[Wikipedia-l] vandalism spree

[Matthew Woodcraft]

On Mon, Nov 18, 2002 at 11:12:34PM -0800, Toby Bartels wrote:

[On Saturday]

> While I was sleeping (around 12:00 UCT), a vandal arrived,
> using bots (apparently) to splatter goatse across Wikipedia.

I'm not sure it really was using a bot, despite its claims. If it had
been, it could have vandalised many more pages.


> The problem, of course, is that we're blocking an innocent user
> when it's not at all clear that we're even blocking the vandal.
>
> * Block more intelligently:
> 
> ** Let admins see the IP of signed in users.
>    Then we can at least know for sure who to block.
> 
> ** Let admins whitelist a user name known to use a dynamic IP.
>    (This can always be undone later if abused.)
> 
> ** Allow admins to see all contributions from a given IP,
>    whether or not they were made anonymously.
>    This will allow us to check for multiple users
>    and give us the opportunity to create the above whitelist
>    at the same time that we block the vandal.

These are surely good plans. Note that if we're willing to do the work
to classify IPs, we can ban on the 'Client-ip' and 'X-forwarded-for'
headers instead of the real IPs, for known shared proxies. This doesn't
help the case where an innocent user ends up reusing the actual client
IP address of a vandal (either because the address was reallocated, or
just because they used the same public computer), but it would do
something to mitigate problems with shared proxies.


But in the long run, nothing based on ip-banning would be able to stop
a sufficiently determined vandal. Neither would relying on registered
accounts. At present, stealing someone else's account would be quite
easy. This doesn't matter, as there's little currently little incentive
to do so. If we relied more strongly on authenticated accounts, that
could change.


I think techniques for automatically slowing down bots would be the
most valuable place to concentrate our efforts.

-M-