What is a vandalbot?
A vandalbot is a script which automatically performs some kind of malicious edit or similar operation to a wiki at high rate. When you see one, you have to know what to do. Read this page now. Don't leave it until the heat is on!
For Wikimedians who are not administrators, vandal bots can be reported at vandalism reports.
A spambot is, like a vandalbot, an automated process (bot) that will vandalize a wiki by adding spam to the wiki pages or creating a mass of spam pages. The way of dealing with them is the same as the vandalbots, so please continue reading.
Response from administrators
The basic response to a vandalbot is to first block the account and revert its actions using rollback. You can revert edits without the rollback right, but that's slow and tedious. You're better off finding an administrator. If there are no administrators around, the stewards will be able to assist you. You may find a full list of stewards here. You can also contact a global rollbacker if you don't have rollback rights.
If you are an administrator and you see a vandalbot that is editing existing pages, you're encouraged to do the following:
- Block it. Make sure to set autoblock and block account creations.
- Go to the vandalbot's contributions page.
?bot=1to the end of the contributions page URL of the vandalbot and load that page. For example:
This will hide the bot's edits and your rollbacks from the recent changes page.
- Click on all the rollback links.
- Please contact a steward to globally lock the account and/or globally block the IP address. Please post on Steward requests/Global under the relevant section.
- Additionally, please consider asking for global URL blacklisting.
- A tip: Note that it's easier to click on all the rollback links if you open them all in a new tab. Most, if not all, modern browsers support tabs.
- If the vandalbot has also created a mass of pages those can be bulk deleted usually by any administrator accessing the page Special:Nuke and following the instructions. Be careful to enter the correct username in the form.
- It may also be useful to bring the incident to the attention of the community so that others can be on the look out for similar attacks soon after.
If there is no administrator around, it is an emergency, more hands are needed, or it is an attack that affects multiple projects, the Wikimedia stewards are there to help you. You may quickly contact them on the #wikimedia-stewardsconnect IRC channel or by posting a message in the vandalism reports board. Stewards have complete access to the wiki interface and functions in all Wikimedia projects as well to powerful global tools which can be used in order to stop the attack.
It is always helpful to notify stewards at the vandalism reports board for these cases, even if you had local administrator assistance. So they can have a look at the issue and take other measures, such as terminating the malicious accounts involved.
- Extension:AbuseFilter is a tool available at all Wikimedia wikis at "Special:AbuseFilter", which applies heuristics to actions by users, such as edits, based on filters that can be configured locally to prevent various kinds of vandalism. The configuration of the filters is not easy so if you have not used the tool ask first or you may end blocking legitimate edits.
- Extension:SpamBlacklist is a tool that will block from saving pages containing a certain URL. A local spam blacklist exist on each wiki at "MediaWiki:Spam-blacklist" with a global one working for all projects is located at spam blacklist. Do not use SpamBlacklist or AbuseFilter without a basic understanding of regular expressions.
- CheckUser is a tool available for users with the
checkuserpermission which is to be used to fight vandalism and prevent abuse to the projects. Due to the sensitive nature of the tool is only used as a last resort for difficult cases.