After having long being plagued by spammers on my WL-HDD Wiki, I have decided to take measures to crack down! One of the main reasons for doing this is that spam decreases rankings in Google. Furthermore, when I am in China from July onwards, I will not be checking my mail as regurarly so spam would go unnoticed which could be damaging.I have therefore upgraded to a more secure and spamproof version of Mediawiki – v1.10
The best way to deal with the spam is to force wiki users to register before editing. Even better is to force them to confirm their email address before they can start editing any of the pages. To force users to register before editing, you will need user permissions such as these in LocalSettings.php:
# Edit Permissions
// Implicit group for all visitors
$wgGroupPermissions['*' ]['createaccount'] = true;
$wgGroupPermissions['*' ]['read'] = true;
$wgGroupPermissions['*' ]['edit'] = false; // Stop unregistered users from making edits
$wgGroupPermissions['*' ]['createpage'] = false; // Stop unregistered users from making edits
$wgGroupPermissions['*' ]['createtalk'] = false; // Stop unregistered users from making edits
// Implicit group for all logged-in accounts
$wgGroupPermissions['user' ]['move'] = true;
$wgGroupPermissions['user' ]['read'] = true;
$wgGroupPermissions['user' ]['edit'] = true;
$wgGroupPermissions['user' ]['createpage'] = true;
$wgGroupPermissions['user' ]['createtalk'] = true;
$wgGroupPermissions['user' ]['upload'] = false;
$wgGroupPermissions['user' ]['reupload'] = false;
$wgGroupPermissions['user' ]['reupload-shared'] = false;
$wgGroupPermissions['user' ]['minoredit'] = true;
$wgGroupPermissions['user' ]['purge'] = false; // can use ?action=purge without clicking "ok"
// Implicit group for accounts that pass $wgAutoConfirmAge
$wgGroupPermissions['autoconfirmed']['autoconfirmed'] = true;
// Implicit group for accounts with confirmed email addresses
// This has little use when email address confirmation is off
$wgGroupPermissions['emailconfirmed']['emailconfirmed'] = true;
// Users with bot privilege can have their edits hidden
// from various log pages by default
$wgGroupPermissions['bot' ]['bot'] = true;
$wgGroupPermissions['bot' ]['autoconfirmed'] = true;
$wgGroupPermissions['bot' ]['nominornewtalk'] = true;
$wgGroupPermissions['bot' ]['autopatrol'] = true;
// Most extra permission abilities go to this group
$wgGroupPermissions['sysop']['block'] = true;
$wgGroupPermissions['sysop']['createaccount'] = true;
$wgGroupPermissions['sysop']['delete'] = true;
$wgGroupPermissions['sysop']['deletedhistory'] = true; // can view deleted history entries, but not see or restore the text
$wgGroupPermissions['sysop']['editinterface'] = true;
$wgGroupPermissions['sysop']['import'] = true;
$wgGroupPermissions['sysop']['importupload'] = true;
$wgGroupPermissions['sysop']['move'] = true;
$wgGroupPermissions['sysop']['patrol'] = true;
$wgGroupPermissions['sysop']['autopatrol'] = true;
$wgGroupPermissions['sysop']['protect'] = true;
$wgGroupPermissions['sysop']['proxyunbannable'] = true;
$wgGroupPermissions['sysop']['rollback'] = true;
$wgGroupPermissions['sysop']['trackback'] = true;
$wgGroupPermissions['sysop']['upload'] = true;
$wgGroupPermissions['sysop']['reupload'] = true;
$wgGroupPermissions['sysop']['reupload-shared'] = true;
$wgGroupPermissions['sysop']['unwatchedpages'] = true;
$wgGroupPermissions['sysop']['autoconfirmed'] = true;
$wgGroupPermissions['sysop']['upload_by_url'] = true;
$wgGroupPermissions['sysop']['ipblock-exempt'] = true;
// Permission to change users' group assignments
$wgGroupPermissions['bureaucrat']['userrights'] = true;
To implement the force email confirmation feature, you simply need to add this line of code to LocalSettings.php:
$wgEmailConfirmToEdit = true;
Make sure that the following value is also true in LocalSettings.php
$wgEmailAuthentication = true;
Users will be notified when they try and edit a page to first confirm their email address. This only has to be done once.
Hopefully this should keep the spammers at bay for a little while and give me some peace on my holidays!
Here is where I found the information.
