[EM] Electorama wiki requires login to view????

Michael Allan mike at zelea.com
Wed Jun 12 07:46:25 PDT 2013


Regarding spam, here are the settings for the wiki I administer:
http://zelea.com/w/Wiki:Main_page
http://zelea.com/system/host/obsidian/var/www/localhost/htdocs/mediawiki-c/LocalSettings.php

See "spam protections", particularly the escalating countermeasures
A.1, A.2, ...  But I've found that A.1 (captcha) is sufficient to stop
all bot registrations and bot spam, provided the captcha is good:

  ## (A.1) captcha: uncomment ConfirmEdit extension at bottom

The one I use is perhaps the simplest of all:
http://www.mediawiki.org/wiki/Extension:QuestyCaptcha

I choose a question that requires the user to navigate to a another
page in the wiki where the answer is.  This makes it difficult for the
bot to replay the question to visitors on a porn site or whatnot, and
then pass back the answer.

General captcha settings:

  $wgGroupPermissions['*'            ]['skipcaptcha'] = false; # the no-group
  $wgGroupPermissions['user'         ]['skipcaptcha'] = true;
  $wgGroupPermissions['autoconfirmed']['skipcaptcha'] = false; # that would be everyone, new users are currently autoconfirmed immediately
  $wgGroupPermissions['bot'          ]['skipcaptcha'] = true; # registered bots
  $wgGroupPermissions['sysop'        ]['skipcaptcha'] = true;
  $wgGroupPermissions['bureaucrat'   ]['skipcaptcha'] = true;

  $wgCaptchaTriggers['edit'] = false; # on edit
  $wgCaptchaTriggers['create'] = false; # on page creation
  $wgCaptchaTriggers['addurl'] = true;  # on edits that add an external URL
  $wgCaptchaTriggers['createaccount'] = true; # on Special:Userlogin&type=signup
  $wgCaptchaTriggers['badlogin'] = true; # on Special:Userlogin after failure

The captcha on 'addurl' stops anonymous bot spam; they all add URLs.
The captcha on 'createaccount' stops them from registering.  A bot
that registered could start spamming without restriction, even adding
URLs, but none ever gets through.

If necessary, I can escalate:

  ## (A.2) SimpleAntiSpam: uncomment extension at bottom
  # guards only web editor (I think) not API, unsure it actually helps

  ## (A.3) captcha: set ConfirmEdit $wgCaptchaTriggers['create'] = true

  ## (A.4) captcha: set ConfirmEdit $wgCaptchaTriggers['edit'] = true

  ## (A.5) close API to anonymous, unregistered users
  # $wgGroupPermissions['*']['writeapi'] = false;

  ## (A.6) no page creation by anonymous, unregistered users
  # $wgGroupPermissions['*']['createpage'] = false;
  # $wgGroupPermissions['*']['createtalk'] = false;

  ## (A.7) close API to ordinary users, leave open for registered bots
  # $wgGroupPermissions['user']['writeapi'] = false;

  ## (A.8) no editing by anonymous, unregistered users
  # $wgGroupPermissions['*']['edit'] = false;

  ## (A.9) no editing by unconfirmed email addresses
  # $wgEmailConfirmToEdit = true;

  ## (B.1) SpamBlacklist: uncomment extension at bottom

  ## (B.2) no registration of new users
  # $wgGroupPermissions['*']['createaccount'] = false;

  ## (B.3) no editing by ordinary users
  # $wgGroupPermissions['*']['createaccount'] = false;
  # $wgGroupPermissions['*']['edit'] = false;
  # $wgGroupPermissions['user']['edit'] = false;
  # $wgGroupPermissions['bot']['edit'] = true;
  # $wgGroupPermissions['sysop']['edit'] = true;

  ## (C) no access by public, per /etc/apache2/modules.d/90_mediawiki.conf

Before installing QuestyCaptcha, I often had to escalate.  But now A.1
alone seems to be sufficient.

Note that I also use this extension, which may confuse some bots:
http://zelea.com/project/mailish/MailishUsername.xht

-- 
Michael Allan

Toronto, +1 416-699-9528
http://zelea.com/


Kristofer Munsterhjelm said:
> On 06/12/2013 07:04 AM, Rob Lanphier wrote:
> 
> > Responding to Abd's points: We're operating under very different
> > parameters than, say, a Wikimedia-operated wiki like Wikiversity.  In
> > particular, we don't have the infrastructure to deal with user creation
> > spam.  There are big advantages to sharing spam fighting resources with
> > Wikipedia.
> 
> I imagine that using some spam-deterring plugins would go a lot of the 
> way. See http://www.mediawiki.org/wiki/Manual:Combating_spam . I don't 
> know this, though, as I haven't administered any Mediawiki sites myself.



More information about the Election-Methods mailing list