Jimmy Wales wrote:
Tim Starling wrote:
Another much-requested feature is enhancement of the rollback function, especially to allow for page deletion. The bot created many pages, apparently by following red links. In my opinion, the ideal feature would be to allow the user to supply a list of IP addresses and usernames, and then to revert every edit from those users with a single click.
This sounds like a wonderful idea, but I see a big problem with it. If we had such a feature some sysops would be tempted to use it as punishment against some bad users. There's a certain amount of 'vigilantism' that I've grumpily tolerated because it's very minor and the people usually "deserve it" in some sense. But this would open a huge new can of worms.
You can't expect people to follow the rules when every violation is tolerated on the basis that it is in some sense justified. Sysops have invested a great deal of time and emotional capital in Wikipedia. Banning is not an effective punishment for trolls or vandals who will switch identites and start again without a second thought. Banning or demoting a sysop, on the other hand, is an effective punishment both emotionally and in terms of the extreme difficulty in resuming the original behaviour.
What I'm saying is that rules governing sysop behaviour can, in principle, be enforced. However, I'll admit that it's important that sysop actions be reversible.
Nicolas Weeger wrote:
What about something that'd require multiple sysop approval? Like, 5 sysops to check something & click to confirm?
Only one of the seven wikis attacked had more than 5 sysops before the attack. There were generally 1-3 foreign sysops working on cleaning up the mess.
Jimmy Wales wrote:
Here's one idea -- a switch to toggle a captcha. When a wiki is under a spambot attack, the captcha would be turned on. Some captchas aren't hard to defeat, but I doubt if the spammer is going to bother.
Unfortunately, I fear this will lead us down the path towards captchas on all wikis on all edits, which would be unpleasant.
Captchas could slow down the attack somewhat. Let's say he uses 10 IP addresses on 7 wikis. That means he would have to perform about 70 captchas. If each captcha takes 10 seconds, then it would require about 11 minutes of human time to perform the attack. Of course, he spent far longer than 11 minutes developing the bot, but it does put a practical limit on the scale and speed of the attack.
-- Tim Starling