Hilfe:Kompromittierte Konten
Diese Seite auf den Punkt gebracht: Bitte kontaktiere cawikimedia.org, wenn du aufgrund einer Kompromittierung nicht mehr in der Lage bist, dich einzuloggen. |
Compromised accounts are user accounts that have been maliciously taken over by someone other than the rightful owner. This is often achieved through a phishing attack, a weak password, or a security breach.
Wie mit Konten zu verfahren ist, bei denen der Verdacht besteht, dass sie kompromittiert wurden, ist nicht immer klar und hängt von Fall zu Fall davon ab, wer zuerst reagiert und wer in der Nähe ist, um Maßnahmen zu ergreifen. Im Folgenden findest du eine Anleitung zu den möglichen Schritten.
Faktenfindung
The first step is to determine whether or not the account is actually compromised. If disruptive actions are being taken, then this step can be skipped because the first objective is to protect the wiki. But if the account is not vandalizing, then it can be useful to check through some of their past edits before suggesting that their account is compromised. Are they editing in places that they usually do? Do they have a history of making similar comments to the ones you suspect someone else of making?
Referring
Once you are reasonably certain that the account may be compromised, it is best to refer the case to someone who can take technical action to prevent disruption to the wiki and help return the account to its original owner. The following groups of people are useful to contact:
- Stewards, who can lock the account to prevent the password/email from being changed, as well as stopping any immediate abuse. Stewards can also remove the advanced permissions of compromised accounts in an emergency, though this is usually not done if the account has been locked already.
- WMF's Trust and Safety team can investigate further, by using CheckUser tools or contacting system administrators to check the account's login history.
- Lokale Checkuser, die bestätigen können, ob eine andere IP für den Zugang zum Konto genutzt wird.
- Local administrators, who can block the account if it is taking disruptive actions. Please note that in such cases, a global lock is preferred, since it stops disruption to all projects where the account is active and preserves the user information.
Each group will end up contacting others during the process, either for confirmation or to perform local actions after the emergency has subsided. Advanced permissions may be removed for this portion of the case, if it is suspected that the agent(s) responsible for compromising the account are still trying to access it.
Wiederherstellung
Once a compromised account is locked by stewards, the case is usually forwarded to the Trust and Safety team to investigate and once the rightful owner of the account is contacted, return the account to them.
Nachbereitung
Once the account has been returned to the original owner, it will be up to the affected local communities to move forward with other measures to prevent damage to the wiki, which might include removal of advanced permissions and/or blocking the account.