Hi Ryan! On Sun, Sep 6, 2009 at 11:43 PM, Ryan Rix <phrkonale...@gmail.com> wrote:
> Hey PLUGgers, > Let's call in the Anonymous_Group: http://www.obnosis.com/motivatebytruth/anonymous5.jpg ! No seriously.... > Today the ABLEconf internal wiki was hit pretty hard by spammers. :( > > We looked at how to protect the pages so that only registered users can > edit > any part of the wiki. Unfortunately, according to > https://bugzilla.wikimedia.org/show_bug.cgi?id=8796 that has been > disabled, > due to the fact that any user could then change the page so that only admin > could edit it... or something. Obviously it has little bearing on our > internal wiki, but still keeps us from protecting those pages. > > Outside of doing this by hand, what do you recommend to secure our > mediawiki > install? > No really? Drastic solutions include: (see http://wiki.obnosis.com) 1) Lock out public page edits, setup a "shared administrative edit user" or htaccess protect all pages in a directory via ONE username that comes up in a box (you can configure via .htaccess file - see Apache.org) before the page loads. Add a little box on all pages (template) requesting people email you for a content password. 2) If you haven't already follow this MediaWiki Administration example for semi-protection, or cascading protection: http://www.mediawiki.org/wiki/Manual:Administrators 3) Alternately, you can add a bot to roll back your pages over their edits (see admin page and steal templates from other MediaWiki sites). Have that bot run every hour except say 2AM one day a week, when you announce editing will be allowed, and manually watch to verify or roll back/delete the other bogus bot edits. Excerpt: Sysops can hide vandalism from the Recent Changes<http://meta.wikimedia.org/wiki/Help:Recent_changes>page. To do this, add &bot=1 to the end of the url used to access a user's contributions. For example, ...index.php?title=Special:Contributions&target=Username&bot=1. When the rollback links on the contributions list are clicked, both the revert and the original edit that you are reverting will be hidden from the default Recentchanges display. This mechanism uses the marker originally added to keep massive bot edits from flooding recentchanges, hence the "bot". These changes will be hidden from recent changes unless you click the "bots" link to set hidebots=0. The edits are not hidden from contribs, history, watchlist, etc. The edits remain in the database and are not removed, but they no longer flood Recentchanges. The aim of this feature is to reduce the annoyance factor of a flood vandal with relatively little effort. 4) Indicate very clearly what we think of them: http://www.obnosis.com/motivatebytruth/anger.jpg -- (623)239-3392 (503)754-4452 www.obnosis.com http://www.obnosis.com/motivatebytruth/gnu-people.jpg
--------------------------------------------------- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
