Help
Add this page to your book
Show book (0 pages)
Suggest pagesVandalbot
A vandalbot is a script which automatically performs some kind of malicious edit or similar operation to a wiki at high rate. When you see one, you have to know what to do. Read this page now—don't leave it until the heat is on!
For Wikimedians who are not admins, vandal bots can be reported at vandalism reports.
Contents |
[edit] Sysop response
The basic response to a vandalbot is to revert its actions using rollback, and block it. You can revert edits without the rollback right, but that's slow and tedious. You're better off finding a sysop. If there are no sysops around, a steward can make you one, make one for you, or globally block the user or IP from editing. A full list of stewards can be found at Special:ListUsers/steward.
If a sysop sees a vandalbot that is editing existing pages, they should do the following:
- Block it
- Go to the contributions page
- Append "?bot=1" to the end of the contributions page URL
- Click on all the rollback links - your rollback and the edits being rolled back will all be marked as bot edits in Special:RecentChanges
Note that it's easier to click on all the rollback links if you have them loading in an inactivated tab/window, i.e. "in the background". To do this in Netscape or Mozilla, go to Edit > Preferences, click "Tabbed Browsing" and enable "Load links in the background" and opening tabs on "middle-click and control-click". In Opera, simply middle click. This allows one-click rollbacks. The best IE method requires two clicks—shift-click on the link then click again to get back to the contribs page. Alternatively, as your hand will be on the keyboard anyway, shift-click the link then press alt-tab to return to the previous window (that is, the one in which you clicked the link).
Reverting page creation usually can be done by an administrator via Special:Nuke.
It may also be useful to bring the incident to the attention of the community so that others can be on the look out for similar attacks soon after.
[edit] Steward response: Getting interwiki help
If there are very few or no sysops present on the wiki which is attacked, you may need to get help from other wikis. Stewards can help by:
- Helping you to tell everyone about the problem
- Making anyone who wants to help a temporary sysop
To get help from a steward, you could try posting a message to their user talk page, posting a message on the steward requests page, and asking for help on the IRC channels.
[edit] When to get developer help
Some problems are much easier for a developer to fix than for ordinary users. Call a developer if you see:
- SEO spam. If someone posts links to a commercial website in many different pages, contact a developer or an administrator on Meta. Post the URL on Talk:Spam blacklist. The spammer is trying to improve their google ranking by making lots of incoming links. They often spam many different wikis. A developer or Meta administrator can add their site to the list of bad URLs. Nobody can add URLs matching that list.
- Large scale page creation (hundreds of pages). Pages can be deleted without making an entry in the deletion log, or saving them to the archive for undeletion. Large scale deletion by a developer generally requires just 3 or 4 queries regardless of the scale of the attack, but carries with it the risk of permanent deletion of innocent pages.
[edit] How to contact a wiki developer
Usually developers can be found on the #wikimedia-tech or #mediawiki IRC channels, on irc.freenode.net. Make sure you give some indication of the scale of the attack—how many pages, what edit rate, etc. Wikipedia gets vandalised all the time; merely saying "the wiki is being vandalised" probably won't get their attention.
