A MeatBall account of ZWiki's being SlashDotted (ZWiki:WikiVandalism, ZWiki:ShieldsUp).
Discussion moved from PeerPressure...
When a wiki gets SlashDotted, the wiki community rallies to protect it. ZWiki took the full brunt of Slashdot goons and "lost" temporarily, but after Simon put the ZWiki:ShieldsUp the community came together to discover the perpetrators. Sure enough, once a call to an ISP was made, apologies came flowing. Moreover, SoftSecurity like KeptPages would have allowed ZWiki to keep their shields down.
Now, I think IP blocking was useful in ZWiki's case. HardSecurity is necessary to break concerted attacks: you must MeetForceWithForce. However, that does not mean that SoftSecurity is a bust. Both hard and soft can work together, but hard should only be used in exceptional circumstances. This is true in normal society. One would not want the police or--even worse--the military to be hauled out at every turn. -- SunirShah
By the way, just to show the difference of scale, Slashdot receives 500 000 - 1 000 000 hits per day. MeatballWiki receives around 1 000. I don't have stats on ZWiki.
Ah, The trolls hit SeattleWireless and did a variety of ugly things including inlining their favorite nasty picture. Pages were restored quickly by our own regular users and slashdot users that were a bit more mature. I did drop the route of an extremely persistant troll, but avoided making the site read only or putting filters into the code as it goes against the nature of a wiki and ups the 'fun level' for script kiddies (I dont feel like being ping flooded either).
This is not our first slashdotting, but has definitely been one of the more annoying. They usually dont figure out image tags that quick ;) I doubt we will do anything programatically to increase site security as these things generally stop after a couple of days. It would be nice to have an easier recovery method in the diff list. Perhaps the newest version of MoinMoin solves that.
If you could restore an old version with one click (which would be about 10 lines of code), that'd open up a new and quite dangerous line of vandalism, because you'd not note on first sight that someone just eradicated several months of contribution. It has been a conscious decision to not add that particular click so far. If you want it, I'll add it as a config option.
true, true, It would also make it a lot easier to revert to the dumb version... I guess I dont really want that :) --MattWestervelt
I'm open to any ideas, personally I commit my wikis to CVS repositories as a means to quickly revert to a safe version. Another idea you can directly implement is creating a daily tarball via cron, of the "text" directory. -- jh
I do backups, but I'm averse to just untarring the whole thing as that's going to wipe out any new good content that may have occurred at the same time as the bad content. No matter what I think of the high noise level of slashdot, we do owe a fair amount of our project's status / volunteerbase to the few that provide signal. It's probably best if I just stay out of the whole thing really :) --MattWestervelt
Does MoinMoin have a VersionHistory system like KeptPages? I can't find anything like that. It doesn't even seem to have an EditCopy. Sure, malicious users can revert to bad versions just as easily as you can but a) don't make it worth their time by taking it like the joke that it is(your SeattleWireless:NoticeToScriptKiddies isn't helping); b) there are more good users than bad. -- SunirShah
January 22, 2003: WikiPedia is slashdotted again, on the occasion of its 100K articles press release. http://slashdot.org/articles/03/01/22/0258226.shtml?tid=149
Particularly good comment from Brion, in response to criticism of a specific error in an article:
Perhaps us Wikiers forget the LearningCurve? we had to climb when we first discovered Wiki. Then again, it wasn't rocket science ;)