The Main Page on en: was vandalized yesterday, when a penis image remained on the page for many minutes. It was vandalized again today -- a goatse image remained there for almost /20 minutes/.
Today it happened during a particularly slow time of the morning, around 14:35 UTC, perhaps in combination with other use of the site that slowed it down. It was noticed quickly, but it took a good 17 minutes for it to be successfully deleted once the problem had been announced on IRC, by the seemingly-omniscient Jimmy Wales.
While everyone was fretting over the site's slowness, a few problems presented themselves: * There was no one-click way to remove or delete an image * There was no packaged way to shut down all access to the site in an emergency * There was no packaged way to quickly redirect all visitors (to en:, say) to another site or page * There was no way to bring the site[s] to (or restart the site in) an 'emergency mode' that only allowed limited access (say, by logged-in users) ** Even had there been such a way, there were few (only 1-2) people with shell access who would have been able to run shell scripts, and it took an extra minute or two to get someone's attention. * There were a limited number of ways to reach the collection of devs to let them know there was an emergency.
This was not the worst emergency in the world, so the last point in particular was not as big a deal as it might have been.
=========== Possible solutions:
1) Documentation: write down a standard way to quickly block all incoming requests / take down a site in an emergency / put up in its place a try-back-soon message or redirection to a static snapshot (see 3)
2) Code: add an 'emergency mode' that redirects all visitors to a static read-only snapshot of the site taken once a day
2.1) Code: add a text-only mode that only produces text 2.2) Code: add a one-click (js widget?) option [maybe 2 clicks with some kind of pop-up confirmation that doesn't require rendering another whole WP-page] so that even when the site is very slow, evil images can be deleted in under 15 minutes 2.3) More Code: add a different 'emergency mode' that only allows a limited set of users [logged-in users? users on a specific list?] to use the site.
3) Code + Image Policy: add an IMAGE REVIEW step that imposes a time delay (or requires user approval) before an image can be displayed live on a page [until then the image could still be linked to via an html link]
4) Offer pagers <s>and implantable homing devices</s> to devs who are going to be in the vicinity of computers anyway and are willing to be on-call for certain parts of the day; something more reliable than the blinking of an IRC window. ============
1), 2), and 3) seem important to me. 2) also has useful implications for periods of deep sloth, and for taking things down to make changes. 3) addresses many problems we are having, not just on the main page.
Please comment or suggest implementations.
On Thursday 03 February 2005 18:17, Sj wrote:
Please comment or suggest implementations.
I suggest to implement stopwords in MW, so if someone tries to insert the words "GOATSE" or "POKER" in MW the edit is automatically disallowed, except if the user is a sysop.
-----BEGIN PGP SIGNED MESSAGE-----
Moin,
On Thursday 03 February 2005 17:39, NSK wrote:
On Thursday 03 February 2005 18:17, Sj wrote:
Please comment or suggest implementations.
I suggest to implement stopwords in MW, so if someone tries to insert the words "GOATSE" or "POKER" in MW the edit is automatically disallowed, except if the user is a sysop.
Unfortunately, this will probably as effective as spam-filtering:
G O A T S E G.O.A.T:S.EE P3ni5 OMGLOLUH/-\XORS
e.g. not at all. I even got a giant ASCII-art viocodin (is that even spelled that way?) spam last week. impossible to vilter oud iv u ged my meanink :)
Best wishes,
Tels
- -- Signed on Thu Feb 3 19:26:16 2005 with key 0x93B84C15. Visit my photo gallery at http://bloodgate.com/photos/ PGP key on http://bloodgate.com/tels.asc or per email.
Mediawiki graph-extension: http://bloodgate.com/perl/graph/
NSK wrote:
On Thursday 03 February 2005 18:17, Sj wrote:
Please comment or suggest implementations.
I suggest to implement stopwords in MW, so if someone tries to insert the words "GOATSE" or "POKER" in MW the edit is automatically disallowed, except if the user is a sysop.
Neither or those words were used in this attack.
Any words we add as stopwords will either give false positives or be easily avoided.
--sannse
Sj a écrit:
The Main Page on en: was vandalized yesterday, when a penis image remained on the page for many minutes. It was vandalized again today -- a goatse image remained there for almost /20 minutes/.
Today it happened during a particularly slow time of the morning, around 14:35 UTC, perhaps in combination with other use of the site that slowed it down. It was noticed quickly, but it took a good 17 minutes for it to be successfully deleted once the problem had been announced on IRC, by the seemingly-omniscient Jimmy Wales.
While everyone was fretting over the site's slowness, a few problems presented themselves:
I am perplex. Is not the main page protected ?
- There was no one-click way to remove or delete an image
Two clicks
- There was no packaged way to shut down all access to the site in an emergency
? Developers and stewards can do this anytime. Well, I never tried (suddenly wonder if I should not try to check if this feature is working)
- There was no packaged way to quickly redirect all visitors (to en:,
say) to another site or page
Even if that existed, I doubt it would be quicker than to freeze the site, which developer and steward can do. But, agreed.
- There was no way to bring the site[s] to (or restart the site in) an
'emergency mode' that only allowed limited access (say, by logged-in users)
Well, this would not remove the bad pictures to readers.
** Even had there been such a way, there were few (only 1-2) people with shell access who would have been able to run shell scripts, and it took an extra minute or two to get someone's attention.
- There were a limited number of ways to reach the collection of devs
to let them know there was an emergency.
This was not the worst emergency in the world, so the last point in particular was not as big a deal as it might have been.
Basically, something must truely escape me. How come an image cannot be deleted in less than 20 minutes ????
Any sysop can do this. 200 or 300 people on english wikipedia;
What am I missing here ???
=========== Possible solutions:
- Documentation: write down a standard way to quickly block all
incoming requests / take down a site in an emergency / put up in its place a try-back-soon message or redirection to a static snapshot (see 3)
I go try to block a site *immediately* I will choose a small one :-)
- Code: add an 'emergency mode' that redirects all visitors to a
static read-only snapshot of the site taken once a day
This is a good idea. I support this.
2.1) Code: add a text-only mode that only produces text 2.2) Code: add a one-click (js widget?) option [maybe 2 clicks with some kind of pop-up confirmation that doesn't require rendering another whole WP-page] so that even when the site is very slow, evil images can be deleted in under 15 minutes 2.3) More Code: add a different 'emergency mode' that only allows a limited set of users [logged-in users? users on a specific list?] to use the site.
- Code + Image Policy: add an IMAGE REVIEW step that imposes a time
delay (or requires user approval) before an image can be displayed live on a page [until then the image could still be linked to via an html link]
Not very wiki :-(
- Offer pagers <s>and implantable homing devices</s> to devs who are
going to be in the vicinity of computers anyway and are willing to be on-call for certain parts of the day; something more reliable than the blinking of an IRC window. ============
1), 2), and 3) seem important to me. 2) also has useful implications for periods of deep sloth, and for taking things down to make changes. 3) addresses many problems we are having, not just on the main page.
Please comment or suggest implementations.
Anthere wrote:
Sj a écrit:
The Main Page on en: was vandalized yesterday, when a penis image remained on the page for many minutes. It was vandalized again today -- a goatse image remained there for almost /20 minutes/.
Today it happened during a particularly slow time of the morning, around 14:35 UTC, perhaps in combination with other use of the site that slowed it down. It was noticed quickly, but it took a good 17 minutes for it to be successfully deleted once the problem had been announced on IRC, by the seemingly-omniscient Jimmy Wales.
While everyone was fretting over the site's slowness, a few problems presented themselves:
I am perplex. Is not the main page protected ?
The main page is - templates on the main page were not. This allowed all users to update sections such as "In the News", while still giving the appearance of a protected page to the casual viewer. Sadly, our regular vandals are not casual viewers, and too many know of this route to editing the page. the result was goatse multiple times over the whole main page (and recent changes - which is annoying, but less of a concern)
- There was no one-click way to remove or delete an image
Two clicks
Plus those needed to load the page containing the image, in order to get to the image page - and to load the image page itself. All of these were taking a great deal of time.
- There was no packaged way to shut down all access to the site in an
emergency
? Developers and stewards can do this anytime. Well, I never tried (suddenly wonder if I should not try to check if this feature is working)
That might have helped - depending on how it worked, but the time issue is there again, if this happens at a time when the needed people happen to be off-line.
- There was no way to bring the site[s] to (or restart the site in) an
'emergency mode' that only allowed limited access (say, by logged-in users)
Well, this would not remove the bad pictures to readers.
The thought here was that it might speed the site enough for those people to get to the images to delete it. From what's been said, I don't think it would have helped in this case anyway.
** Even had there been such a way, there were few (only 1-2) people with shell access who would have been able to run shell scripts, and it took an extra minute or two to get someone's attention.
- There were a limited number of ways to reach the collection of devs
to let them know there was an emergency.
This was not the worst emergency in the world, so the last point in particular was not as big a deal as it might have been.
This was a pretty big deal in my eyes - this was goatse spread all over our most public face. It was offensively bad, and viewed by enough people for us to receive several complaints (including one from a teacher who was showing Wikipedia to her class).
Basically, something must truely escape me. How come an image cannot be deleted in less than 20 minutes ????
Any sysop can do this. 200 or 300 people on english wikipedia;
What am I missing here ???
There was a severe site slow down at the time - this was unrelated, but meant that we just couldn't load the necessary pages to fix the problem. This would also have reduced the number of people who viewed the images, but didn't prevent all access (except, it seemed, to those of us trying to fix the damn thing.)
The current result is that all templates used on the main page are protected. This isn't ideal, but IMO very necessary until there are other solutions available.
--sannse
sannse wrote:
Anthere wrote:
Sj a écrit:
The Main Page on en: was vandalized yesterday, when a penis image remained on the page for many minutes. It was vandalized again today -- a goatse image remained there for almost /20 minutes/.
Today it happened during a particularly slow time of the morning, around 14:35 UTC, perhaps in combination with other use of the site that slowed it down. It was noticed quickly, but it took a good 17 minutes for it to be successfully deleted once the problem had been announced on IRC, by the seemingly-omniscient Jimmy Wales.
While everyone was fretting over the site's slowness, a few problems presented themselves:
I am perplex. Is not the main page protected ?
The main page is - templates on the main page were not. This allowed all users to update sections such as "In the News", while still giving the appearance of a protected page to the casual viewer. Sadly, our regular vandals are not casual viewers, and too many know of this route to editing the page. the result was goatse multiple times over the whole main page (and recent changes - which is annoying, but less of a concern)
- There was no one-click way to remove or delete an image
Two clicks
Plus those needed to load the page containing the image, in order to get to the image page - and to load the image page itself. All of these were taking a great deal of time.
- There was no packaged way to shut down all access to the site in
an emergency
? Developers and stewards can do this anytime. Well, I never tried (suddenly wonder if I should not try to check if this feature is working)
That might have helped - depending on how it worked, but the time issue is there again, if this happens at a time when the needed people happen to be off-line.
- There was no way to bring the site[s] to (or restart the site in) an
'emergency mode' that only allowed limited access (say, by logged-in users)
Well, this would not remove the bad pictures to readers.
The thought here was that it might speed the site enough for those people to get to the images to delete it. From what's been said, I don't think it would have helped in this case anyway.
** Even had there been such a way, there were few (only 1-2) people with shell access who would have been able to run shell scripts, and it took an extra minute or two to get someone's attention.
- There were a limited number of ways to reach the collection of devs
to let them know there was an emergency.
This was not the worst emergency in the world, so the last point in particular was not as big a deal as it might have been.
This was a pretty big deal in my eyes - this was goatse spread all over our most public face. It was offensively bad, and viewed by enough people for us to receive several complaints (including one from a teacher who was showing Wikipedia to her class).
Basically, something must truely escape me. How come an image cannot be deleted in less than 20 minutes ????
Any sysop can do this. 200 or 300 people on english wikipedia;
What am I missing here ???
There was a severe site slow down at the time - this was unrelated, but meant that we just couldn't load the necessary pages to fix the problem. This would also have reduced the number of people who viewed the images, but didn't prevent all access (except, it seemed, to those of us trying to fix the damn thing.)
The current result is that all templates used on the main page are protected. This isn't ideal, but IMO very necessary until there are other solutions available.
--sannse
Hoi, Why do we not go to the police because of this vandalism. The argument that there is no financial harm done is wrong. It does hurt our public image. It makes for the developers changing the login methodology and it does break our legitimate bots. It really hurts and it really costs.
Do not forget that we ARE a top hundred website in English and the vandalism done has impacted in a non-trivial manner.
Thanks, A really angry GerardM
On Sat, 05 Feb 2005 09:55:52 +0100, Anthere anthere9@yahoo.com wrote:
- There was no packaged way to shut down all access to the site in an emergency
Developers and stewards can do this anytime. Well, I never tried (suddenly wonder if I should not try to check if this feature is working)
If you mean by using [[Special:Lockdb]], then this is no longer available to stewards on all wikis. It will only work on wikis with very few articles, supposedly as a safety measure to prevent stewards locking non-inactive wikis. For example, it works on aawiki, but not on toki pona (which had 239 articles).
It wouldn't have been suitable in the case of unreverted vandalism anyway, since it locks the site to editing, not viewing. As far as I know, stewards have no way to prevent actual access to the wikis.
Angela.
Angela a écrit:
On Sat, 05 Feb 2005 09:55:52 +0100, Anthere anthere9@yahoo.com wrote:
- There was no packaged way to shut down all access to the site in an emergency
Developers and stewards can do this anytime. Well, I never tried (suddenly wonder if I should not try to check if this feature is working)
If you mean by using [[Special:Lockdb]], then this is no longer available to stewards on all wikis. It will only work on wikis with very few articles, supposedly as a safety measure to prevent stewards locking non-inactive wikis. For example, it works on aawiki, but not on toki pona (which had 239 articles).
Good
Note that if I mentionned it, it was essentially because I was curious of whether that worked or not. I asked on #mediawiki and no one answered me this.
Sj wrote:
The Main Page on en: was vandalized yesterday, when a penis image remained on the page for many minutes. It was vandalized again today -- a goatse image remained there for almost /20 minutes/.
[cut]
Please comment or suggest implementations.
I discovered that non-syspos can not edit a page in the MediaWiki-namespace anymore.
If anonymous can not edit anymore the template-namespace the change of abuse will be reduced.
Walter
wikitech-l@lists.wikimedia.org