There are basically to types of vandalism -- manual and automated. Because this wiki is regularly maintained and Admins frquently check the Special:RecentChanges, manual vandalism typically gets taken care of very quickly. What we are more concerned about is vandalism automated by vandalbots. A vandalbot is a script which automatically performs some kind of edit or similar operation to the wiki. Because of the speed with which they work, they can do a lot of damage, and this damage can take time to fix. It is a sad fact that as our traffic and popularity has increased so have the automated attacks.
This page is specificially intended to help you know what to do in case a vandalbot attacks. There are a number of stages to any response.
The first step is notification. If you notice an automated attack occuring and are not a Sysop, please let one of the Sysops know immediately, either by leaving a note on their User_talk page, or, for quicker results, by clicking the "E-mail this user" link on their user page.
If you are a Sysop and notice automated vandalism in progress, please ban the user(s) in question, and then send an email to the Sysop mailing list.
Because of previous attacks, OrthodoxWiki has increased its security by allowing only logged-in members to edit pages. This means that vandalbot owners must register accounts before unleashing their mayhem. In the past, we have seen multiple accounts being used by simultaneously to wreak mayhem. However, this method adds an extra step for the vandals and makes it easy to block access, even in the case of a distributed IP attack.
Once a Sysop has been notified that an attack is in progress, he or she can ban all of the user names involved in the attack. Bans can be temporary or permanent. In the event of an automated attack, we have no hesitation in imposing an infinite ban on the user account(s) in question.
Reverting Vandalbot Edits
Rollbacks are easier for admins than non-admins. For this reason, Admins have the primary responsibility for reverting mass vandalism.
Rollback options for non-admins (regular logged-in users)
- Go to the page, click on "history" at the top ("Page history" in some skins), and click on the time and date of the earlier version you want to revert to.
- Then when that page comes up, you'll see something like "(Revision as of 22:19 Aug 15, 2002)" below the title and beneath "From Wikipedia, the free encyclopedia".
- Verify that you've selected the correct version, and click to edit the page, as you would normally. Important: in the case of vandalism, take the time to make sure that you are reverting to the last version without the vandalism; there may be multiple vandal edits.
- You'll get a warning, above the edit box, about editing an out-of-date revision.
- After heeding the warning, save the page. Be sure to add the word "revert" to the edit summary. Most Wikipedians abbreviate this to "rv". A common and useful addition is the usernames of who you are reverting from and to. For example, a good edit summary would be
rv edits by 126.96.36.199 to last version by xyz </p><p>The clickable links are created by entering [[User:000.000.000.000|000.000.000.000]] (replacing 000.000.000.000 with the real IP address or [[User:Username|Username]] for logged-in users, replacing Username with their real username.
- Check the contribution history of the user who vandalized the article. (Click on their IP address or username. That will bring you to their User page. In the lower left-hand corner, there is a toolbox with a "User contributions" link. Click that.) If this user is vandalizing many articles, please report them to one of the Sysops.
Rollback options for Admins
On the User Contributions page an admin has additional "rollback" links at lines which are the last edit made by anybody to that article.
The rollback link is also shown on the Diff page when viewing the difference between the most recent version of a page and the last version.
Clicking on the link reverts to the previous edit not authored by the last editor, with an automatic edit summary of "Reverted edits by X to last version by Y".
If, between loading the User Contributions page and pressing "rollback", someone else edits or rolls back the page, or if there was no previous editor, you will get an error message.
Rollbacks should be used with caution and restraint. Reverting a good-faith edit may send the message that "I think your edit was no better than vandalism and doesn't deserve even the courtesy of an explanatory edit summary." It is a slap in the face to a good-faith editor; do not abuse it.
In cases of flood vandalism, admins may choose to hide vandalism from recent changes. To do this, add &bot=1 to the end of the url used to access a user's contributions. For example, http://en.wikipedia.org/w/wiki.phtml?title=Special:Contributions&target=SomePersistentVandal&bot=1.
When the rollback links on the contributions list are clicked, the revert, and the original edit that you are reverting will both be hidden from recent changes unless you click the "bots" link to set hidebots=0. The edits are not hidden from contributions lists, page histories or watchlists. The edits remain in the database and are not removed, but they no longer flood Recentchanges. The aim of this feature is to reduce the annoyance factor of a flood vandal with relatively little effort. This should not be used for reverting a change you just don't like, but is meant only for massive floods of simple vandalism.
In the event of a worst-case scenario -- that is, where automated vandalism has affected so much of the wiki that it becomes very difficult to revert all the edits -- we are able to restore a backup of the entire site. Backups are made nightly, so this may result in all useful edits for up to the past 24 hours being lost as well. Fortunately, we have never had to do this so far. Obviously this option will only be used if it is really necessary.
Nov. 5, 2005 - Prompted by another attack, we've begun using the Bad Behavior extension for MediaWiki. We've also instituted open-proxy blocking (please see this page for more information) and set up the SpamBlacklist extension.
One tool which can be helpful for the Sysops in policing the wiki for "ordinary" or manual vandalism, as well as inappropriate additions, etc. is the use of "Patrolled Edits." You can read more about these here. When something has been marked as "patrolled," other sysops can be saved the tedium of redundant inspections.
- http://meta.wikimedia.org/wiki/Vandalbot - MediaWiki discussion of Vandalbots and what to do about them.
- http://meta.wikimedia.org/wiki/Help:Patrolled_edit - An overview of the new "Patrolled Edit" feature.
- http://en.wikipedia.org/wiki/Wikipedia:Revert - Reverting pages for Sysops and non-Sysops.
- http://meta.wikimedia.org/wiki/Edit_throttling - This page, along with its corresponding Talk page, suggests some anti-vandalism features which woul be very useful. We hope this will be made available in a future version of MediaWiki.