Wiki Protection
Wiki runs on a SoftSecurity principle. The doors may be wide open, but everyone's watching you walk in. All changes are saved, so persistent damage is impossible. See also the Wiki FAQ.
Spotting Damage
Simply this: Keep an occasional eye on Recent Changes. Most Wiki regulars like to see what other people have been writing lately anyway.
Fixing Damage
If you notice that someone has damaged a page:
- Go to that page and click the "View other revisions" link.
- Find the most recent version of that page that is undamaged.
- Once you are viewing that version, click the "Edit" link.
- Save the page. This will replace the damaged version.
Site Lock
In the unlikely event of ongoing damage to the site, admins can lock the entire Wiki. Trusted contributers have the option to do a one-way emergency lock of the Wiki; the admins have to unlock the page after it has been emergency-locked. If you would like the ability to lock the site in case of emergency, email [tarquin].
- Enter the script URL in your browser address bar and load it.
- Notify [tarquin] or [Mychaeel] that you've locked the site.
- No edits will be possible until an admin unlocks the site.
Persistent Attacks
So far we've had just a few instances of people adding crud to the Wiki, pages have been reverted quickly and whoever it was hasn't tried again. If we get repeat attacks, notify [tarquin] or [Mychaeel], and the attacker's IP will be banned from making edits.
Experience tells that even the most persistent and notorious troublemakers in an online community (forum, user comment system, Wiki, whatever else) lose interest after a while; the sooner they realize that their actions are vain, the sooner they leave. Best is simply not to credit them with any more than the minimum required amount of attention and to quietly revert their mess.
Mychaeel: I remember one guy spamming old ModSquad's user comment system with useless crud to the point where it became unusable for everybody else. The problem there, though, was that the ModSquad administrators were extremely slow at cleaning up; that guy only went on with his vandalism because he (or she) saw that it had an actual, lasting effect.
EntropicLqd: One thing that might be worth considering is preventing a completely blank page from being saved. Pages that are to be deleted will always be tagged with a Delete Me tag and an explanation.
ZxAnPhOrIaN: Or with a drastic amount of characters deleted.
Mychaeel: Well... all such purely technical measures are bound to be limited in effectiveness. My recent edit of Offline Wiki was massive, yet legitimate. On the other hand it's very easy to mess up a page without deleting a huge amount of text or the entire page.
CH3Z: I was wondering if it would be possible to have the Wiki automatically allow saves but imediately restore any pages that were changed by a certain amount, or in a certain way. And somehow bring the change to someone's attention (maybe the Wiki could put a code in this summary. Then when someone clears say 40% or more of a page it would be approved by (or seconded by any other user than the the one who made the changes) and restored again to show the changes. That might be science fiction, or imossible, or not worth the effort to make the change to the the Wiki, it might be too big of an inconvenience all the way around. But it might lead other ideas so i present it anyway. be kind
CH3Z: and with Mych's last comment that might just say it all about my comment.
It might be best to just quickly and quietely restore behind the would be hackers. They will see there fine work dissapear and not get any validating response from anyone and get bored with doing it.
Mychaeel: I think the "smart firewall" we have here (being all the well-meaning Wikizens) is the best and most effective protection we could possibly have. Granted, it's a bit annoying when it has to be invoked, but then again it's our convenience that's at stake; I'd rather clean up manually after one or two wannabe haxx0rz once every couple of weeks than go through a ton of technical security measures every time I want to do anything on the Wiki. At least in average it is more effort to vandalize a Wiki page than to restore it, so it really doesn't pay off for the vandals.
~dUc0N: You'd have to be some wannabe to think attacking a wiki is cracking. Even bigger wannabe to think it's hacking
EntropicLqd: The above is pretty fair comment and I don't disagree with it - which is why my suggested change was so limited in scope. Just thought it might save other people a bit of work (since I always seem to miss these attacks). Special case coding sucks.
ZxAnPhOrIaN: Making those security measures is "Bushlike"
Mychaeel: "We must not live in fear, for if we do then the vandals have already won."
CH3Z: Amen.
ZxAnPhOrIaN: