Manual:Combating vandalism

When you install a fresh copy of Mediawiki it is susceptible to different kinds of intentional vandalism. Due to the nature of a wiki website, no matter how many protections are present, vandalism will always be present to a certain extent. This page will talk about how to limit it. Also, Wikipedia is much larger than other websites that install Mediawiki and due to that there are many differences such as more edits and more users to monitor vandalism. This changes the dynamics of vandalism for small wiki websites.

Types of attacks

 * Bot flood attacks: A vandal may attempt to run a bot that can edit/move and create pages at a high speed.
 * Bad usernames: usernames can be renamed using the Rename User extension
 * Removal of content (partial or complete)

Solutions and Suggestions

 * Extension:AbuseFilter: A great extension that monitors behaviors on the wiki and is very customizable. Different kinds of rules can be created. To see examples of filters and the work they do, see Wikipedia's filter rules. Filters can also be configured not to be visible to the public.
 * RevisionDelete: This can be used to hide certain parts of a revision
 * Extension:ConfirmEdit: Although Captchas are more helpful for spam, they're also helpful somewhat in dealing with vandalism in that the vandal may have to fill captchas for creating accounts, putting in links and so on although some of this also inconveniences the genuine user so captchas should be used and configured thoughtfully.
 * Extension:Title Blacklist: this helps against bad titles of pages and bad usernames
 * Extension:Bad Behavior: see if this may help too, although it is probably better to use AbuseFilter instead, as it has more features
 * Enable Rollback permissions by adding the following to your LocalSettings.php and give the Rollback rights in User Rights Management to trusted users so they can revert vandalism easier when it happens:

Points to remember

 * One-time vandalism (or spam) from an IP address deserves only a temporary block (1 month or a 1 week etc) unless there's recurrent vandalism/spam from an IP address that is static
 * Configure your protection systems such that they should not significantly inconvenience the average user