[08:09:46] <wm-bb>	 <Galder> We are experiencing a high amount of spam vandalism at the Basque Wikipedia, with random insertion of youtube videos in articles. All of them follow the same pattern:
[08:09:47] <wm-bb>	 <Galder> VIDEO URL
[08:09:49] <wm-bb>	 <Galder> VIDEO URL
[08:09:50] <wm-bb>	 <Galder> VIDEO URL
[08:09:52] <wm-bb>	 <Galder> Is there a way to have a spam blacklist that detects the consecutive insertion of the same video in different lines? I have tried with some regex but it doesn't seem to work.
[14:35:19] <wm-bb>	 <ChlodAlejandro> You can match exact copies of a specific pattern with regular expressions using a capture group reuse pattern. The pattern `\1` will automatically match the first capture group, `\2` will match the second, etc. You're probably look for something like `added_lines rlike "(https:\/\/.+?)\n\n\1\n\n\1"` (which will match the same URL three times, separated by
[14:35:19] <wm-bb>	 newlines). Sample filter <clipped message>
[14:35:20] <wm-bb>	 <ChlodAlejandro>  here (https://test.wikipedia.org/wiki/Special:AbuseFilter/299), sample edit here (https://test.wikipedia.org/wiki/Special:AbuseLog/116540). Feel free to narrow it down to, say, YouTube links only. (re @Galder: We are experiencing a high amount of spam vandalism at the Basque Wikipedia, with random insertion of youtube videos in articles...)
[14:51:58] <wm-bb>	 <jeremy_b> if you do that YouTube has multiple domain names... mdot, regular, youtu(.)be. (re @ChlodAlejandro: You can match exact copies of a specific pattern with regular expressions using a capture group reuse pattern. The pattern \1 wi...)
[14:52:59] <wm-bb>	 <jeremy_b> you could repeat the domain matching for each group occurrence and capture only the path. but even then query string could vary.
[14:53:39] <wm-bb>	 <jeremy_b> have they discovered Rick roll?
[14:54:17] <wm-bb>	 <saperski> yeah but maybe simple prevention of inserting the same link 3 times in a row (even if it is something else) could help right away. (re @jeremy_b: you could repeat the domain matching for each group occurrence and capture only the path. but even then query string could vary.)
[14:54:39] <wm-bb>	 <AntiComposite> yeah, if you filter this person too hard they just evade, but preventing the same link many times in the same edit would be broadly useful
[14:55:49] <wm-bb>	 <saperski> the only concern here (as always with AF which I avoid for that reason) is collateral damage, usually my imagination is too poor to image what ELSE could be broken by the rule
[14:56:14] <wm-bb>	 <jeremy_b> start with report only? (re @saperski: the only concern here (as always with AF which I avoid for that reason) is collateral damage, usually my imagination is too poor...)
[14:56:41] <wm-bb>	 <saperski> I'd rather say what bothers me that I never monitor the rules after X months once they are in place.
[14:57:09] <wm-bb>	 <saperski> but for that quick kind of prevention Abuse Filter is probably the best tool
[18:12:08] <wm-bb>	 <Galder> thanks! This seems to work. Let's see how long for the spamer to change the pattern (re @ChlodAlejandro: You can match exact copies of a specific pattern with regular expressions using a capture group reuse pattern. The pattern \1 wi...)
[19:26:55] <wm-bb>	 <Ju> All movies & series available in PopcornTV ⭐️🤩
[19:26:56] <wm-bb>	 <Ju> Netflix & Disney Plus and more
[19:26:58] <wm-bb>	 <Ju> Join now: https://astrurl.io/popcrntv
[19:26:59] <wm-bb>	 <Ju> ⭐️🤩⭐️🤩⭐️🤩
[23:11:23] <bd808>	 @albertoleoncio: It looks like that spammer got past our gate because they spammed before the bot had a chance to restrict them. Not sure if they were just really fast or if the bot had a hiccup.
[23:16:24] <wm-bb>	 <albertoleoncio> bd808: It seems to be working normally. The spammer was just faster at joining, posting, and then leaving before the bot could act.