Hi Denny,

As a spam defence for Wikimania, we disallowed local account generation, and just leverage WMF's SULs, similarly did the same for wikidata-test to great effect. The one thing that we did was to change the login link to point to somewhere they could create an account. [1] Great success, though not 100% effective against manual spammers, or those that trawl.

If allowable, I would also suggest that you leverage the other global settings like title and spam blacklist, and global abusefilter. 

[1] https://wikimania.wikimedia.org/w/index.php?title=Special:UserLogin&returnto=Wikimania

-- Billinghurst

------ Original Message ------
From: "Denny Vrandečić" <dvrandecic@wikimedia.org>
To: "Cloud" <cloud@lists.wikimedia.org>
Sent: 22/04/2021 3:59:12 AM
Subject: [Cloud] Help with a MediaWiki instance on WMCloud - spammers

Hi all,

I have a MediaWiki instance running on WMCloud:

https://annotation.wmcloud.org/ 

Is there some recipe or instruction available somewhere on how to manage it?

More specifically, about a week ago, spammers discovered it. I would like to use WSOAuth and PluggableAuth or something similar in order to allow only logins by users with a Wikimedia account, and only allow edits by logged in users.

On a shorter notice, as a stop gap, I would like to disallow account creation by non-logged-in users and edits by non-logged in user, so I can at least stop new spam creation and clean up the existing one.

I am very confused by Puppet, have a rough idea what Vagrant is, and think I have a stable understanding of MediaWiki maintenance. Any help or pointers would be much appreciated.

Thank you!
Denny


Virus-free. www.avast.com