Click here to send us your inquires or call (852) 36130518

After years of fighting spam and vandalism on my WL-HDD site - involving making many complex spam rules and heavily restricting user’s editing permissions, I have finally found a more ideal solution to the problem - reCAPTCHA.

Many of you will already be familiar with reCAPTCHA via other websites - where it is often used to block spam comments on blogs or on user registration forms. Basically, it requires you to recognize two words in a picture and to type them into an input box as a means of proving that you are a human and not a spambot. You can see an example of reCAPTCHA in action in the screenshot provided.

Screenshot-Editing Sprayfly-sandbox- - WL-HDD Wiki - Mozilla Firefox

I currently have the plugin setup so that it is activated on:

  • New user registration
  • Creation of new pages
  • Anonymous edits that contain new external links
  • Brute-force password cracking

If you are interested in implementing the plugin on your own blog, there is more information available here. It is a very straightforward and simple procedure.

The WL-HDD Wiki which was formerly hosted under the sprayfly.com domain name now has its own address at wlhdd.co.uk. Likewise, I have set up a blog so you can keep up with any updates to the Wiki or any other related news at wlhdd.co.uk/blog/. For more info head over to the full post on the wiki’s blog.

WL-HDD Wiki Back Online

February 9th, 2008

After a bit of a blunder I made when bashing the keyboard in the SSH shell the other day I managed to ruin my Mediawiki installation. Whilst the database was not damaged, all the server files were lost, including all of the images used on the wiki. Unfortunately all backups were at home on my old computer so I was not able to access them. I eventually managed to get my sister to email me the backup files and now the wiki is back online and everything is back to normal again. Even better, I’ve updated to the latest version of Mediawiki which should improve performance and security on the site.
Thanks for your patience, sorry for any inconveniences caused to anyone trying to access the wiki.

Cracking down on Wiki Spam

June 11th, 2007

After having long being plagued by spammers on my WL-HDD Wiki, I have decided to take measures to crack down! One of the main reasons for doing this is that spam decreases rankings in Google. Furthermore, when I am in China from July onwards, I will not be checking my mail as regurarly so spam would go unnoticed which could be damaging.I have therefore upgraded to a more secure and spamproof version of Mediawiki - v1.10

The best way to deal with the spam is to force wiki users to register before editing. Even better is to force them to confirm their email address before they can start editing any of the pages. To force users to register before editing, you will need user permissions such as these in LocalSettings.php:

# Edit Permissions

// Implicit group for all visitors
$wgGroupPermissions['*' ]['createaccount'] = true;
$wgGroupPermissions['*' ]['read'] = true;
$wgGroupPermissions['*' ]['edit'] = false; // Stop unregistered users from making edits
$wgGroupPermissions['*' ]['createpage'] = false; // Stop unregistered users from making edits
$wgGroupPermissions['*' ]['createtalk'] = false; // Stop unregistered users from making edits

// Implicit group for all logged-in accounts
$wgGroupPermissions['user' ]['move'] = true;
$wgGroupPermissions['user' ]['read'] = true;
$wgGroupPermissions['user' ]['edit'] = true;
$wgGroupPermissions['user' ]['createpage'] = true;
$wgGroupPermissions['user' ]['createtalk'] = true;
$wgGroupPermissions['user' ]['upload'] = false;
$wgGroupPermissions['user' ]['reupload'] = false;
$wgGroupPermissions['user' ]['reupload-shared'] = false;
$wgGroupPermissions['user' ]['minoredit'] = true;
$wgGroupPermissions['user' ]['purge'] = false; // can use ?action=purge without clicking “ok”

// Implicit group for accounts that pass $wgAutoConfirmAge
$wgGroupPermissions['autoconfirmed']['autoconfirmed'] = true;

// Implicit group for accounts with confirmed email addresses
// This has little use when email address confirmation is off
$wgGroupPermissions['emailconfirmed']['emailconfirmed'] = true;

// Users with bot privilege can have their edits hidden
// from various log pages by default
$wgGroupPermissions['bot' ]['bot'] = true;
$wgGroupPermissions['bot' ]['autoconfirmed'] = true;
$wgGroupPermissions['bot' ]['nominornewtalk'] = true;
$wgGroupPermissions['bot' ]['autopatrol'] = true;

// Most extra permission abilities go to this group
$wgGroupPermissions['sysop']['block'] = true;
$wgGroupPermissions['sysop']['createaccount'] = true;
$wgGroupPermissions['sysop']['delete'] = true;
$wgGroupPermissions['sysop']['deletedhistory'] = true; // can view deleted history entries, but not see or restore the text
$wgGroupPermissions['sysop']['editinterface'] = true;
$wgGroupPermissions['sysop']['import'] = true;
$wgGroupPermissions['sysop']['importupload'] = true;
$wgGroupPermissions['sysop']['move'] = true;
$wgGroupPermissions['sysop']['patrol'] = true;
$wgGroupPermissions['sysop']['autopatrol'] = true;
$wgGroupPermissions['sysop']['protect'] = true;
$wgGroupPermissions['sysop']['proxyunbannable'] = true;
$wgGroupPermissions['sysop']['rollback'] = true;
$wgGroupPermissions['sysop']['trackback'] = true;
$wgGroupPermissions['sysop']['upload'] = true;
$wgGroupPermissions['sysop']['reupload'] = true;
$wgGroupPermissions['sysop']['reupload-shared'] = true;
$wgGroupPermissions['sysop']['unwatchedpages'] = true;
$wgGroupPermissions['sysop']['autoconfirmed'] = true;
$wgGroupPermissions['sysop']['upload_by_url'] = true;
$wgGroupPermissions['sysop']['ipblock-exempt'] = true;

// Permission to change users’ group assignments
$wgGroupPermissions['bureaucrat']['userrights'] = true;

To implement the force email confirmation feature, you simply need to add this line of code to LocalSettings.php:
$wgEmailConfirmToEdit = true;

Make sure that the following value is also true in LocalSettings.php
$wgEmailAuthentication = true;

Users will be notified when they try and edit a page to first confirm their email address. This only has to be done once.

Hopefully this should keep the spammers at bay for a little while and give me some peace on my holidays!

Here is where I found the information.