lcrocker(a)nupedia.com wrote:
What I do fear
is some script kiddy with a couple dozen rotating
proxies and a ship-load of bots flooding the database with junk and
overwriting 20 articles a minute. A panic button to lock-down the
site would then be nice (Sorry, I can't protect pages fast enough).
Then that would give a sysop the time needed to block all the IPs
of the vandal. But again, I don't think we are at that point yet.
I actually do already have a "lock the database" button available
to developers; maybe I should make that available to sysops as well
(as long as "unlock" is as well, of course)?
I also need to start thinking about some back-end stuff like the cron
job for making more frequent backups.
Whilst I was filling the database up with crud, I noticed that it still
took days and days to reach 100,000 articles, even running several
submit processes in parallel. Providing that sysops have powerful tools
ready for rolling back changes, they will have plenty of time to react.
I agree that hard security leads to an arms race. But leaving the
Wikipedia as a "soft target" with apparently magical self-healing
properties should make the experience no fun for script kiddies:
* they see that "vandalism" is easy, and no challenge
* they should also see (eventually) that it is futile
Neil