Wikipedia:WikiAudit
Developer(s) | Andrew G. West (west.andrew.g) |
---|---|
Initial release | January 2012 |
Stable release | 0.1a
/ July 2, 2015 |
Written in | Cross-platform |
Available in | English |
Type | Wikipedia/wiki analysis |
License | GNU General Public License |
Website | http://www.andrew-g-west.com |
WikiAudit is a utility that, given a set of IP addresses as input, outputs a report (see the screenshot image) summarizing the contributions and behavior of those IPs on some wiki (i.e., English Wikipedia). In particular, heuristics direct attention to malicious/unconstructive behaviors.
We envision WikiAudit being useful for:
- Institutional/organizational network administrators who want to monitor the contributions coming from their IP space. From the organization's perspective, this can help protect reputation and misuse of organizational resources. Similarly, organizations who take steps to prevent future mis-behavior help benefit the wiki.
- Casual readers who use the tool to conduct security investigations and reveal organizational might beinappropriately promotional or scrub factual criticism.
Download
- Executable GUI.
- Executable
- Source code for WikiAudit is included with the STiki source-code distribution (visit that page)
- The projects share a code-base; core WikiAudit code is in the
[audit_tool/]
subdirectory
- The projects share a code-base; core WikiAudit code is in the
Operation and intended usage
To control the content of the output report, WikiAudit exposes several parameters:
- IP addresses - The most basic input is a list of IP addresses for analysis (of course, we can only report on CIDR notation(
127.0.0.0/8
) - Connection string - Users provide a path to the template-driven analysis is en.wiki specific. Compatibility with foreign-language installations is untested.
- Time boundaries - So only events occurring after a particular date will be reported. Useful for periodic updates of IP activity.
These parameters produce a report (a simple HTML document) with the following features:
- Aggregate statistics: quantity of IPs that edited, number of contributions, revert quantity, blocked users, etc.
- A high-level look at user/IP participation: (1) Whether the IP has a block historyexists for the IP.
- The contributions from the IP space are also exhaustively enumerated: Basic metadata is provided, along with helpful links. More uniquely, a simple heuristic is used to determine whether the subsequent edit reverted or rolled-backthe contribution (indicating its poor nature).
- Where malicious activity is suspected, the edit/user is colored red to draw attention.
Efficiency & responsible use: WikiAudit operates by making batch calls to the wiki's API. The speed of operation depends on the network connection and the density of IP editing activity in the input range. For perspective, on a residential network it is generally possible to produce a report for ~65,000 IPs (i.e., a /16
CIDR) in about 5-minutes time. Producing reports for a massive quantity of IPs at once (say, a /8
CIDR) is not recommended and may lead to API throttling or temporary loss of API access.
Motivation: WikiAudit's creation was inspired by the
Credits and more information
WikiAudit was written by Andrew G. West (west.andrew.g), a doctoral student in computer science at the University of Pennsylvania under the advisement of Insup Lee. The work was supported in part by ONR-MURI-N00014-07-1-0907. Queries not addressed by documentation should be addressed to WikiAudit's authors.
Screenshots
-
WikiAudit terminal operation/arguments
-
Snippet of WikiAudit output report