Manual:Combating vandalism


 * Is your site being vandalized? Please leave a message on the talk page or the forum, or the mediawiki-l email list to get advice.

When you install a fresh copy of MediaWiki, it is susceptible to different kinds of intentional vandalism. Due to the nature of a wiki website, no matter how many protections are present, vandalism will always be present to a certain extent. This page will descibe how to limit it. Note that Wikipedia is much larger than other websites that install MediaWiki; it has many more edits than the average wiki, but also more users to monitor vandalism. This changes the dynamics of vandalism for small wiki websites.

Types of attacks

 * Bot flood attacks: A vandal may attempt to run a bot that can edit/move and create pages at a high speed.
 * Bad user names: user names can be renamed using the Rename User extension
 * Removal of content (partial or complete)

Solutions and Suggestions

 * Extension:AbuseFilter: An extension that monitors behaviours on the wiki and is very customizable. Different kinds of rules can be created. To see examples of filters and the work they do, see Wikipedia's filter rules. Filters can also be configured not to be visible to the public.
 * RevisionDelete: With this feature it is possible to hide certain parts of a revision.

Also see:
 * Extension:RecentChangesCleanup - Enables administrators to keep their Recent Changes page free of vandalism related entries.
 * Extension:Renameuser - so you can rename bad user names
 * Extension:ConfirmEdit: Although Captchas are more helpful for spam, they're also helpful somewhat in dealing with vandalism in that the vandal may have to fill captchas for creating accounts, adding external links and so on, although this will also inconvenience the genuine user, so captchas should be used and configured thoughtfully.
 * Extension:Title Blacklist: This helps against bad titles of pages and bad user names
 * Extension:Bad Behavior: A light weight alternative for AbuseFilter, which has more features
 * Enable Rollback permissions by adding the following to your LocalSettings.php and give the rollback right in User Rights Management to trusted users, so they can revert vandalism easier when it happens:


 * Manual:$wgNamespaceProtection: Protect templates so only auto-confirmed users or sysops can edit templates
 * Extension:AntiBot: May be useful in dealing with bot vandalism

Points to remember

 * One-time vandalism (or spam) from an IP address may deserve only a temporary block (1 month or a 1 week etc.) unless there is recurrent vandalism/spam from an IP address that is static.
 * Configure your protection systems such that they should not significantly inconvenience the average user.