Protecting MediaWiki from vandals and spammers #1 – basic protection


As soon as you open your wiki and it starts to be indexed by search engines, you will have a lot of problems.

Captcha
First, spammers. These guys have long since learned to recognize even quite sophisticated captchas, which a person with the first time will not determine. In this regard, it is worth abandoning the graphics and use text captchas with an answer to the question. For example, QuestyCaptcha, which is set by default at installation and you only need to enable it in the file LocalSettings.php:

require_once(“$IP/extensions/ConfirmEdit/QuestyCaptcha.php”);
$wgCaptchaClass = ‘QuestyCaptcha’;
$wgCaptchaQuestions[] = array( ‘question’ , ‘answer’  $wgCaptchaQuestions[] = array( ‘question’ , ‘answer’ );

Make 10 pieces and your site will be quite seriously protected – it will be filled with only intentional, by order. Remember that you can not set the questions, the answers to which can be found at the top of google.
 
I had a problem with the coding – instead of questions was abracadabra. To solve it simply recode the LocalSettings.php file in any text processor (I prefer notepad ++) in UTF-8 (without BOM).
 
Permissions
 
In the /includes folder you will find the DefaultSettings.php file. There you will find a list of default permissions that you can include in LocalSettings.php. Find the following lines:

$wgGroupPermissions = array();

/** @cond file_level_code */
// Implicit group for all visitors
$wgGroupPermissions[‘*’][‘createaccount’] = true;
$wgGroupPermissions[‘*’][‘read’] = true;

… and so on

The easiest way is to copy this array directly to the LocalSettings.php configuration file and edit them there. I recommend that you spend a couple of hours and configure the permissions once and for all; it’s better than spending a few days fighting with spam vandals later.

Namespace protection
 
You can protect certain pages from edits – homepage, templates, etc. Before you start, it’s a good idea to set up auto-confirmation after n days:
 
$wgAutoConfirmAge = 3600*24*3; // 3 days
 
That way you will make life much harder for spammers.
 
I will write more about namespace protection in the second part of this article.

This entry was posted in Mediawiki (en). Bookmark the permalink.

Leave a Reply

🇬🇧 Attention! Comments with URLs/email are not allowed.
🇷🇺 Комментарии со ссылками/email удаляются автоматически.