MediaWiki causes me to ragequit

Lisa Kachold lisakachold at obnosis.com
Mon Sep 7 01:29:21 MST 2009 

Hi Ryan!

On Sun, Sep 6, 2009 at 11:43 PM, Ryan Rix <phrkonaleash at gmail.com> wrote:

> Hey PLUGgers,
>

Let's call in the Anonymous_Group:
http://www.obnosis.com/motivatebytruth/anonymous5.jpg !

No seriously....


> Today the ABLEconf internal wiki was hit pretty hard by spammers. :(
>
> We looked at how to protect the pages so that only registered users can
> edit
> any part of the wiki. Unfortunately, according to
> https://bugzilla.wikimedia.org/show_bug.cgi?id=8796 that has been
> disabled,
> due to the fact that any user could then change the page so that only admin
> could edit it... or something. Obviously it has little bearing on our
> internal wiki, but still keeps us from protecting those pages.
>
> Outside of doing this by hand, what do you recommend to secure our
> mediawiki
> install?
>

No really?

Drastic solutions include: (see http://wiki.obnosis.com)

1) Lock out public page edits, setup a "shared administrative edit user" or
htaccess protect all pages in a directory via ONE username that comes up in
a box (you can configure via .htaccess file - see Apache.org) before the
page loads.
Add a little box on all pages (template) requesting people email you for a
content password.

2) If you haven't already follow this MediaWiki Administration example for
semi-protection, or cascading protection:

http://www.mediawiki.org/wiki/Manual:Administrators

3) Alternately, you can add a bot to roll back your pages over their edits
(see admin page and steal templates from other MediaWiki sites).
Have that bot run every hour except say 2AM one day a week, when you
announce editing will be allowed, and manually watch to verify or roll
back/delete the other bogus bot edits.

Excerpt:

Sysops can hide vandalism from the Recent
Changes<http://meta.wikimedia.org/wiki/Help:Recent_changes>page. To do
this, add
&bot=1 to the end of the url used to access a user's contributions. For
example, ...index.php?title=Special:Contributions&target=Username&bot=1.
When the rollback links on the contributions list are clicked, both the
revert and the original edit that you are reverting will be hidden from the
default Recentchanges display. This mechanism uses the marker originally
added to keep massive bot edits from flooding recentchanges, hence the
"bot". These changes will be hidden from recent changes unless you click the
"bots" link to set hidebots=0. The edits are not hidden from contribs,
history, watchlist, etc. The edits remain in the database and are not
removed, but they no longer flood Recentchanges. The aim of this feature is
to reduce the annoyance factor of a flood vandal with relatively little
effort.

4) Indicate very clearly what we think of them:
http://www.obnosis.com/motivatebytruth/anger.jpg

-- 
(623)239-3392
(503)754-4452 www.obnosis.com
http://www.obnosis.com/motivatebytruth/gnu-people.jpg
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.PLUG.phoenix.az.us/pipermail/plug-discuss/attachments/20090907/d58cf18c/attachment.htm

More information about the PLUG-discuss mailing list