Wikipedia:Bureaucrats' noticeboard

To contact bureaucrats to alert them of an urgent issue, please post below.
For sensitive matters, you may contact an individual bureaucrat directly by e-mail.
You may use this tool to locate recently active bureaucrats.

The Bureaucrats' noticeboard is a place where items related to the Bureaucrats can be discussed and coordinated. Any user is welcome to leave a message or join the discussion here. Please start a new section for each topic.

This is not a forum for grievances. It is a specific noticeboard addressing Bureaucrat-related issues. If you want to know more about an action by a particular bureaucrat, you should first raise the matter with them on their talk page. Please stay on topic, remain civil, and remember to assume good faith. Take extraneous comments or threads to relevant talk pages.

If you are here to report that an RFA or an RFB is "overdue" or "expired", please wait at least 12 hours from the scheduled end time before making a post here about it. There are a fair number of active bureaucrats, and all of them keep an eye on the time remaining on these discussions. Thank you for your patience.

To request your administrator status to be removed, initiate a new section below.

Crat tasks
RfAs 1
RfBs 0
Overdue RfBs 0
Overdue RfAs 0
BRFAs 6
Approved BRFAs 0
RfA candidate S O N S% Ending (UTC) Time left Dups? Report
Hog Farm 86 1 0 99 17:06, 21 January 2021 6 days, 1 hourno report
RfB candidate S O N S% Ending (UTC) Time left Dups? Report

Last updated by cyberbot ITalk to my owner:Online at 15:32, 15 January 2021 (UTC)

It is 15:36:34 on January 15, 2021, according to the server's time and date.
Bureaucrat tasks:
Assigning bot status (talk)
Requests for adminship (talk)
Inactive administrators (talk)
Inactive bureaucrats (talk)
Bureaucrats' noticeboard archives:
1 2 3 4 5 6 7 8 9 10
11 12 13 14 15 16 17 18 19 20
21 22 23 24 25 26 27 28 29 30
31 32 33 34 35 36 37 38 39 40
41 42 43 44 45 46 47 48 49 50



Advice? Someone's trying to brute-force my accountEdit

I've gotten 4 notifications today from the WMF about logins from an unrecognized device; I understand from this page that that represents at least 20 attempts by someone trying to log in as me. I have a secure password that I've never used anywhere else, but as you may know, the most extensive security breach ever (probably) came to light last month, and I think it's too soon to say who or what might be at risk. Is anyone else getting these messages? I emailed the WMF asking what's up ... no reply yet. If I keep getting these messages, I'll ask you guys for a temporary desysop, to be safe. - Dank (push to talk) 00:29, 9 January 2021 (UTC)

If you have a strong password, there is nothing to be concerned about, and (more unfortunate) nothing that we can really do about it. However, should you be concerned that you might lose access to your account, we can of course temporarily remove the bit from your account. Primefac (talk) 00:31, 9 January 2021 (UTC)
Thanks. I think it's too soon to pull the plug, but pull it I will if this keeps up. - Dank (push to talk) 00:33, 9 January 2021 (UTC)
(Non-administrator comment) If you're concerned, I'd recommend you change your password to something new, and/or enable WP:2FA. power~enwiki (π, ν) 00:33, 9 January 2021 (UTC)
I too got notification of 190+ attempts to log in to my account on a new device. Dan and I are both active in maintaining the Main Page, so disruption there might be the intent. I do have a strong unique password for this account. Stephen 00:45, 9 January 2021 (UTC)
Yes do consider WP:2FA if you don't already have it. There were some successful compromises (with a fairly high success rate) in the past few days, and there seems to be more attempts that we don't know about. What I would advise is if you or anyone else gets a notification that someone else has successfully logged in, whether you are still able to log in or not, please contact a checkuser as soon as possible. -- zzuuzz (talk) 00:49, 9 January 2021 (UTC)
I've personally seen an uptick in them the past few days. -- Amanda (aka DQ) 00:55, 9 January 2021 (UTC)
  • Bruteforcing is a highly ineffective way of trying to compromise an account, practically technically infeasible. If you have a long, non-reused, random password (example: "8hCTEwQ,~SV=95ACnas8zDuWqB(JfFCp" using a password manager, or something memorable like "juicy-firework-pineapple-green-horse"), the account will almost certainly not be compromised by bruteforce. 2FA is helpful as a reassurance, but not necessary. Consider that API keys for taking sensitive actions on many sites are about the same length, or shorter, than a long password here. ProcrastinatingReader (talk) 01:45, 9 January 2021 (UTC)
  • About the long password thing, even random long non-reused passwords can be less secure without 2FA. If you don't think that's a possibility - one compromised user recently told me that their computer had a keystroke logger. Yes, 2FA is useful as a security measure. It's not for everyone, but please do consider it. -- zzuuzz (talk) 08:36, 9 January 2021 (UTC)
      • Meh, I’m not sure using 2FA to obscure otherwise bad security practices (ie, those resulting in one ending up with a keylogger on their computer) is a good idea. Besides, if you have malicious software on your computer 2FA won’t help; your cookies could just get stolen. ProcrastinatingReader (talk) 09:48, 9 January 2021 (UTC)
  • From a comment I recently left elsewhere: There is no need to change your password, assuming it wasn't bad and preferably was not on list of common passwords (that is the useful page from the "Password Blacklist library" at m:Password policy). Wikipedia's advice is at WP:SECURITY. However, it is essential that you do not use a password for Wikipedia or for the email account associated with Wikipedia that you have ever used at any other website. That's because other websites are often hacked and lists of username/password are published that hackers can access, and they might try using any such combinations here). Johnuniq (talk) 02:33, 9 January 2021 (UTC)
  • I've been getting these all day, too. Normally, I'd get one or two a week from a certain someone, but today it has been 8 hours of non-stop targeting. Seems like someone badly wants to crack and admin account - Alison 09:32, 9 January 2021 (UTC)

Maybe they're going for people with short names? Or common words? I got one too .... on both this account and Lollipop. Soap 09:40, 9 January 2021 (UTC)

Who knows but one likelihood is that the attacks are what has happened before, namely someone is trying to match leaked username/password combinations from aggregation websites that list literally millions of hacked accounts. It's likely that many people have called themselves "Alison" or "Soap" when logging in to some minor website which was later hacked and their poorly defended password list stolen. The attacker might have 100 combinations for each of you (Alison + password2, Allison + 1234, etc.) and they have a program that tries them all. As I mentioned above, any decent password would be adequate to deal with that. Johnuniq (talk) 09:47, 9 January 2021 (UTC)
Sorry to contribute to the split discussion but anyone interested in this might like to see some information I found here at WP:VPT. There is definitely a large attack underway. Johnuniq (talk) 10:13, 9 January 2021 (UTC)
@Dank: If your password is strong and unique (you have never used it or a variant of it on any other service) you should be OK (if it isn't - change it to fix that!). I had to turn off that notification before, as there isn't really anything you can "do" about it. Regarding cookie re-use, if you manually log-off it will void all your sessions on all devices to all WMF sites. 2FA will not stop someone from guessing your password, but will help stop them from actually getting logged in as you. 2FA is also helpful against password-recovery attacks (where someone gains access to your email and uses it to reset your account) - as are extra controls on your email (many email providers have robust supported 2FA solutions as well). — xaosflux Talk 10:42, 9 January 2021 (UTC)
  •   Request withdrawn per above discussion, anyone may certainly ask for a desysop for any (or no reason) - but securing your account is normally sufficient. — xaosflux Talk 10:42, 9 January 2021 (UTC)
  • 2FA is really something all admins should be using (not policy, just my personal advice). Long randomized passwords protect against some kinds of attacks, but not all. For example, I would assume that any machine you use in a public location has a keylogger installed; 2FA is a good defense against that. -- RoySmith (talk) 22:17, 9 January 2021 (UTC)
    Never logging into an admin account from a public computer is even better :-) Boing! said Zebedee (talk) 22:25, 9 January 2021 (UTC)
This. I only use my admin account from my desktop at home. I think most experienced admins are careful and use a separate non-admin account when away from home. If an admin is using their admin account on their phone, even with 2FA, they are taking a risk as 2FA is no protection if someone picks up your unlocked phone with the 2FA on it. I would say that, provided you have a unique and decent password, not using your admin account on your phone, and not using it away from home is a much better protection than having 2FA and feeling you can use your phone away from home. SilkTork (talk) 04:35, 10 January 2021 (UTC)
SilkTork, Just to clarify, I don't suggest people log into public terminals with their admin accounts. I was just using that as an example of one kind of attack 2FA protects you against. I use 2FA on my own (admin) account on my laptop. I have a second (non-admin) account which I use on my phone, because I know my phone is much more likely to get lost or stolen.
Other kinds of attacks 2FA protects you against include shoulder surfing, and plain old accidentally typing your password into the wrong window (we've all done that). If my LastPass account were ever to be compromised, it would protect against that too. Although to be honest, if that happened, the security of my wiki admin account would be very low on the list of things I'd be freaking out about. -- RoySmith (talk) 03:01, 11 January 2021 (UTC)

Me too, FWIW --Dweller (talk) Become old fashioned! 18:11, 10 January 2021 (UTC)

  • Last time I tested it our 2FA system was half-baked. I don't recommend it. As for password compromises, the way to avoid them is to use a password manager and let it choose a unique random password for each account. Your risk is that somebody compromises the end point and steals the password from your computer or the service. Something like SRP protocol can help prevent passwords from being stolen from the service endpoint because they avoid sharing the password. Even if the service hashes passwords, it's not that hard to find collisions (a password with the same hash which will also work). What Wikipedia ought to do is implement automatic blocking of IP addresses, for a finite duration, after they are involved in threshold number of failed login attempts. This would slow down brute force attacks. Another thing Wikipedia could do is download the HIBP database of compromised credentials and automatically disable any credentials found on the list. Jehochman Talk 14:35, 11 January 2021 (UTC)
    I have not had any issues with the 2FA system. (And I was hesitant to enable.)
    Wikimedia does already pull either the top 10k or 100k compromised phrases and forces a change for those passwords for old people trying to login and forces new accounts to avoid those. --Izno (talk) 17:24, 11 January 2021 (UTC)

Resysop request (Ivanvector)Edit

Requesting restoration of my administrator privileges, following an incident last week. I've taken all the steps I think I can to ensure my account's security (logged out, changed passwords, and same on my password manager and recovery email account), and verified with checkusers to the extent possible that there don't seem to have been any attempts to access my account.

Thanks to everyone who has reached out with messages of support, both on- and off-wiki. They are greatly appreciated. Cheers. Ivanvector (Talk/Edits) 19:32, 13 January 2021 (UTC)

  • No concerns, standard 24-hour hold for restoration of sysop access. — xaosflux Talk 20:01, 13 January 2021 (UTC)
  • Given this was a security removal and not a resignation, I don't see the need to wait the standard 24 hours, and we can let Ivanvector get back to their good work.   Done -- Amanda (aka DQ) 20:56, 13 January 2021 (UTC)
    I don't see where policy allows for any exception, regardless of circumstances. Being that this was security related, if anything, would make it more important such that time is allowed for comments and can be considered before handing back the bit. Dennis Brown - 22:30, 13 January 2021 (UTC)
    Wikipedia:Bureaucrats#Restoration_of_permissions and Wikipedia:Administrators#Restoration_of_adminship seem to be pretty clear that this hold is expected. So what to do now? On the one hand, absent any actual complaints I don't see the practicality of continuing to flip flags on Ivanvector's account. I do feel that @AmandaNP:'s action was a bit rogue though, even if in good faith. Can't see any reason to drag this to ArbCom - but will float the idea of an informal admonishment to the other crats here. Any thoughts from the rest of our cohort? — xaosflux Talk 00:12, 14 January 2021 (UTC)
    Just thoughts from crats? --Floquenbeam (talk) 00:40, 14 January 2021 (UTC)
    @Floquenbeam: not trying to quell discussion from anyone else, just floating some idea; - as I said above, I'm assuming good faith here and can't see any serious proposal to issue other remedies being helpful. Also, policies and policy interpretations can change - and if this is reflection of a new community norm we can document it. — xaosflux Talk 00:45, 14 January 2021 (UTC)
    OK, then for what it's worth, I think Amanda's quick resysop was fine for this particular set of circumstances, for the reason that she gave. I don't see it as a mistake. But I'd hope that, at absolute worst, if this view is in the minority, that this discussion is refocused as "what do we as crats want to do next time", rather than any kind of "informal admonishment". Crats seem to get along as a group better than most other groups on WP. I'd hate for that to change and see informal admonishments become a thing. --Floquenbeam (talk) 00:55, 14 January 2021 (UTC)
    (ec) The link to the permissions restoration policy is clear that a minimum of 24 hours is required. If I recall correctly, the discretionary portion of the resysopping procedure was added in order to be more conservative rather than more liberal. Turning the bit back off to return to the status quo would probably be just a formality, and, in fact, I'm not even certain that that can technically be done within policy, barring WP:IAR, which isn't something I'd be prone to invoke in a bureaucratic capacity, so I will decline to flip it back. While I do agree with Dennis Brown's statement, I have no comment on Xaosflux's floated idea. As a rule, I stay out of that sphere. Useight (talk) 01:02, 14 January 2021 (UTC)
    Going to agree on multiple points. Unless there is a substantiated concern in the next... 18(ish) hours, flipping the bit just for the formality of it is pointless (and for what it's worth the CUs and Arbs are fairly convinced the account has not been compromised). Should this sort of thing happen in the future? Likely not, even in clear cut cases such as this (and given the general feedback in this discussion). I would also say that there is little point in going through any formal process w.r.t. Amanda for doing said action; if anything it gives us the opportunity to discuss the matter. Primefac (talk) 01:54, 14 January 2021 (UTC)
    My primary reason for mentioning it wasn't to change the status or raise a stink, but to insure it didn't happen again in the future. I was a bit taken aback that a Crat would do that, seeing that Crats have a reputation for being very conservative about applying policy. I know Amanda reasonably well and respect her, but felt it was necessary to point out the mistake, regardless of who did it. Dennis Brown - 00:49, 14 January 2021 (UTC)
    I'm not too big on bureaucracy or policy adherence, but from a security viewpoint and as with future cases in mind, it would make sense to give the REAL Ivanvector (as opposed to the community) the chance to offer an objection to a potential compromise by an imposter. Hence I think a delay would be appropriate even in these particular circumstances, next time. For now, we'll just have to keep an eye on Ivan :) -- zzuuzz (talk) 01:25, 14 January 2021 (UTC)
  • The risk of someone at his former place of work who is not Ivanvector finding BN, learning how to wikilink to the resignation, and also take his somewhat distinct cadence of writing in order to get admin flags is, to be blunt, practically non-existent.
    Ivanvector was right to resign the tools as accidental compromise of sensitive accounts is probably the biggest risk. Once someone has access to an account they find has special buttons they might do something damaging. That’s a real risk. One of his former coworkers caring this much to impersonate him really isn’t. The policy calls for 24 hours, so if you want to yell at AmandaNP for that, I guess you can. There’s no real security risk here, though. Human nature and motivations are as much a part of IT risk assessment as the technical measures that we like to focus on. TonyBallioni (talk) 06:29, 14 January 2021 (UTC)
  • As above — not an issue here, clearly good faith, probably shouldn't happen again. Someone gets a little trout for dinner, nothing more. ~ Amory (utc) 11:54, 14 January 2021 (UTC)
  • It's done, so it's done, but I hope that it doesn't happen again, particularly in a case where there have been security concerns and the community may wish to see that several 'Crats are satisfied that those security concerns have been checked and cleared. 'Crats are here to uphold consensus and not push the envelope on what is and is not permitted. There was no imperative involved here which would justify not waiting the standard 24 hours. I don't know what we do if it happens again, or a 'Crat pushes the envelope too often. I suppose we have a 'Crat chat and issue a formal warning? And if it happens again after a formal warning, we request an ArbCom case? SilkTork (talk) 15:19, 14 January 2021 (UTC)
  • On User:Xaosflux's request to gather thoughts on an informal admonishment - I think by default an informal admonishment is already occurring. I should think by now Amanda would have taken on board this was an action that has provoked discussion, and I doubt if Amanda will do it again. I don't think we need go any further than that. However, the community may wish to consider if it may be appropriate to draft a formal process to outline what happens when a 'Crat is making decisions which cause concern. Is it just 'Crats who can issue informal or formal admonishments to a 'Crat? Because of the "get along as a group" aspect to 'Crats, perhaps 'Crats really aren't best placed to be the ones to judge or admonish a fellow 'Crat. How would the community feel about a 'Crat acting out of consensus, and fellow 'Crats shrugging and saying that's OK, because it appears we don't want to upset the group camaraderie? I'd welcome the community discussing the issue of a 'Crat making decisions which cause concerns, and drafting a proposal for a route to resolve such matters. I should think that any user could take a 'Crat to ArbCom if they felt that 'Crat was making serious errors of judgement. But what about minor errors of judgement which are eroding confidence in that 'Crat? SilkTork (talk) 15:51, 14 January 2021 (UTC)
    @SilkTork: not sure the best way - I think this was a bad execution, but I don't think it needs a corrective action; I do think it should be discouraged from reoccurring baring new community standards emerging. If this was a similar admin action I'd say WP:TROUTing would be in order - but that seemed a bit wrong. I suggested admonition in the sense that I think that this was an inappropriate action and that we would would oppose future occurrences of the same. We are a unique group in that there are a few special processes that rely on the consensus of only crats, also related to the administrator of administrators. — xaosflux Talk 16:04, 14 January 2021 (UTC)
"oppose future occurrences of the same". Agree - both in the sense of Amanda acting out of consensus again (which I truly doubt she would), and of any 'Crat resysopping without waiting 24 hours again (which I also truly doubt would happen). However, where I'm not sure is how that opposition would take place. Is there, for example, any precedent for a 'Crat reversing a 'Crat action? How do we get consensus for reversing a 'Crat action? Are 'Crats the ones best placed to issue admonishments, given that we are such a small group and some may not wish to create tension within the group. Indeed, in this issue, where a 'Crat has clearly and deliberately flouted consensus, we are tip-toeing around it and saying it was done in good faith, that it doesn't matter, that it was a minor incident, etc. On the other hand, given the nature and circumstances of the incident, it was relatively minor, and I can't see the community really wanting to take this particular incident any further. It's not serious enough for an ArbCom case; it is, as you say, just an incident which requires a trouting - an informal, even friendly, reminder to the individual to take more care in future - particularly where there are security concerns. And I think in this discussion we have done that. As such I don't think this particular incident needs to be taken any further. But I do feel there is room for the community to look into how we deal with such incidents in future. And I don't think it is our place to decide that alone. It has to be a community decision. SilkTork (talk) 17:52, 14 January 2021 (UTC)
I think it is even more simple than this, although I don't disagree with your logic. The community has already spoken when it wrote the policy (something I was actually quite involved in). Amanda's actions were counter to the policy, but I have to assume it was an innocent mistake as I can see no malice, nothing to be gained by Ivan or Amanda by the move. A non-Crat (me) was the first to point it out. Several people have spoken out about it and more or less agree, so this discussion is already creating a consensus that confirms the original consensus, that there should always be a 24 hour wait. Understandably, Amanda hasn't replied, waiting for the smoke to settle, but really there isn't any need for smoke or fire. It was a mistake, nothing was broken, the discussion confirms that the policy should be taken very literal. I would oppose ANY action to sanction or make an Arb case from it, as it would be overkill for this singular incident. For me, the best outcome is it being closed at the appropriate time with a statement that "The community agrees that the policy should be strictly viewed when it comes to the 24 hour wait to resysop. No further action is needed". Amanda needs to be informed, but not trouted or admonished. Dennis Brown - 18:14, 14 January 2021 (UTC)
Is there, for example, any precedent for a 'Crat reversing a 'Crat action? Only around Floq and the Fram incident, but I think most of us would agree that was a rather crazy situation. That did end up before ArbCom (mostly as an add-on to the case) but we were just given a slap on the wrist for wheel-warring over Floq's Fram's perms. Primefac (talk) 18:18, 14 January 2021 (UTC)
Wasn’t there an RfA closed by a Crat who voted and so another crat had to reclose it, Xeno I think? ProcrastinatingReader (talk) 18:26, 14 January 2021 (UTC)
Pretty sure that's not what SilkTork was getting at. Additionally, that's a re-close, not any sort of reversal. Primefac (talk) 18:29, 14 January 2021 (UTC)
No, but I think some of the same questions as SilkTork mentions were discussed (eg whether a consensus of crats, or even the crat themselves, can reverse a crat action if it involves desysopping), I suppose for the event that the reclose was no consensus. I may be misremembering, and can't check since I don't remember whose RfA it was being discussed (it'll be in the archives here, though). Perhaps someone else remembers. ProcrastinatingReader (talk) 21:10, 14 January 2021 (UTC)
Ah, here it is, and it was for this RfA. ProcrastinatingReader (talk) 21:13, 14 January 2021 (UTC)
@Primefac: just for posterity's sake - and not to reopen any old wounds - but I think you're slightly misremembering. No Crats wheel-warred over my perm. WJBscribe reversed a ThePowersThatBe desysop, but he didn't reverse a Crat, and no Crat reversed him. --Floquenbeam (talk) 18:34, 14 January 2021 (UTC)
You're right, I don't why I thought it was you; we did wheel-war over Fram's bit being restored. I've updated my statement above. Primefac (talk) 18:49, 14 January 2021 (UTC)
  • I'm disappointed to see this characterized as a mistake. I understand that the 'crats owe greater care to security removals and restorations, but this was well scrutinized before I posted here. I explained in much more detail on private email lists (from a known email which was not exposed) and also confirmed with stewards/checkusers that there had been no attempts to access my account. Amanda and several of the other functionaries who have commented here are on those lists (and the thread was also copied to Arbcom) but I think the users who have called this a "mistake" would not have seen those discussions. Of course I can't say if that factored into Amanda's decision to restore my userright before the standard hold (and wasn't expecting it), all I'm saying is there was nothing careless about any of this. So please hold off on the admonishments. Ivanvector (Talk/Edits) 18:43, 14 January 2021 (UTC)
    The problem is that it was a mistake. Policy is crystal clear on this, and doesn't allow for exceptions, regardless of circumstances. This doesn't mean admonishments are required, but an acknowledgement that it was an honest mistake would be welcomed. Dennis Brown - 19:59, 14 January 2021 (UTC)
  • I agree with Dennis and many other editors here on most points mentioned by them. Although everything might have been scrutinized by stewards and checkusers regarding this, the community at large also deserves an equal chance to give their input and feedback on this matter. I can also understand that this was genuine mistake by Amanda and I do agree that they were acting in good faith. Nonetheless, I definitely agree that as per the policy, resysopping for anyone should always be done as per the current procedures (which means after 24 hour standard hold) irrespective of when or for what reason the tools were removed. TheGeneralUser (talk) 01:22, 15 January 2021 (UTC)

Moving forwardsEdit

Arguing over whether this was a mistake or a good application of IAR isn't helping. Can we just agree a way forward for the future?

I suggest that a 24 hr wait is a very small price to pay for community scrutiny, which is valuable. I propose we strengthen the point in RESYSOP about the delay by adding "in all cases" or "without exception" or something. It won't prevent a future mistake (us Crats are human, I've heard) but it will clearly tell Crats not to IAR on this. --Dweller (talk) Become old fashioned! 11:35, 15 January 2021 (UTC)

I don't know if we need to clarify the language; I've added emphasis — it is required that a minimum of 24 hours elapse — in order to make that point clear. Primefac (talk) 12:01, 15 January 2021 (UTC)