Sys Admin Procedures
Use the Block User page to prevent a user from making further update to the site. Enter either the user name or IP. Users can be blocked for a fixed amount of time (hours, days) or until the block is removed. In the case of vandalism you should select an expiration date of "infinite".
On the User Contributions page, admins have the additional "rollback" links at lines which are the last edit made by anybody to that article. The rollback link is also shown on the diff page when viewing the difference between the most recent version of a page and the last version.
Clicking on the link reverts to the previous edit not authored by the last editor, with an automatic edit summary of "Reverted edits by X (talk) to last version by Y," which marks the edit as "minor." If, between loading the User Contributions page and pressing "rollback," someone else edits or rolls back the page, or if there was no previous editor, you will get an error message.
Rollbacks should be used with caution and restraint, in part because they leave no explanation for the revert in the edit summary. Reverting a good-faith edit may therefore send the message that "I think your edit was no better than vandalism and doesn't deserve even the courtesy of an explanation." It is a slap in the face to a good-faith editor. If you use the rollback feature for anything other than vandalism or for reverting yourself, it's polite to leave an explanation on the article talk page, or on the talk page of the user whose edit(s) you reverted.
A vandalbot is a script which automatically performs some kind of edit or similar operation to a wiki at high rate. When you see one, you have to know what to do. Read this page now -- don't leave it until the heat is on!
The basic response to a vandalbot is to revert its actions using sysop-only features. You can revert page-editing without sysop powers, but that's slow and tedious.
If a sysop sees a page-editing vandalbot (that is, one that edits existing pages), they should do the following:
- Block it
- Go to the contributions page
- Append "&bot=1" to the contributions page URL (may need to be ?bot=1)
- Click on all the rollback links
Note that it's easier to click on all the rollback links if you have them loading in an inactivated tab/window, i.e. "in the background". To do this in Netscape or Mozilla, go to Edit > Preferences, click "Tabbed Browsing" and enable "Load links in the background" and opening tabs on "middle-click and control-click". This allows one-click rollbacks. The best IE method requires two clicks -- shift-click on the link then click again to get back to the contribs page. Alternatively, as your hand will be on the keyboard anyway, shift-click the link then press alt-tab to return to the previous window (that is, the one in which you clicked the link).
Reverting page creation is slightly harder. You just need to use the standard deletion interface.
It may also be useful to bring the incident to the attention of the community so that others can be on the look out for similar attacks soon after.