Manual talk:Combating vandalism

Latest comment: 5 years ago by Incnis Mrsi in topic Extension: Wikimedia blocks?

Just out of curiosity, how are they changing their IP so damn fast? So tiring.

http://highfedelity.com/index.php5?title=Special:Ipblocklist

Darrellx 21:43, 19 September 2011 (UTC)Reply

Oops, I havent checked this page in a long time. They use proxies. I suggest you do this. Set up Confirm Edit to show the captcha for every anonymous edit. Seeing what that bot is doing on your site, I can safely assume its some advertising bot and not a human, so the captcha will put a stop to that. A real human can use the captcha, they just have to or they can create a username and not have to enter it every time. If its a malicious human doing intentional vandalism, he'll still get around the captcha. The only option then is to disable editing and report the IP addresses if you can (not successful for proxies as there are so many), or install Flagged revisions. I'm still learning what that one is about but it has some nice features. --Choshi 02:40, 29 December 2011 (UTC)Reply

Creating a bot to revert spam edit

I'm trying to help the root site at the wiki farm at wiki-site.com, seeing as the admin there seems to have abandoned the main site. What I've been doing for some months is replace the spam pages with a redirect to creating their own wiki on the farm. This has worked well.

But recently a rash of advertising spam has over run the root site and I'm struggling to keep up - and the server is struggling as well as I have to change IP's every three to five edits. They appear to be bots that ignore instructions completely. The only real way this can be combated by me right now is with a bot of my own that reverts these spammers on sight. But I have no idea how to do this.

Can anyone help? TLPG HOME YACK 01:34, 16 May 2012 (UTC)Reply

Well, you can use Extension:ConfirmEdit and Extension:AbuseFilter to try to hinder them.--Jasper Deng (talk) 02:10, 16 May 2012 (UTC)Reply
No I can't because I'm not an admin, or even a sysop. There's no one with those powers dealing with this. TLPG HOME YACK 04:18, 16 May 2012 (UTC)Reply
Ugh, you'll have to contact your wiki's operator in order to get a bot. I'm sure it'll irk your wiki's operator(s) if you ran a bot without their permission.--Jasper Deng (talk) 04:39, 16 May 2012 (UTC)Reply
I doubt he'd even know, given that he's abandoned the site and is uncontactable. TLPG HOME YACK 05:26, 16 May 2012 (UTC)Reply
There's very little you can do without some form of administrative access.--Jasper Deng (talk) 19:24, 16 May 2012 (UTC)Reply
Surely there must be some sort of bot that anyone could run? TLPG HOME YACK 07:59, 17 May 2012 (UTC)Reply
I'd browse around this site for information on how to write one, because I personally don't know of any freely distributed bot that does this.--Jasper Deng (talk) 16:58, 17 May 2012 (UTC)Reply

removing spam contents edit

I would have expected that when I block the user, and identify it as spam that it doens't offer a way to remove associated content at the same time. And again when I go to the block of contributions. A simple way to delete it all without going to each page would make it a lot easier.

Extension:Nuke can do mass page deletions.Jasper Deng (talk) 17:08, 23 August 2012 (UTC)Reply


removing spam accounts and spam contents edit

Recently some KDE wikis got flooded by a possible botnet, so we needed to mass delete accounts and their spam pages. Thanks to another friendly KDE member i got an updated removeSpamAccountsAndPost.php, which can be put into maintenance:

<?php

/**
 * 
 * Remove user accounts and posts from the database
 *
 * @addtogroup Maintenance
 * @author Rex Tsai <chihchun@kalug.linux.org.tw>
 * Ported to newer mediawiki's by Sune Vuorela <sune@kde.org>
 */

$optionsWithArgs[] = 'delete';
require_once( 'commandLine.inc' );
/**
 * @addtogroup Maintenance
 */

function findEdits($id)
{
    global $fname;
    $dbo =& wfGetDB( DB_SLAVE );
    $ids = array();

    $res = $dbo->select( "revision", array('rev_page'), "rev_user = '$id' GROUP BY rev_page", $fname );
    while( $row = $dbo->fetchObject( $res ) ) {
	$ids[] = $row->rev_page;
    }
    $dbo->freeResult($res);
    return $ids;
}

function deleteUser ($olduserID) {

    $dbw =& wfGetDB( DB_SLAVE );
    $dbw->delete( 'user_groups', array( 'ug_user' => $olduserID ));
    $dbw->delete( 'user', array( 'user_id' => $olduserID ));

    $users = $dbw->selectField( 'user', 'COUNT(*)', array() );
    $dbw->update( 'site_stats', 
	    array( 'ss_users' => $users), 
	    array( 'ss_row_id' => 1 ) );
    return true;
}

/**
 * Show help for the maintenance script
 */
function showHelp() {
    echo( "USAGE: php removeSpamAccountsAndPost.php [--delete] email\n" );
}

if( isset($options['help'] ) ) {
    showHelp();
    exit();
}

# Do an initial scan for inactive accounts and report the result
$del = array();
$dbr = wfGetDB( DB_SLAVE );

if(isset($options['delete'])) {
    $match = $options['delete'];
} else {
    $match = $argv[0];
}

if(!isset($match))
{
    showHelp();
    exit;
}

$username = wfMsg( 'spambot_username' );
$fname = $username;
$wgUser = User::newFromName( $username );
// Create the user if necessary
if ( !$wgUser->getID() ) {
	$wgUser->addToDatabase();
}

$res = $dbr->select( 'user', array( 'user_id', 'user_name', 'user_email' ), 
	" user_email LIKE '$match' or user_name LIKE '$match'", 
	$fname );

while( $row = $dbr->fetchObject( $res ) ) {
    # Check the account, but ignore it if it's the primary administrator
    if( $row->user_id > 1) {
	$user = User::newFromId($row->user_id);
	$user->load();
	printf("%s,%s\n", $row->user_name, $row->user_email );

	// find all edited articles.
	$edits = findEdits($row->user_id);
	foreach($edits as $rid)
	{
	    // list all titles of edited articles.
	    $title = Title::newFromID( $rid );
	    $article = new Article($title);
	    $article->fetchContent(0);
	    if($article->exists())
	    {
		if ($article->mRevision->getUser(Revision::RAW) != $user->mId)
		{
		    continue;
		}

		if($article->mRevision->getPrevious() == null)
		{
		    // if the article is edited only once, delete the page.
		    if(isset($options['delete'])) {
			printf(" Deleting article %s\n", $article->mTitle->mPrefixedText);
			$article->doDeleteArticle("Spam");
		    } else {
			printf(" Found %s\n", $article->mTitle->mPrefixedText);
		    }
		} else {
		    // if the article has old revision, revert it to last version.
		    // check if he is the last editor
		    if($article->mRevision->getUser(Revision::RAW) == 0 || $article->mRevision->getUser(Revision::RAW) == $user->mId)
		    {
			while ($article->mRevision->getPrevious() != null)
			{
			    $revision = $article->mRevision->getPrevious();
			    $article->mRevision = $revision;
			    if($revision->getUser(Revision::RAW) != $user->mId) {

				$u = User::newFromId($revision->getUser(Revision::RAW));
				if($u->loadFromId() == true)
				{
				    // we found the old version.
				    if(isset($options['delete'])) {
					$summary = 
					    wfMsgForContent( 'revertpage', $revision->getUserText(), $user->mName );
					$flags = EDIT_UPDATE | EDIT_MINOR | EDIT_FORCE_BOT;

					$article->doEdit( $revision->getText(), $summary, $flags );
					printf(" Rollback %s by '%s'\n", $article->mTitle->mPrefixedText, $revision->getRawUserText());
				    } else {
					printf(" Found %s by '%s'\n", $article->mTitle->mPrefixedText, $revision->getRawUserText());
				    }
				    break;
				}
			    }
			}

			if($article->mRevision->getUser(Revision::RAW) == $user->mId)
			{
			    if(isset($options['delete'])) {
				printf(" Deleting article %s\n", $article->mTitle->mPrefixedText);
				$article->doDeleteArticle("Spam cleanup");
			    } else {
				printf(" Found %s\n", $article->mTitle->mPrefixedText);
			    }
			}
		    }
		}
	    }
	}

	if(isset($options['delete'])) {
	    printf(" Deleting acccount %s\n", $user->mName);
	    deleteUser($user->mId);
	}
    }
}

This can be invoked the usual way, like php maintenance/removeSpamAccountsAndPost.php --delete username. Now, to mass delete he also gave me a simple bash script:

#! /bin/sh
cat | sed -u 's/ *(.*//' | while read name ; do [ -z "$name" ] && exit 0 || echo "$name" | grep -q spam-rensning && continue ||  php removeSpamAccountsAndPost.php --delete "$name" ; done

It waits for username input, if found, takes the necessary steps and waits for the next name. So it is just a matter of dropping the names into the console. In certain cases you need to adjust the call to the php script, like providing the wiki name var.

Hope that helps someone else as well. --Neverendingo (talk) 19:12, 24 July 2013 (UTC)Reply

Banning images edit

How do I (1) prevent users from uploading specific images and (2) after they have uploaded images, delete all those images, if they are new versions of already-existing images? E.g., suppose a user uploads new versions of a bunch of different currently-existing images, updating them to the goatse picture. What's the quickest way to revert-and-delete that on multiple images, and keep them from uploading those images again? Will it be necessary to write a new extension to implement this? I don't want to rely on Extension:BlockandNuke because it seems like overkill to completely delete their non-image edits. Thanks. Leucosticte (talk) 07:54, 6 March 2014 (UTC)Reply

For specific images, I would try protecting the non-existing image page. That might prevent them from creating that page and maybe also from uploading the image...
For overwriting of existing images, there is the "reupload" user right, which you can take away or grant user groups as needed. --87.123.20.110 23:36, 7 April 2016 (UTC)Reply

How to mass hide vandal's contribs edit

The vandal make many contribs on many articles. How to hide all his contribs, i.e. mass change the visibility of all contribs of an IP or user? Tuanminh01 (talk) 02:03, 12 April 2017 (UTC)Reply

There are some extensions or scripts to make a mass-rollback. Or do you mean Help:RevisionDelete when you talk about "changing the visibility" and "hiding"? --Nemo 08:31, 24 April 2017 (UTC)Reply

Extension: Wikimedia blocks? edit

We know that Wikimedia stewards block a huge number of vandal IP ranges. Other wiki sites could potentially benefit from it as well. An extension is possible which checks IP at every action in a way similar to Extension:GlobalBlocking but, unlike that existing extension, it must check the IP against the database of Wikimedia (via API or some intermediary caching service). Did anybody work on something alike? Incnis Mrsi (talk) 11:52, 23 July 2018 (UTC)Reply

Return to "Combating vandalism" page.