Hi Denny,
As a spam defence for Wikimania, we disallowed local account generation, and just leverage WMF's SULs, similarly did the same for wikidata-test to great effect. The one thing that we did was to change the login link to point to somewhere they could create an account. [1] Great success, though not 100% effective against manual spammers, or those that trawl.
If allowable, I would also suggest that you leverage the other global settings like title and spam blacklist, and global abusefilter.
[1] https://wikimania.wikimedia.org/w/index.php?title=Special:UserLogin&retu...
-- Billinghurst
------ Original Message ------ From: "Denny Vrandečić" dvrandecic@wikimedia.org To: "Cloud" cloud@lists.wikimedia.org Sent: 22/04/2021 3:59:12 AM Subject: [Cloud] Help with a MediaWiki instance on WMCloud - spammers
Hi all,
I have a MediaWiki instance running on WMCloud:
https://annotation.wmcloud.org/
Is there some recipe or instruction available somewhere on how to manage it?
More specifically, about a week ago, spammers discovered it. I would like to use WSOAuth and PluggableAuth or something similar in order to allow only logins by users with a Wikimedia account, and only allow edits by logged in users.
On a shorter notice, as a stop gap, I would like to disallow account creation by non-logged-in users and edits by non-logged in user, so I can at least stop new spam creation and clean up the existing one.
I am very confused by Puppet, have a rough idea what Vagrant is, and think I have a stable understanding of MediaWiki maintenance. Any help or pointers would be much appreciated.
Thank you! Denny