Hi Denny,

Have you seen https://www.mediawiki.org/wiki/Manual:Combating_spam or https://www.mediawiki.org/wiki/Manual:User_rights?
You might be able to do something like `$wgGroupPermissions['*']['edit'] = false; $wgGroupPermissions['*']['createaccount'] = false;`

On Wed, 21 Apr 2021 at 18:59, Denny Vrandečić <dvrandecic@wikimedia.org> wrote:
Hi all,

I have a MediaWiki instance running on WMCloud:

https://annotation.wmcloud.org/ 

Is there some recipe or instruction available somewhere on how to manage it?

More specifically, about a week ago, spammers discovered it. I would like to use WSOAuth and PluggableAuth or something similar in order to allow only logins by users with a Wikimedia account, and only allow edits by logged in users.

On a shorter notice, as a stop gap, I would like to disallow account creation by non-logged-in users and edits by non-logged in user, so I can at least stop new spam creation and clean up the existing one.

I am very confused by Puppet, have a rough idea what Vagrant is, and think I have a stable understanding of MediaWiki maintenance. Any help or pointers would be much appreciated.

Thank you!
Denny

_______________________________________________
Wikimedia Cloud Services mailing list
Cloud@lists.wikimedia.org (formerly labs-l@lists.wikimedia.org)
https://lists.wikimedia.org/mailman/listinfo/cloud