[EM] Electorama wiki requires login to view????
Michael Allan
mike at zelea.com
Wed Jun 12 07:46:25 PDT 2013
Regarding spam, here are the settings for the wiki I administer:
http://zelea.com/w/Wiki:Main_page
http://zelea.com/system/host/obsidian/var/www/localhost/htdocs/mediawiki-c/LocalSettings.php
See "spam protections", particularly the escalating countermeasures
A.1, A.2, ... But I've found that A.1 (captcha) is sufficient to stop
all bot registrations and bot spam, provided the captcha is good:
## (A.1) captcha: uncomment ConfirmEdit extension at bottom
The one I use is perhaps the simplest of all:
http://www.mediawiki.org/wiki/Extension:QuestyCaptcha
I choose a question that requires the user to navigate to a another
page in the wiki where the answer is. This makes it difficult for the
bot to replay the question to visitors on a porn site or whatnot, and
then pass back the answer.
General captcha settings:
$wgGroupPermissions['*' ]['skipcaptcha'] = false; # the no-group
$wgGroupPermissions['user' ]['skipcaptcha'] = true;
$wgGroupPermissions['autoconfirmed']['skipcaptcha'] = false; # that would be everyone, new users are currently autoconfirmed immediately
$wgGroupPermissions['bot' ]['skipcaptcha'] = true; # registered bots
$wgGroupPermissions['sysop' ]['skipcaptcha'] = true;
$wgGroupPermissions['bureaucrat' ]['skipcaptcha'] = true;
$wgCaptchaTriggers['edit'] = false; # on edit
$wgCaptchaTriggers['create'] = false; # on page creation
$wgCaptchaTriggers['addurl'] = true; # on edits that add an external URL
$wgCaptchaTriggers['createaccount'] = true; # on Special:Userlogin&type=signup
$wgCaptchaTriggers['badlogin'] = true; # on Special:Userlogin after failure
The captcha on 'addurl' stops anonymous bot spam; they all add URLs.
The captcha on 'createaccount' stops them from registering. A bot
that registered could start spamming without restriction, even adding
URLs, but none ever gets through.
If necessary, I can escalate:
## (A.2) SimpleAntiSpam: uncomment extension at bottom
# guards only web editor (I think) not API, unsure it actually helps
## (A.3) captcha: set ConfirmEdit $wgCaptchaTriggers['create'] = true
## (A.4) captcha: set ConfirmEdit $wgCaptchaTriggers['edit'] = true
## (A.5) close API to anonymous, unregistered users
# $wgGroupPermissions['*']['writeapi'] = false;
## (A.6) no page creation by anonymous, unregistered users
# $wgGroupPermissions['*']['createpage'] = false;
# $wgGroupPermissions['*']['createtalk'] = false;
## (A.7) close API to ordinary users, leave open for registered bots
# $wgGroupPermissions['user']['writeapi'] = false;
## (A.8) no editing by anonymous, unregistered users
# $wgGroupPermissions['*']['edit'] = false;
## (A.9) no editing by unconfirmed email addresses
# $wgEmailConfirmToEdit = true;
## (B.1) SpamBlacklist: uncomment extension at bottom
## (B.2) no registration of new users
# $wgGroupPermissions['*']['createaccount'] = false;
## (B.3) no editing by ordinary users
# $wgGroupPermissions['*']['createaccount'] = false;
# $wgGroupPermissions['*']['edit'] = false;
# $wgGroupPermissions['user']['edit'] = false;
# $wgGroupPermissions['bot']['edit'] = true;
# $wgGroupPermissions['sysop']['edit'] = true;
## (C) no access by public, per /etc/apache2/modules.d/90_mediawiki.conf
Before installing QuestyCaptcha, I often had to escalate. But now A.1
alone seems to be sufficient.
Note that I also use this extension, which may confuse some bots:
http://zelea.com/project/mailish/MailishUsername.xht
--
Michael Allan
Toronto, +1 416-699-9528
http://zelea.com/
Kristofer Munsterhjelm said:
> On 06/12/2013 07:04 AM, Rob Lanphier wrote:
>
> > Responding to Abd's points: We're operating under very different
> > parameters than, say, a Wikimedia-operated wiki like Wikiversity. In
> > particular, we don't have the infrastructure to deal with user creation
> > spam. There are big advantages to sharing spam fighting resources with
> > Wikipedia.
>
> I imagine that using some spam-deterring plugins would go a lot of the
> way. See http://www.mediawiki.org/wiki/Manual:Combating_spam . I don't
> know this, though, as I haven't administered any Mediawiki sites myself.
More information about the Election-Methods
mailing list