Wikipedia:Abuse response/Guide to abuse response
When extensive vandalism comes from an IP address, sometimes the approach is to contact the systems administrator of that IP directly to inform them of the problem. This approach works best for IPs belonging to organizations that have a high likelihood of responding to abuse complaints, such as schools and government agencies.
This is a last resort, NOT something to do after a brief, small spate of vandalism. This is only for when there is an established trend of vandalism from an IP that can't be dealt with without larger repercussions, such as blocking a massive range of IPs. If there have been multiple blocks and warnings with an indefinite block determined to be inappropriate and the vandalism resumes after block expiry, then this the right location.
Case process
[edit]How you can help
[edit]If you want to help the Abuse project, there are several different ways:
- You can pre-process reports:
- mark cases as preliminarily approved using {{ARPrelim}} in the "Case log" area of the case page if the case meets filing criteria (see below).
- reject cases by placing {{ARA|r|#}}, where # is the number for a common reject reason (see Template:ARA for more information) then change status to "Rejected" on the top of the case.
- You can investigate cases (see below).
- You can make contact on cases which have already been investigation but are awaiting contact (see below).
Filing criteria
[edit]The criteria for filing an abuse report:
- The IP must have been blocked a minimum of FIVE times
- There must be current and ongoing abuse from the IP
- There must be a block within the last year
A report will be considered stale, and may be rejected if:
- The IP has had no activity in the past five months AND
- The IP is not subject to a current block
Processing a case
[edit]I | Open the case for investigation.
| ||
1. Go to Category:Abuse response - Waiting for Investigation and find a suitable report to open a case.
2. Verify that the report meets the initial filing criteria.
3. Verify that the IP(s) is a habitual offender. Note that it is especially important that for vandalism, the it meets the criteria in Wikipedia:Vandalism. 4. Verify that the IP(s) has been warned suitably. This does not apply to multiple IP addresses if you can link them to the same user and other IPs have previously been suitably warned. 5. Verify that for multiple IPs that they are all under the jurisdiction of the same provider. 6. That blocking, semi-protection, or a similar recourse has not resolved the behavior of the user because the user continues to abuse from new IP addresses.
7. If all of the above criterion are met change the status of the case to "Open" on the top of the case page, and add {{ARA|approved}} | |||
II | Notify the parties.
| ||
8. Place {{AR talk|IP Owner|IP Address|open}} at the top of the IP's talk page to inform other users of the investigation. It is not necessary to place a notice on all IP pages for multi-IP reports, usually the most recent suffices. IP Owner is the ISP/host, and IP Address is the IP address in the title of the Abuse Response case. Open can be left as is.
9. Notify the filer of the report by placing | |||
III | Investigate the case.
| ||
10. Edit the case page to include the results of your investigation. This should include registry information from the WHOIS report, contact information for the abuse department or network administrator, a report containing the address(es), an abuse summary, links to the vandalism, and a summary of all previous blocks. It's also helpful if you can generalize the abuse by time of day, day of week, or other general patterns that would help the organization identify the responsible user or users.
11. When you complete your investigation and your report is ready, add {{ARA}} to the case log. | |||
IV | Contact the responsible organization.
| ||
12. Find the appropriate contact information for the owner of the IP address. This information should be listed in the prepared report. Please see responsible organizations for important information on looking up WHOIS records and full instructions.
13. E-mail is the preferred method of communication for Abuse Response because it can easily be recorded and documented for future reference. Additionally, it has become the de-facto standard for reporting abuse for most organizations.
14. Each time you make contact, keep a log of the activity in the case log.
15. When contact has ceased, whatever the result, record in the contact history. | |||
V | Close and archive the case.
| ||
16. Once the case has closed, add the {{ARA|actioned}} template to case log, followed by a brief summary of the final result and your signature then change the case status to "Closed".
17. Add {{subst:ARA top}} to the top and {{subst:ARA bottom}} to the bottom of the case page in order to archive the case. 18. On the IP's talk page, change {{AR talk}} to 19. Notify the filer that the case was closed by placing |
Userbox
[edit]Project members can display this userbox on their userpage(s):
{{Wikipedia:Abuse response/UserBox}}
This user is a member of the Wikipedia Abuse response team. (verify) |
External links
[edit]- WHOIS websites
- American Registry for Internet Numbers (North America)
- Réseaux IP Européens Network Coordination Centre (Europe)
- African Internet Numbers Registry (Africa)
- Asia Pacific Network Information Center (Asia-Pacific)
- Latin American and Carribean Internet Addresses Registry (Latin America/Carribean)
- Other