Last modified: 2011-03-13 18:05:24 UTC
Admins should never fight, and if they do fight, they certainly should
never get into blocking wars. Standard practice says that admin should,
like anyone else, petition another admin to be unblocked if they believe
they were blocked unfairly. I would request that this be enforced at the
technical level by removing the option for an admin who is blocked to
It may also be worth considering whether or not all of the sysop tools
should be disabled when an admin is blocked.
A couple major problems:
* If a rogue admin blocks all other admins, no one else can recover
without external assistance.
* If a range or IP block accidentally hits an admin, the admin cannot
recover. On a small wiki with a single admin this may be unrecoverable
without interference in the database.
If there is a need to block a sysop, it would make sense to desysop that
A third problem - if an admin wants to test using blocks, usually the admin will
simply test by blocking him- or herself.
*** Bug 9851 has been marked as a duplicate of this bug. ***
(In reply to comment bug 9851 comment #2)
> Not to argue, but there is no difference between an admin blocking all and
> acting unchecked, or unblocking himself repeatedly to do that. Except that only
> one of them is likely to delete the main page or edit the sitenotice of a top 10
> website with 100 other admins that it would be impossible to block, practically
It would be quite easy to write a script to block every other admin on the site
at once. There are no restrictions on simultaneous blocks. Presumably to
compromise an account you need to be a script kiddie already, and any script
kiddie could block all other admins. A much more reasonable request is the
"sacrifice sysophood to desysop" idea, which permits the majority to immediately
deal with a rogue minority without giving the minority any substantial leeway
(desysopping a single user is not very disruptive at all compared to vandalism
of the main page or whatnot).
One option could be to allow a blocked admin to remove IP blocks and unblock others, but
not himself. For wikis with a nontrivial number of sysops that would allow cooperation to
overcome the "everyone gets blocked" issue, while still limiting the damage that could be
done by a single rogue account.
It's simple for a script to block every admin on the wiki simultaneously. The
logic of a Perl script to do that, given a list of admins, would amount to
probably a few lines. You just need to send a couple hundred POSTs over the
course of half a second or whatever, and they should all go through without a
hitch. Resend every half-second for a few seconds if you're worried. And if
we're worried about compromised admin accounts, presumably they were compromised
by script kiddies who could easily write such a script.