There are basically two types of vandalism -- manual and automated. Because this wiki is regularly maintained and Admins frquently check the Special:RecentChanges, manual vandalism typically gets taken care of very quickly. What we are more concerned about is vandalism automated by vandalbots. A vandalbot is a script which automatically performs some kind of edit or similar operation to the wiki. Because of the speed with which they work, they can do a lot of damage, and this damage can take time to fix. It is a sad fact that as our traffic and popularity has increased so have the automated attacks.
This page is specificially intended to help you know what to do in case a vandalbot attacks. There are a number of stages to any response.
The first step is notification. If you notice an automated attack occuring and are not a Sysop, please let one of the Sysops know immediately, either by leaving a note on their User_talk page, or, for quicker results, by clicking the "E-mail this user" link on their user page.
If you are a Sysop and notice automated vandalism in progress, please ban the user(s) in question, and then send an email to the Sysop mailing list.
Because of previous attacks, OrthodoxWiki has increased its security by allowing only logged-in members to edit pages. This means that vandalbot owners must register accounts before unleashing their mayhem. In the past, we have seen multiple accounts being used by simultaneously to wreak mayhem. However, this method adds an extra step for the vandals and makes it easy to block access, even in the case of a distributed IP attack.
Once a Sysop has been notified that an attack is in progress, he or she can ban all of the user names involved in the attack. Bans can be temporary or permanent. In the event of an automated attack, we have no hesitation in imposing an infinite ban on the user account(s) in question.
Reverting Vandalbot Edits
Rollbacks are easier for admins than non-admins. For this reason, Admins have the primary responsibility for reverting mass vandalism.
Rollback options for non-admins (regular logged-in users)
- Go to the page, click on "history" at the top ("Page history" in some skins), and click on the time and date of the earlier version you want to revert to.
- Then when that page comes up, you'll see something like "(Revision as of 22:19 Aug 15, 2002)" below the title and beneath "From Wikipedia, the free encyclopedia".
- Verify that you've selected the correct version, and click to edit the page, as you would normally. Important: in the case of vandalism, take the time to make sure that you are reverting to the last version without the vandalism; there may be multiple vandal edits.
- You'll get a warning, above the edit box, about editing an out-of-date revision.
- After heeding the warning, save the page. Be sure to add the word "revert" to the edit summary. Most Wikipedians abbreviate this to "rv". A common and useful addition is the usernames of who you are reverting from and to. For example, a good edit summary would be
rv edits by 188.8.131.52 to last version by xyz </p><p>The clickable links are created by entering [[User:000.000.000.000|000.000.000.000]] (replacing 000.000.000.000 with the real IP address or [[User:Username|Username]] for logged-in users, replacing Username with their real username.
- Check the contribution history of the user who vandalized the article. (Click on their IP address or username. That will bring you to their User page. In the lower left-hand corner, there is a toolbox with a "User contributions" link. Click that.) If this user is vandalizing many articles, please report them to one of the Sysops.
Rollback options for Admins
On the User Contributions page an admin has additional "rollback" links at lines which are the last edit made by anybody to that article.
The rollback link is also shown on the Diff page when viewing the difference between the most recent version of a page and the last version.
Clicking on the link reverts to the previous edit not authored by the last editor, with an automatic edit summary of "Reverted edits by X to last version by Y".
If, between loading the User Contributions page and pressing "rollback", someone else edits or rolls back the page, or if there was no previous editor, you will get an error message.
Rollbacks should be used with caution and restraint. Reverting a good-faith edit may send the message that "I think your edit was no better than vandalism and doesn't deserve even the courtesy of an explanatory edit summary." It is a slap in the face to a good-faith editor; do not abuse it.
In cases of flood vandalism, admins may choose to hide vandalism from recent changes. To do this, add &bot=1 to the end of the url used to access a user's contributions. For example, http://en.wikipedia.org/w/wiki.phtml?title=Special:Contributions&target=SomePersistentVandal&bot=1.
When the rollback links on the contributions list are clicked, the revert, and the original edit that you are reverting will both be hidden from recent changes unless you click the "bots" link to set hidebots=0. The edits are not hidden from contributions lists, page histories or watchlists. The edits remain in the database and are not removed, but they no longer flood Recentchanges. The aim of this feature is to reduce the annoyance factor of a flood vandal with relatively little effort. This should not be used for reverting a change you just don't like, but is meant only for massive floods of simple vandalism.
In the event of a worst-case scenario -- that is, where automated vandalism has affected so much of the wiki that it becomes very difficult to revert all the edits -- we are able to restore a backup of the entire site. Backups are made nightly, so this may result in all useful edits for up to the past 24 hours being lost as well. Fortunately, we have never had to do this so far. Obviously this option will only be used if it is really necessary.
Nov. 5, 2005 - Prompted by another attack, we've begun using the Bad Behavior extension for MediaWiki. We've also instituted open-proxy blocking (please see this page for more information) and set up the SpamBlacklist extension. These have been wonderfully effective in limiting the damage a vandalbot can do. We've had some reports of legitimate users being blocked by these methods. If you are having a problem with this, let us know so that we can unblock your IP address and give you access to edit pages.
One side effect to OrthodoxWiki's handling of international character sets is the ability of accounts to be spoofed. That is, someone can register a name that looks similar to another account name and impersonate another user. For example, someone registered an account as "FrJ%D0%BEhn" and proceeded to leave a mean message in FrJohn's name to one of our contributors. On the wiki, the names and user pages looked identical. However, if you check the URLs in your browser's address bar, they will look different.
Unfortunately, this kind of impersonation is common in online communities of all types. If someone appears to say something out of character, it's definitely worth checking to make sure that the name is exactly the same as their real account and that their account has not been hacked. Fortunately, we have a vigilant community. If you suspect someone has impersonated you, let us know right away.
- http://meta.wikimedia.org/wiki/Vandalbot - MediaWiki discussion of Vandalbots and what to do about them.
- http://meta.wikimedia.org/wiki/Help:Patrolled_edit - An overview of the new "Patrolled Edit" feature.
- http://en.wikipedia.org/wiki/Wikipedia:Revert - Reverting pages for Sysops and non-Sysops.
- http://meta.wikimedia.org/wiki/Edit_throttling - This page, along with its corresponding Talk page, suggests some anti-vandalism features which woul be very useful. We hope this will be made available in a future version of MediaWiki.