Hello,
in the last two days the chinese wiki is under massive attack. The attacker uses a bot and various IP-adresses. We have problem to block all the adresses and we are at the moment also short on person to remove all the devastations. At the moment the attacker creates lots of new articles with the following content: (???????????????????????????????????) DeleteMeShizhao
Can someone help?
Sorry this is really an emergency. Thanks.
Ting
Ting Chen wrote:
Hello,
in the last two days the chinese wiki is under massive attack. The attacker uses a bot and various IP-adresses. We have problem to block all the adresses and we are at the moment also short on person to remove all the devastations. At the moment the attacker creates lots of new articles with the following content: (???????????????????????????????????) DeleteMeShizhao
Can someone help?
Sorry this is really an emergency. Thanks.
I wanted to express my sincere apologies for not responding to this attack. I saw a message on the village pump but it was inspecific and I was busy, so I ignored it.
I wrote [[m:Vandalbot]] back in February, and promoted it on en, in the hopes that people would read it, and know what to do in this situation. Unfortunately the page hasn't been promoted on the non-English wikis as much as it should have been. I'll also update it in response to this latest attack. Here's the URL for convenience:
http://meta.wikipedia.org/wiki/Vandalbot
It's very important that all sysops read this page carefully. It's like first aid or fire response, you'll never think to read the manual when you're in the middle of dealing with an attack.
The important thing is that you MUST CONTACT A DEVELOPER, when a large scale attack is launched. This doesn't mean standing in the middle of nowhere and calling "developer!!" into the wind, you need to get their attention. You should probably contact a developer who will be willing and able to respond. Your best bet would probably be me. I'll update the vandalbot page on methods of contacting a developer.
BE SPECIFIC. Quote numbers. Wikipedia is attacked by bots constantly. "Someone is vandalising zh" won't get anyone's attention. A better report would be:
"Someone is creating 1 page per second and has been doing so for the past day, and we can't block them because they are using many different IP addresses. 3000 pages have been created."
What you have to understand is that it's much easier for me to delete 3000 pages than it is for you to do it. I'm very sorry I didn't do so. In the future I'll watch the reports more closely.
-- Tim Starling
Tim Starling wrote:
The important thing is that you MUST CONTACT A DEVELOPER, when a large scale attack is launched. This doesn't mean standing in the middle of nowhere and calling "developer!!" into the wind, you need to get their attention. You should probably contact a developer who will be willing and able to respond. Your best bet would probably be me. I'll update the vandalbot page on methods of contacting a developer.
I am willing to give my personal cellphone number to all overseas (overseas from me, I mean) sysops, to be used only in emergencies. Of course, for me to understand what's gong on, you have to be able to speak English at least a little bit. My phone is on almost 24x7.
Then, I could either do something myself or try to find a developer more useful than I am.
--Jimbo
From: "Tim Starling"
I wanted to express my sincere apologies for not responding to this attack. I saw a message on the village pump but it was inspecific and I was busy, so I ignored it.
I wrote [[m:Vandalbot]] back in February, and promoted it on en, in the hopes that people would read it, and know what to do in this situation. Unfortunately the page hasn't been promoted on the non-English wikis as much as it should have been. I'll also update it in response to this latest attack. Here's the URL for convenience:
......
What you have to understand is that it's much easier for me to delete 3000 pages than it is for you to do it. I'm very sorry I didn't do so. In the future I'll watch the reports more closely.
-- Tim Starling
Don't be so hard on yourself Tim, you can't be everywhere all the time!
Although I'm sure this hasn't been a pleasent experience for the Chinese Wikipedians we can draw some positives from it, there's technical discussions about proxy scanners (whatever they are) and increased awareness of the importance of pages like the above, which I'm sure will both lead to a better response in a few months time if a vandal attacks (say) the Portugese Wikipedia. I think we all need to remember that we are, in a way, conducting original research: given a few hundred projects over half a million pages in 50+ languages, what is the best response to concerted technical vandalism? Six months ago we could have guessed, now we can make informed guesses, perhaps in a year's time we'll have a pretty water tight solution.
Thanks for all the work you do Tim, your efforts are seriously appreciated and I'd find it hard to believe that anyone would want to lay any blame at your door for what's been happening over at zh.
Andrew (Ams80)
Andrew Smith wrote:
From: "Tim Starling"
I wrote [[m:Vandalbot]] back in February, and promoted it on en, in the hopes that people would read it, and know what to do in this situation. Unfortunately the page hasn't been promoted on the non-English wikis as much as it should have been. I'll also update it in response to this latest attack. Here's the URL for convenience:
That page still involves tracking down sombody who can help. It does advise readers to become familiar with the process, but human nature being what it is ....
What you have to understand is that it's much easier for me to delete 3000 pages than it is for you to do it. I'm very sorry I didn't do so. In the future I'll watch the reports more closely.
What I would suggest is the idea of the developer (or steward) on duty. Whenever he logs in his name would appear listed in the side-bar, ready to be contacted in an emergency. (If he's nice maybe he'll even have the privilege of turning it off if he wants to work quietly. :-) )
Six months ago we could have guessed, now we can make informed guesses, perhaps in a year's time we'll have a pretty water tight solution.
Microsoft has no shortage of money to throw at this kind of problem, but the hackers still get through.
Ec
Ray Saintonge wrote:
What I would suggest is the idea of the developer (or steward) on duty. Whenever he logs in his name would appear listed in the side-bar, ready to be contacted in an emergency. (If he's nice maybe he'll even have the privilege of turning it off if he wants to work quietly. :-) )
The best way to get the immediate attention of the developers is via IRC. There's usually at least one of us in #wikimedia and/or #mediawiki on irc.freenode.net; between Europe (gwicke, shaihulud and others), the US (me) and Australia (Tim) a fair chunk of time is covered. Since we are total geeks, we're online a lot. ;)
(#wikipedia is more chatty, so we may be more likely to notice an undirected request for help in #mediawiki. Include someone's name when you say something to get their attention specifically.)
See: http://meta.wikipedia.org/wiki/IRC_channels
We do have an emergency anti-spam filter in the wiki which we can update to cut off spambots/vandalbots which post a common text over and over; I updated it immediately after reading the first message in this thread, but if we had heard about the attack when it started it would have saved an awful lot of deleting.
-- brion vibber (brion @ pobox.com)
wikipedia-l@lists.wikimedia.org