UTC)

   That seems pretty safe. —Centrx→talk • 22:17, 29 March 2007 (UTC)

2. fu[c(]k

   sh[ia]t - William Shatner :) --Conti|✉ 19:38, 29 March 2007 (UTC)

   \bsh[ia]t(ter|ting|e)?\b Gracenotes^T § 19:47, 29 March 2007 (UTC)

   Gah, that means that "shatter" won't work. Getting rid of [ia], and replacing it with "i", may be good enough. Failing that, there can just be two items. Gracenotes^T § 20:15, 29 March 2007 (UTC)

   "Shatter" is a perfectly fine word, anyways. ;) --Conti|✉ 20:25, 29 March 2007 (UTC)

   \ban(us|al) - Analog, analyze.. -- Conti|✉ 19:38, 29 March 2007 (UTC)

   \ban(us|al)\b -- Gracenotes^T § 19:47, 29 March 2007 (UTC)

   Well, there's always the expression "Don't be anal", but I think we can live with not allowing that. --Conti|✉ 19:49, 29 March 2007 (UTC)

3. \ban(us|al)\b

   manuscript, canal, IcanuseWP, manalive, ... and what's the point if you force a word boundary, someone can just pick User:UpYourAnus Matchups 03:29, 8 April 2007 (UTC)

4. phall(us|ic)

   fag - Too much potential collateral damage. --Conti|✉ 19:38, 29 March 2007 (UTC)

5. faggot
6. dick(s|head)?\b
7. cunt

   scunthorpe. --Carnildo 03:45, 8 April 2007 (UTC)

8. slut

   slut - collateral e.g., User:Sluth -- Flyguy649^talk_contribs 03:26, 30 March 2007 (UTC)

   Never mind... I'm tired and going to bed. Flyguy649^talk_contribs 05:59, 30 March 2007 (UTC)

   suck - Mostly harmless. --Conti|✉ 19:38, 29 March 2007 (UTC)

9. \blub(ric|es?\b)

   cock - See this. --Conti|✉ 19:38, 29 March 2007 (UTC)

10. cock(s|sucker)?\b

    Potential collateral with this, I think, we've even got an article on Cocks (surname). (Cocksucker shouldn't be any problem). Seraphimblade ^{Talk to me} 05:58, 30 March 2007 (UTC)

    Huh. There could be sexual innuendo (e.g., "John Thomas Cocks with your mom")... but there's not that much harm in doing some stuff on a case-by-case basis. Gracenotes^T § 13:37, 30 March 2007 (UTC)

11. vaginal?
12. scrotum

    dildo - Not offensive, IMHO. We should only cover clear policy violations here. --Conti|✉ 19:38, 29 March 2007 (UTC)

    "Dildo" is currently on the list. I was thinking of adding it in order to prevent attack usernames, i.e. "Fuck Gracenotes with a dildo", or similar. Plus, if someone is thinking about sex as they create a user account... well, no solid conclusions there, but still. The username policy restricts even sexual innuendo... this is a sex toy; rather explicit. Compare this to the spam blacklist. There's only one way to link to a site, but here, there are many many usernames to choose from. Gracenotes^T § 20:48, 29 March 2007 (UTC)

13. Gracenotes is not a sick individual
14. on wheels

    colbert - Could be someone's name. --Conti|✉ 19:38, 29 March 2007 (UTC)

    admin - (collateral - User:Padminiraman, User:BadmintonL, User:Breadmine?, User:Toadminor?, User:Dreadminus ...)

    Thank for pointing that out. The word can be isolated, then: \badmin(istrator)?\b. Gracenotes^T § 20:21, 29 March 2007 (UTC)

15. \badmin(istrator)?\b
16. banned

    bannedinboston? Matchups 03:29, 8 April 2007 (UTC)

17. sysop

    steward - Could be a last name -- see List_of_people_by_name:_Stew-Stez Matchups 03:29, 8 April 2007 (UTC)

18. username policy

    idiot - User:I'm not an idiot would be allowed. --Conti|✉ 19:38, 29 March 2007 (UTC)

    stupid - User:I'm not stupid would be allowed. --Conti|✉ 19:38, 29 March 2007 (UTC)

    \bhate - Here's a username with "Hate" in it that quite probably will be allowed. --Conti|✉ 02:07, 30 March 2007 (UTC)

19. \.(com|org|co\.uk|net|info)(\b|/)

    By the way: right now we have \.(com|org|co\.uk|net|info)\b. However, someone would still be able to register an account with the name www.somespam.com/main.php. This is why there's the (\b|/), or even [\b/]. Gracenotes^T § 22:21, 29 March 2007 (UTC)

    [\b] (the metacharacter \b in a character class) does not mean what you think it does, but rather a backspace character. Kotepho 06:57, 30 March 2007 (UTC)

    Supposedly, the slash qualifies for the word boundary \b. Anyway, it doesn't matter because, when I tried testing it, such a username is prevented at the lower software level, not here. —Centrx→talk • 07:17, 30 March 2007 (UTC)

    Damn, I forgot about \b's special use in a character class. Parentheses will work, then. Gracenotes^T § 13:40, 30 March 2007 (UTC)

    What about ".net programmer"? Matchups 03:29, 8 April 2007 (UTC)

    Also, I suggest these 20:52, 29 March 2007 (UTC), per WP:U#Wikipedia:

20. Wikipedia (done)
21. Wikiquote (done)
22. Wiktionary (done)
23. Wikibooks (done)
24. Wikiversity (done)
25. Wikisource (done)
26. Wikinews (done)
27. nigger
28. douche
29. bitch
30. nazi

That's it... any other suggestions would be good. Gracenotes^T § 19:23, 29 March 2007 (UTC)

I've commented a few of those out for numerous reasons, mostly since there'd be some collateral damage. --Conti|✉ 19:38, 29 March 2007 (UTC)

How about changing "cock" to "cock(?!er)", since "cocker" and "cockerspaniel" are legit? Gracenotes^T § 19:41, 29 March 2007 (UTC)

Oof. then there's cockatoo, cockle, cockroach... meh. Maybe just have it restricted to "\bcock(s|sucker)?\b", then. Gracenotes^T § 19:45, 29 March 2007 (UTC)

I would appreciate it if you improved them rather than removed 'em. Namely, "\ban(us|al)" could become "\ban(us|al)\b"... etc. with other items. Gracenotes^T § 19:42, 29 March 2007 (UTC)

Sorry, I don't know much about regular expression (but I'm learning fast :)), so I didn't knew how to correctly create such expressions. "cock(?!er)" would mean that everything that includes "cock" would be blacklisted, unless it's "cocker", right? If so, that's fine by me. Okay, it's not, just saw the other examples above. --Conti|✉ 19:48, 29 March 2007 (UTC)

Yep! And this may of interest to you, if that's the sort of thing you're interested in. Gracenotes^T § 19:51, 29 March 2007 (UTC)

Thanks! Well, I'm mostly interested in creating as less collateral damage as possible with this list. ;) --Conti|✉ 19:53, 29 March 2007 (UTC)

Me too. By the way, "cock(s|sucker)?\b" will restrict "cock", "cocks", and "cocksucker". Gracenotes^T § 19:54, 29 March 2007 (UTC)

[edit] bot?

Someone want to add bot to the list?--VectorPotential^Talk 20:26, 29 March 2007 (UTC)

That would be an effective way of stopping legitimate bots from getting accounts :) Gracenotes^T § 20:28, 29 March 2007 (UTC)

And here I was, thinking about words like "Abbot" and "botanic".. :) --Conti|✉ 20:30, 29 March 2007 (UTC)

Ok, so I didn't think that through very far--VectorPotential^Talk 20:33, 29 March 2007 (UTC)

[edit] Good resource

Check out User:Lupin/badwords for a pretty exhaustive list of profanity. alphachimp 22:29, 29 March 2007 (UTC)

It is extremely exhaustive, except I don't think we need to restrict burp(er|ing)s? :) Gracenotes^T § 22:36, 29 March 2007 (UTC)

Unless people are actively creating usernames with these words, I think it would be a waste of effort (and possibly server processing time) to add them all. —Centrx→talk • 22:38, 29 March 2007 (UTC)

Heh, it's just a nice starting point, I think. alphachimp 22:40, 29 March 2007 (UTC)

[edit] Case sensitive

A note, the regex are all case sensitive. you can force a particular regex as case insensitive. Extracted from http://se.php.net/manual/en/reference.pcre.pattern.syntax.php _→AzaToth 20:28, 29 March 2007 (UTC)

“

The settings of PCRE_CASELESS, PCRE_MULTILINE, PCRE_DOTALL, PCRE_UNGREEDY, PCRE_EXTRA, and PCRE_EXTENDED can be changed from within the pattern by a sequence of Perl option letters enclosed between "(?" and ")". The option letters are: Internal option letters i for PCRE_CASELESS m for PCRE_MULTILINE s for PCRE_DOTALL x for PCRE_EXTENDED U for PCRE_UNGREEDY X for PCRE_EXTRA For example, (?im) sets caseless, multiline matching. It is also possible to unset these options by preceding the letter with a hyphen, and a combined setting and unsetting such as (?im-sx), which sets PCRE_CASELESS and PCRE_MULTILINE while unsetting PCRE_DOTALL and PCRE_EXTENDED, is also permitted. If a letter appears both before and after the hyphen, the option is unset. When an option change occurs at top level (that is, not inside subpattern parentheses), the change applies to the remainder of the pattern that follows. So /ab(?i)c/ matches only "abc" and "abC". This behaviour has been changed in PCRE 4.0, which is bundled since PHP 4.3.3. Before those versions, /ab(?i)c/ would perform as /abc/i (e.g. matching "ABC" and "aBc"). If an option change occurs inside a subpattern, the effect is different. This is a change of behaviour in Perl 5.005. An option change inside a subpattern affects only that part of the subpattern that follows it, so (a(?i)b)c matches abc and aBc and no other strings (assuming PCRE_CASELESS is not used). By this means, options can be made to have different settings in different parts of the pattern. Any changes made in one alternative do carry on into subsequent branches within the same subpattern. For example, (a(?i)b|c) matches "ab", "aB", "c", and "C", even though when matching "C" the first branch is abandoned before the option setting. This is because the effects of option settings happen at compile time. There would be some very weird behaviour otherwise. The PCRE-specific options PCRE_UNGREEDY and PCRE_EXTRA can be changed in the same way as the Perl-compatible options by using the characters U and X respectively. The (?X) flag setting is special in that it must always occur earlier in the pattern than any of the additional features it turns on, even when it is at top level. It is best put at the start.

”

I would assume that it was already case insensitive, as two equivalent usernames (ignoring case) can't be registered. Maybe that caveat wasn't caught, however, in the code for this extension. Gracenotes^T § 20:30, 29 March 2007 (UTC)

The code specifies: return count( $groups ) ? '/(' . implode( '|', $groups ) . ')/u' : false; _→AzaToth 20:33, 29 March 2007 (UTC)

[edit] Repetitions in usernames

How about adding this:

(.+)\1{9}

A character (or sequence of characters) repeated at least 10 times. Миша13 22:21, 29 March 2007 (UTC)

If it's the very same character or sequence, 10 times is a huge number, why not 4 or 5? —Centrx→talk • 22:45, 29 March 2007 (UTC)

10 is just some arbitrary number. It's not that much for a single character (may be lowered to 7 or 8), for longer ones we could use:

(.{3,})\1{4}

which means 5 or more repetitions of 3 or more characters. Миша13 07:13, 30 March 2007 (UTC)

Difficult I may say, as we really don't know what group to match. _→AzaToth 22:46, 29 March 2007 (UTC)

I'm afraid I don't quite get it. As an example:

lololololololololololololol

first "(.+)" catches "lo" and places it in "\1", then it matches 9 more times ("\1{9}"). Миша13 07:13, 30 March 2007 (UTC)

Careful with incredibly broad pattern like that. It's quite possible to create a regex that, when tested against a carefully-selected input, will take thousands of years to fail to match. --Carnildo 08:10, 30 March 2007 (UTC)

[edit] For future requests

Once the basic list has been established, does anyone think that it's worth it to create the page MediaWiki talk:Usernameblacklist/Requests for addition and removal? Thus, if there are any false positives, we can make a piped link to that page from MediaWiki:Blacklistedusernametext, so that newbies can say "Hey, I have [insert perfectly acceptable name]" somewhere. Or if there's an influx of vandals with a certain offensive username pattern, it can be stopped. (Although the blacklist should not be used as a temporary solution to anything, I think.) Gracenotes^T § 22:55, 29 March 2007 (UTC)

I'm changing MediaWiki:Blacklistedusernametext to link to Wikipedia:Request an account (a page that already has this functionality). Admins can create accounts that bypass this blacklist. alphachimp 22:57, 29 March 2007 (UTC)

Ah, great idea! It might also be good idea to give people the chance to explain why a certain expression matches should be removed. Gracenotes^T § 23:00, 29 March 2007 (UTC)

This talk page is the most appropriate place to make requests for addition and removal. There will be almost nothing else going on here once the initial excitement dies down. There is no need for a subpage. See MediaWiki:Bad image list for a similar such page. —Centrx→talk • 23:02, 29 March 2007 (UTC)

I have previously pondered upon the value of a subpage for the bad image list. I think that it would help. However, maybe a link to this page would work? Gracenotes^T § 23:06, 29 March 2007 (UTC)

That might not be a good idea. Some could use it to find ways to bypass the blacklist. alphachimp 23:14, 29 March 2007 (UTC)

That's right. Then perhaps admins working at WP:ACC should be aware of this MediaWiki page, so that they in turn can see if there's a faulty item. Gracenotes^T § 23:20, 29 March 2007 (UTC)

[edit] Malfunctioning?

I think this "username disallowal" may be malfunctioning. While working at WP:ACC I tried to fill several of the newest requests, but every time got a message saying "The username you have chosen is disallowed because it contains some forbidden string, such as an offensive word." But the usernames didn't seem offensive, they were:

• 555michael
• cybernerd1999
• scottlaverdiere
• DeathbyWiki
• jawdrops

It seems that every username is being denied; WP:ACC is being flooded with requests. Anyone know what is happening and how to fix it? jwillbur^talk 23:37, 29 March 2007 (UTC)

Fixed _→AzaToth 23:40, 29 March 2007 (UTC)

Thanks, it's amazing how one little edit can break things so badly. jwillbur^talk 23:46, 29 March 2007 (UTC)

[edit] Add tank engines to this list

I am the tank engine vandal! Add "the tank engine" to this list to ban me. Also block "rapes babies" and "norman rogers". We are all part of the vandal organization that includes willy on wheels!

Gotcha... well, Willy quit as a vandal a couple of years ago, established a normal account, edited for a while, then left Wikipedia. So... yeah. I advise that you learn what this page actually does, and especially investigate whether this so-called organization is a scam. Monthly membership fees, I'd imagine. Gracenotes^T § 23:51, 29 March 2007 (UTC)

Wait, what? I read that Willy had quit, but he actually made an account and contributed in a prductive manner? Hbdragon88 09:09, 30 March 2007 (UTC)

Yes. His userpage is protected now. Gracenotes^T § 13:32, 30 March 2007 (UTC)

[edit] The Race

While listing some common swearwords here is a good idea, we should avoid trying to enumerate every single inappropriate username, because turning this into a race between us and the people who like such names is simply a waste of effort. >Radiant< 08:06, 30 March 2007 (UTC)

I suggested linking to this page from MediaWiki:Blacklistedusernametext. But as alphachimp mentioned above, security through obscurity is probably a good idea, so linking to it isn't. Gracenotes^T § 13:31, 30 March 2007 (UTC)

I don't think security through obscurity is a very good idea, especially on a wiki. Vandals aren't stupid, I'm sure they won't have a problem finding this page at all. Is it possible to add to MediaWiki:Blacklistedusernametext the regex that lead to the blocking of the username, so the user at least knows why his username was blocked? --Conti|✉ 14:40, 30 March 2007 (UTC)

We'd have to bug Rob Church for that—he wrote this extension, after all! I think that a list of generally negative terms would be good. For example, check out {{Test5}}. It's basically a laundry list of bad things to do: a bag of beans, essentially. However, by staying general, we can list things that are technically impossible to do, and if we keep this list comprehensive enough, vandals would probably get frustrated and give up. This would be aided by keeping this MediaWiki page in relative obscurity, such that not everyone would know about it. If there's a freak exception, someone can post at WP:ACC, and then the admin could discuss the troublesome item here, and create the account in the meanwhile. Gracenotes^T § 14:47, 30 March 2007 (UTC)

I agree that a few examples are nice to have. We should especially mention the not so obvious cases, IMHO. ("Hey! Why am I not allowed to register User:I'm_a_wine_steward??") I think it is inevitable that we'll soon enough have vandals watching this page, creating inappropriate usernames that are not on this list, whether we announce this page or not. But that's life, I guess. I just hope we're not going to panic and make this list bigger than it needs to be. --Conti|✉ 15:09, 30 March 2007 (UTC)

Hm. Come to think of it, "steward" isn't that bad of a word to have; perhaps we can remove it. After all, if someone is not familiar with the Wikimedia Foundation enough to know what a steward is, they would probably not be aware that having "steward" in a user name does not imply that that person is a steward. Not the same for sysop, however: "sysop" has a common meaning. And in cases where there might be a user name "Wikimedia stewards suck", we can take that on a case-by-case basis. Gracenotes^T § 01:49, 31 March 2007 (UTC)

I went ahead and removed steward. I think when (if) a case came up where it was being abused, we could handle that, rather an a (more likely) larger fallout of blocked usernames and backlog at WP:ACC. I think, per Gracenotes, that people outside the WMF don't know was a steward is (to us), so the potential for abuse is rather low. ^demon^{[omg plz]} 04:21, 31 March 2007 (UTC)

[edit] Code

Please fill me in on how the coding works. BuickCenturyDriver (Honk, contribs, odometer) 22:19, 2 April 2007 (UTC)

The text after an asterik (rendered as a bullet when you load MediaWiki:Usernameblacklist) is treated as a regular expression and, if any of the regular expressions are detected when creating a new user name, that user name cannot be created. For general information about regular expressions, see regular expressions and http://www.codeproject.com/dotnet/RegexTutorial.asp; for information about their implementation in PHP (the native language of MediaWiki) see http://se.php.net/manual/en/reference.pcre.pattern.syntax.php; and for general information about the extension Username Blacklist which this is part of, see mw:Extension:Username Blacklist. Regards, Iamunknown 16:14, 6 April 2007 (UTC)