Allow despamming a wiki fast.

Common use

1. Find spam in a wiki page
2. Select "Revert Editor Contributions" action
3. Inspect the list of contributions, modify time span if needed
4. Click "Revert All"

User interface

Revert Editor Contributions
-------------------------------------------------------------------------
These pages were last edited by <editor> in the last <timespan>. Click 
"Revert All" to remove all the revision by <editor>.

Show: [1] days
      help: show pages last edited by <editor> in last days.

Editor actions:
    [ ] Disable <editor> account
        help: <editor> will not be able to login
    [ ] Block editor ip [xxx.xxx.xxx.xxx] (edit to block whole subnet)
        help: Anyone from this ip will not be able to edit any page

[Revert All] [Cancel]
-------------------------------------------------------------------------
<list of pages in multiple columns>

1. A "Revert Editor Contributions" action will be added in the actions menu, accessible from any page view, diff etc.
2. Clicking will show a list of pages edited by the current editor in the last 24 hours.
3. A text field will let you extend the time span.
4. "Revert All" button will let you revert all those pages in one click
5. "Cancel" button will return to the previous page before
6. Pages edited by another editor, and can't be reverted will show in a second list.

Revert details

Pages that can be reverted (last editor is the spammer) will revert to the last revision before that editor, reverting multiple spam revision if needed.

• Before reverting, check again that nobody edited the page after the spammer.
• require "revert" acl right

Questions

• Is "revert" acl is enough for multiple revisions multiple pages?
• How do we avoid misuse? Just revert again?
  • Yes, all the reverts are done by the user so it is easy to just revert them again with the same action

Pages that can't be reverted

Any page edited by another editor after the spammer can't be reveted (easily). A list of those pages will show below the list of revertable pages. One will have to manually check and clean these pages if needed.

Editor additions

Some useful admin options:

• Remove or disable the editor account?
• Block access from the editor IP or arbitary IP or IP Range?
  • Specify time span forever/days/hours
• Maybe have edit history for any editor including visitors (by IP)?

Smart notification

Multiple revert might cause multiple notificatins sent to multiple editors. Maybe we can send one notification to each user subscribed to one of the reverted pages, instead of one notification for each page.

The message can be:

subject: [<Wiki>] Revert all <editor> contribution by <revertor>

All latests edits by <editor> in the last <days> days have been reverted by
<revertor>. 

<editor> was disabled and <editor> IP has been blocked for <block time> days.

Here are a list of reverted pages you subscribed:

<list of reverted pages the users is subscribed to>

I just got about 50 emails for the last vandal attack - first the vandal edits, then the reverts.

First implementation

UI notes: we already have timespan ui in RecentChanges. We should create a times selection widget, and reuse the code.

Despam.py - modified and added to moin 1.5 branch

• Untested! Use on your own risk!
• it needs you to be in cfg.superuser to use it
• UI still improvable

• may be use tickets as DeletePage does

• may be use pagename + revision insted of the Editor HTML representation to pass the spammer
• add links for extending/reducing the timespan (fixed to 24 hours right now)

Future Ideas

Allow removing the changes completely.

• Dangerous!
• Require special permissions: admin?, delete?
• May be only mark the revisions as hidden and keep them interally.
  • "show hidden" button/param in RC?
    • Might disable soft security.
    • Who wants to see revisions that were marked as spam by the admin?
  • require server admin to restore?

Strip out code to list wiki contributions by author

• It seems Despam can be modified easily to list all editor's contributions. This could be made into a macro or automatically included as an option for search. For example, a macro such as [[UserContributions(UserName)]] can list all wiki contributions by a particular editor. Or create a search page that allows a search by editor's username. I know I have a lot of trouble remembering my contributions and it is not always appropriate to add a signature to edits.

Usability issues

This is not very efficient against multiple authors attacks, as each author takes 4 clicks to cleanup. At the very least, if after despamming an author we would go back to the author listing instead of just a confirmation page, that would be reduced to 2 clicks per author. And the best would be to allow choosing multiple authors to cleanup in one bunch, which would make this O(4) to the number of authors. -- TheAnarcat 2012-12-09 22:26:23

And here's a patch to list the authors after the dspam, making this O(2) instead of O(1), but good enough for me: MoinMoinPatch/DespamStreamliningOne -- TheAnarcat 2012-12-09 22:38:28