There's recently been a spate of extensive vandalism to high-use transcluded templates - the other night I dealt with dozens of OTRS complaints which could be traced back to someone (or multiple someones) vandalising {{cquote}}, {{otheruses}} & {{taxobox}} in the same manner. I've seen this form of vandalism before ({{bio-stub}} is the one I recall...), but rarely to the same extent - any particular vandal incident is rare if it generates two or three seperate complaint emails, and there were bucketfuls here.
I've seen protection for high-profile templates like this mentioned before, but never implemented; after I mentioned these attacks on WP:AN, someone protected all three. Is anyone capable of coming up with a list of all individual templates transcluded on, say, more than a couple of hundred pages? Even if we don't *protect* these (I strongly suggest we do - they mostly shouldn't be edited without a good reason, much like the MediaWiki messages), having a few dozen admins watchlisting them would be helpful.
Andrew Gray wrote:
There's recently been a spate of extensive vandalism to high-use transcluded templates - the other night I dealt with dozens of OTRS complaints which could be traced back to someone (or multiple someones) vandalising {{cquote}}, {{otheruses}} & {{taxobox}} in the same manner. I've seen this form of vandalism before ({{bio-stub}} is the one I recall...), but rarely to the same extent - any particular vandal incident is rare if it generates two or three seperate complaint emails, and there were bucketfuls here.
This is to be expected when there is excessive dependance on templates. :-)
Ec
On Sep 7, 2006, at 3:28 PM, Ray Saintonge wrote:
someones) vandalising {{cquote}}, {{otheruses}} & {{taxobox}} in the same manner. I've seen this form of vandalism before ({{bio-stub}} is
I checked these templates and I see that there are many eyeballs on these and little or not vandalism.
-- Jossi
On 07/09/06, Jossi Fresco jossifresco@mac.com wrote:
On Sep 7, 2006, at 3:28 PM, Ray Saintonge wrote:
someones) vandalising {{cquote}}, {{otheruses}} & {{taxobox}} in the same manner. I've seen this form of vandalism before ({{bio-stub}} is
I checked these templates and I see that there are many eyeballs on these and little or not vandalism.
The problem is, a little vandalism can be disproportionately effective. Let's invent the metric of "vandalised minutes" - if I spam pictures of penises across the daily featured article, and it's reverted in a minute, I've made one article-minute of vandalism. If I do it to another article, it's not caught for five minutes... five article-minutes.
If I do it to {{NPOV}}, which is in use on three thousand pages, then being reverted after one minute means a net result of something like two article-*days*, not minutes, when you account for all affected pages. (This includes the effect being seen on protected/semiprotected pages, and I half suspect this is one of the reasons things like {{taxobox}} were being hit)
Simply being able to clean these up quickly is fine for normal pages, but substantially less fine for things like this.
On 9/8/06, Andrew Gray shimgray@gmail.com wrote:
I've seen protection for high-profile templates like this mentioned before, but never implemented; after I mentioned these attacks on WP:AN, someone protected all three. Is anyone capable of coming up with a list of all individual templates transcluded on, say, more than a couple of hundred pages? Even if we don't *protect* these (I strongly suggest we do - they mostly shouldn't be edited without a good reason, much like the MediaWiki messages), having a few dozen admins watchlisting them would be helpful.
See [[WP:HRT]] (1). I put together some stats on high volume templates when I first drafted that page (2), but they're wildly out of date by now. Hopefully when the toolserver is working properly again for en, we'll be able to update those statistics.
-- (1) http://en.wikipedia.org/wiki/Wikipedia:High-risk_templates (2) http://en.wikipedia.org/wiki/Wikipedia:List_of_templates_by_usage
I personally think that any template transcluded 80-100+ times or transcluded in 10+ feature articles / wikipedia space pages, or even transcluded in two policy pages (disclaimers etc.) should be semi protected, and really widely used templates that are vandalised despite semi protection should be fully protected.
On 9/8/06, Stephen Bain stephen.bain@gmail.com wrote:
On 9/8/06, Andrew Gray shimgray@gmail.com wrote:
I've seen protection for high-profile templates like this mentioned before, but never implemented; after I mentioned these attacks on WP:AN, someone protected all three. Is anyone capable of coming up with a list of all individual templates transcluded on, say, more than a couple of hundred pages? Even if we don't *protect* these (I strongly suggest we do - they mostly shouldn't be edited without a good reason, much like the MediaWiki messages), having a few dozen admins watchlisting them would be helpful.
See [[WP:HRT]] (1). I put together some stats on high volume templates when I first drafted that page (2), but they're wildly out of date by now. Hopefully when the toolserver is working properly again for en, we'll be able to update those statistics.
-- (1) http://en.wikipedia.org/wiki/Wikipedia:High-risk_templates (2) http://en.wikipedia.org/wiki/Wikipedia:List_of_templates_by_usage
-- Stephen Bain stephen.bain@gmail.com _______________________________________________ WikiEN-l mailing list WikiEN-l@Wikipedia.org To unsubscribe from this mailing list, visit: http://mail.wikipedia.org/mailman/listinfo/wikien-l
On 9/8/06, Akash Mehta draicone@gmail.com wrote:
I personally think that any template transcluded 80-100+ times or transcluded in 10+ feature articles / wikipedia space pages, or even transcluded in two policy pages (disclaimers etc.) should be semi protected, and really widely used templates that are vandalised despite semi protection should be fully protected.
I agree, if not fully protected at least semi-protected.
-Andrew (User:Fuzheado)
Well, semi protection ensures that good users who aren't yet sysops can edit a template when they need to. We have a whole lot more than 1000 trusted editors who regularly edit templates.
On 9/8/06, Andrew Lih andrew.lih@gmail.com wrote:
On 9/8/06, Akash Mehta draicone@gmail.com wrote:
I personally think that any template transcluded 80-100+ times or transcluded in 10+ feature articles / wikipedia space pages, or even transcluded in two policy pages (disclaimers etc.) should be semi protected, and really widely used templates that are vandalised despite semi protection should be fully protected.
I agree, if not fully protected at least semi-protected.
-Andrew (User:Fuzheado) _______________________________________________ WikiEN-l mailing list WikiEN-l@Wikipedia.org To unsubscribe from this mailing list, visit: http://mail.wikipedia.org/mailman/listinfo/wikien-l
Right, but it doesn't protect against vandals who registered, didn't edit for 4 days and the vandalized. If they're vandalizing templates, they're not just people who come to Wikipedia and say "wow, i can delete this entire page lol!" - they're vandals who've been doing it for a while and are familiar with Wikipedia, so they probably know how to get around semi-protection.
On 9/8/06, Akash Mehta draicone@gmail.com wrote:
Well, semi protection ensures that good users who aren't yet sysops can edit a template when they need to. We have a whole lot more than 1000 trusted editors who regularly edit templates.
On 9/8/06, Andrew Lih andrew.lih@gmail.com wrote:
On 9/8/06, Akash Mehta draicone@gmail.com wrote:
I personally think that any template transcluded 80-100+ times or transcluded in 10+ feature articles / wikipedia space pages, or even transcluded in two policy pages (disclaimers etc.) should be semi protected, and really widely used templates that are vandalised despite semi protection should be fully protected.
I agree, if not fully protected at least semi-protected.
-Andrew (User:Fuzheado) _______________________________________________ WikiEN-l mailing list WikiEN-l@Wikipedia.org To unsubscribe from this mailing list, visit: http://mail.wikipedia.org/mailman/listinfo/wikien-l
WikiEN-l mailing list WikiEN-l@Wikipedia.org To unsubscribe from this mailing list, visit: http://mail.wikipedia.org/mailman/listinfo/wikien-l
Some day we'll need to come up with a comprehensive list of all those working on CVU / RC patrol and together switch all the policies so that vandals no longer know the location of AIV :) I remember when someone put hundreds of instances of the nazi symbol on an article and it took half an hour till somebody figured out how to use the index.php?target=...&action=edit format to get rid of it, and after various accounts vandalised with the same vandalism, yet another sockpuppet applied for the page to be semi protected and succeeded!
On 9/9/06, Rory Stolzenberg rory096@gmail.com wrote:
Right, but it doesn't protect against vandals who registered, didn't edit for 4 days and the vandalized. If they're vandalizing templates, they're not just people who come to Wikipedia and say "wow, i can delete this entire page lol!" - they're vandals who've been doing it for a while and are familiar with Wikipedia, so they probably know how to get around semi-protection.
On 9/8/06, Akash Mehta draicone@gmail.com wrote:
Well, semi protection ensures that good users who aren't yet sysops can edit a template when they need to. We have a whole lot more than 1000 trusted editors who regularly edit templates.
On 9/8/06, Andrew Lih andrew.lih@gmail.com wrote:
On 9/8/06, Akash Mehta draicone@gmail.com wrote:
I personally think that any template transcluded 80-100+ times or transcluded in 10+ feature articles / wikipedia space pages, or even transcluded in two policy pages (disclaimers etc.) should be semi protected, and really widely used templates that are vandalised despite semi protection should be fully protected.
I agree, if not fully protected at least semi-protected.
-Andrew (User:Fuzheado) _______________________________________________ WikiEN-l mailing list WikiEN-l@Wikipedia.org To unsubscribe from this mailing list, visit: http://mail.wikipedia.org/mailman/listinfo/wikien-l
WikiEN-l mailing list WikiEN-l@Wikipedia.org To unsubscribe from this mailing list, visit: http://mail.wikipedia.org/mailman/listinfo/wikien-l
WikiEN-l mailing list WikiEN-l@Wikipedia.org To unsubscribe from this mailing list, visit: http://mail.wikipedia.org/mailman/listinfo/wikien-l
On 9/9/06, Akash Mehta draicone@gmail.com wrote:
Some day we'll need to come up with a comprehensive list of all those working on CVU / RC patrol and together switch all the policies so that vandals no longer know the location of AIV :) I remember when someone put hundreds of instances of the nazi symbol on an article and it took half an hour till somebody figured out how to use the index.php?target=...&action=edit format to get rid of it, and after various accounts vandalised with the same vandalism, yet another sockpuppet applied for the page to be semi protected and succeeded!
Incidentally, the other way of reversing this is for a sysop to use the "rollback" button from the user's contributions list.
G'day Akash,
[Please don't top-post]
Some day we'll need to come up with a comprehensive list of all those working on CVU / RC patrol and together switch all the policies so that vandals no longer know the location of AIV :) I remember when
CVU is not as important as it thinks it is, nor is it as successful[0] as it ought to have been. The emphasis some people place on CVU, as if it's all there is to vandalism cleanup efforts, is irksome.
someone put hundreds of instances of the nazi symbol on an article and it took half an hour till somebody figured out how to use the index.php?target=...&action=edit format to get rid of it, and after various accounts vandalised with the same vandalism, yet another sockpuppet applied for the page to be semi protected and succeeded!
I think posts like this one, considering both your suggestion at top (however tongue-in-check you intended it) and the story you relate here show just why CVU, if it must exist at all, needs a swift kick in the butt.
[0] Depending on how you define it. If you don't care about newbies bitten, games of Chinese Whispers enjoyed, Cluey people pissed off, etc., CVU is wonderful.
On 9/9/06, Mark Gallagher m.g.gallagher@student.canberra.edu.au wrote:
I think posts like this one, considering both your suggestion at top (however tongue-in-check you intended it) and the story you relate here show just why CVU, if it must exist at all, needs a swift kick in the butt.
huh?
[0] Depending on how you define it. If you don't care about newbies bitten, games of Chinese Whispers enjoyed, Cluey people pissed off, etc., CVU is wonderful.
On the other hand the CVU is one of the more welcomeing communities for newbies and I suspect at least some of those complaining about newbie being bitten are mearly anoyed that they didn't get thier first.
Finaly truely cluey people don't get pissed off.
Well...
CVU is not as important as it thinks it is, nor is it as successful[0] as it ought to have been. The emphasis some people place on CVU, as if it's all there is to vandalism cleanup efforts, is irksome.
Its important to note that CVU encourages people to join the effort, although it is pointless beyond that. Most people who do a lot of vandalism reversion do so using tools they find at CVU etc.
I think posts like this one, considering both your suggestion at top (however tongue-in-check you intended it) and the story you relate here show just why CVU, if it must exist at all, needs a swift kick in the butt.
If you mean reforming the whole CVU thing, what did you have in mind?
Rory Stolzenberg wrote:
Right, but it doesn't protect against vandals who registered, didn't edit for 4 days and the vandalized. If they're vandalizing templates, they're not just people who come to Wikipedia and say "wow, i can delete this entire page lol!" - they're vandals who've been doing it for a while and are familiar with Wikipedia, so they probably know how to get around semi-protection.
I know you people have heard it all before from me (though not necessarily in this forum), but that's a compelling argument for greater obscurity with regards to the "auto-confirmed" status of registered user accounts, instead of this time-based system that's bloody fuck easy to circumvent.
Four days is a joke. ANY fixed duration of time is a joke once somebody figures it out.
Don't know if anybody remembers the "piss christ" vandal (in fact, [[WP:DENY|policy will soon tell us]] that we aren't supposed to), but this guy would typically launch an attack on each daily featured article shortly after 00:00 (UTC). Not sure what happened to him, maybe he got a job at a museum or something, but after a couple history pages full of vandal edits, rollbacks, and no other activiity, somebody finally decides to be the bad guy and semi-protect the page.
Fair enough, right, everybody knows Splash (bless his heart) will be along shortly to make sure we're not ruining anybody's fun. I mean, people have lawns to mow and cars to wax, we can't ethically make them wait around 15-30 minutes for the golden padlock to go away. Of course not, that would be cruel and unusual, so it gets unprotected, and then it's business as usual, ad nauseum.
But seriously folks, what do you do in a situation like this? Well, first you create a damn good diversion of some sort, then, once you're confident that the eyes of scrutiny are facing away from the protection log, you lock the page again, because the situation there is reaching a pathological state, the level which mother slashdot herself could never be blamed for.
And all the sudden your stomach turns and you're overcome by the same shit-out-of-luck feeling you had back in April (you know, that time when your brake pedal felt like a wet sponge) and you realize you're dealing you're dealing with one hardcore motherscratcher here, he's got some four dozen additional accounts to post from, fully matured ones, probably leftovers from [[Cool (song)]]'s heyday.
So then you upgrade to full protection and wonder why nobody did that from the get-go. You walk away from this experience, I don't know, maybe ten percent more cynical than you were the day before. Well, half of your buddies pat you on the back, but the others just tell you your too lazy to revert shit, to say nothing of the cheap shots: "You never assume good faith!"
Now, that's not necessarily bad thing, mind you, especially if you happen to work in retail. But, then, your nametag doesn't say "Helen Keller" either, presumably.
--f.o.n.
Andrew Gray wrote:
There's recently been a spate of extensive vandalism to high-use transcluded templates - the other night I dealt with dozens of OTRS complaints which could be traced back to someone (or multiple someones) vandalising {{cquote}}, {{otheruses}} & {{taxobox}} in the same manner. I've seen this form of vandalism before ({{bio-stub}} is the one I recall...), but rarely to the same extent - any particular vandal incident is rare if it generates two or three seperate complaint emails, and there were bucketfuls here.
I've seen protection for high-profile templates like this mentioned before, but never implemented;
This is not true. We have protection for several high use templates ([[template:cite web]] for example). And I was quite closely watching a couple of them. But it was sometimes difficult to convince admins to protect some stuff.
I sent several emails to admins in the past to protect such templates with varying success. After all, I can't deposit a request on-wiki reading "hello, please protect template X, it is used on 20,000 pages" (vandals would thank me).
The other problem is that edit requests for templates are afterwards largely ignored by admins, because a lot of admins are writing featured articles and aren't that much interested in template hacking.
And template experts like AzaToth are opposed on RfA because they didn't write any featured article and do not have enough main space edits.
--Ligulem
On 08/09/06, Ligulem ligulem@pobox.com wrote:
I've seen protection for high-profile templates like this mentioned before, but never implemented;
This is not true. We have protection for several high use templates ([[template:cite web]] for example). And I was quite closely watching a couple of them. But it was sometimes difficult to convince admins to protect some stuff.
Sorry, I meant "implemented as a rule" rather than implemented at all - there's been ad hoc permanent or semipermanent protection here and there.
Andrew Gray wrote:
On 08/09/06, Ligulem ligulem@pobox.com wrote:
I've seen protection for high-profile templates like this mentioned before, but never implemented;
This is not true. We have protection for several high use templates ([[template:cite web]] for example). And I was quite closely watching a couple of them. But it was sometimes difficult to convince admins to protect some stuff.
Sorry, I meant "implemented as a rule" rather than implemented at all
- there's been ad hoc permanent or semipermanent protection here and
there.
http://en.wikipedia.org/wiki/Wikipedia:High-risk_templates
But we don't need a rule to do the right thing. A lot of people ignore rules anyway.
--Ligulem