Manual:Combating vandalism


 * Is your site being vandalized? Please leave a message on the talk page or the forum, or the mediawiki-l email list to get advice.

When you install a fresh copy of MediaWiki, it is susceptible to different kinds of intentional vandalism. Due to the nature of a wiki website, no matter how many protections are present, vandalism will always be present to a certain extent. This page will descibe how to limit it. Note that Wikipedia is much larger than other websites that install MediaWiki; it has many more edits than the average wiki, but also more users to monitor vandalism. This changes the dynamics of vandalism for small wiki websites.

Types of attacks

 * Bot flood attacks: A vandal may attempt to run a bot that can edit/move and create pages at a high speed.
 * Bad user names: user names can be renamed using the Rename User extension
 * Removal of content (partial or complete)

Limiting

 * Extension:AbuseFilter: An extension that monitors behaviours on the wiki and is very customizable. Different kinds of rules can be created. To see examples of filters and the work they do, see Wikipedia's filter rules. Filters can also be configured not to be visible to the public.
 * Extension:ConfirmEdit: Although Captchas are more helpful for spam, they're also helpful somewhat in dealing with vandalism in that the vandal may have to fill captchas for creating accounts, adding external links and so on, although this will also inconvenience the genuine user, so captchas should be used and configured thoughtfully.
 * Extension:Bad Behavior: A light weight alternative for AbuseFilter, which has more features
 * Extension:Title Blacklist: This helps against bad titles of pages and bad user names
 * Extension:AntiBot: May be useful in dealing with bot vandalism
 * Manual:$wgNamespaceProtection: Protect templates so only auto-confirmed users or sysops can edit templates

To temporarily disable account creation and anonymous editing, put this in LocalSettings.php: See Manual:Preventing access for other ways to prevent access.
 * Lockdown

Alert/visibility

 * Extension:Recent Activity Notify - sends an email to selected users on the wiki if there's any edits or moves from new users.
 * Extension:FlaggedRevs: approve changes to the stable version of a page
 * RevisionDelete: With this feature it is possible to hide certain parts of a revision.

Cleaning up

 * Extension:Nuke - sysops can mass delete page created by a certain user or IP
 * Extension:Renameuser - so you can rename bad user names
 * Enable Rollback permissions by adding the following to your LocalSettings.php and give the rollback right in User Rights Management to trusted users, so they can revert vandalism easier when it happens:


 * Extension:Recent Changes Cleanup - Enables administrators to keep their Recent Changes page free of vandalism related entries.

Points to remember

 * One-time vandalism (or spam) from an IP address may deserve only a temporary block (1 month or a 1 week etc.) unless there is recurrent vandalism/spam from an IP address that is static.
 * Configure your protection systems such that they should not significantly inconvenience the average user.