Wiki vandalism: the firefight
This is certainly an interesting way to be greeted when you sign on to IRC...
<cjl> any wiki sysops around?
<cjl> wiki.l.o is under massive vandalism attack and has been for several days
<mchua_> cjl: I'm about.
<mchua_> cjl: What's up?
<cjl> look at recent edits, I'm in rollback hell
* mchua_ takes out the well-polished double-barreled shotgun (I've been noticing some IP spam over the last few days...)
We have been hit by a flood of vandalism on the OLPC wiki that started at 15:19 on 2008-12-17. The vandalism is consistent, done only by not-logged-in users, and continuing (approx. once every half-hour, often more frequently) and seems like the work of a bot; it comes from different IP addresses and usually includes the text "(FIELD_OTHER)" (no quotes) in the spam edit, though it sometimes includes single words of gibberish, as in here: (The FIELD_OTHER and gibberish edits come from the same IP addresses, and those IP addresses have nothing except vandalizing edits.)
Sysop Chris Leonard (cjl) first spotted the vandalism and began to fight it tonight, reverting vandalized pages en masse; Joachim Pedersen (joachimp) soon joined in on the effort to identify the rogue IP addresses, and Michael Stone (m_stone) looked for ways to stop the spamming at the source. #olpc logs starting from approximately 1:23am EST detail much of the conversation. I see SJ also joined in on the blocking action.
Two hours of constant reverts and blocks later, we think we've cleaned up the bulk of the spam, but wiki-gang should take another pass after the captcha is implemented, as well to make sure this type of thing won't happen (as easily) again. Thanks to Chris, Joachim, Michael, and SJ (and others who may have pitched in - let me know if I've missed you!) for their heroic late-night responses.
Short term solution: add a captcha for all edits and new page creations for users who are not logged in (i.e. IP users).
Long term solution: I'm at a loss for how to track this down further and stop it at the source. Ideas, thoughts?
Most of this was also posted to the wiki-gang list, and a ticket has been filed to the OLPC sysadmin queue asking for a captcha to be placed on anonymous edits until we can find a better solution.
(towards the end of the firefight)
<cjl> 02:26 in UTC-5
<mchua_> and I still have to write that 8.2.1 test plan, yay
<mchua_> well... at least I know I still love my work. :)