The Wikimania wiki is part of the production cluster so gets privileged access to the production CentralAuth database. I'm not sure if the prod wikis can act as an identity provider for other sites to consume

On Thu, 22 Apr 2021 at 19:27, Denny Vrandečić <> wrote:
I would love to do the same! Can you point me to your configuration?

On Wed, Apr 21, 2021 at 9:03 PM billinghurst <> wrote:
Hi Denny,

As a spam defence for Wikimania, we disallowed local account generation, and just leverage WMF's SULs, similarly did the same for wikidata-test to great effect. The one thing that we did was to change the login link to point to somewhere they could create an account. [1] Great success, though not 100% effective against manual spammers, or those that trawl.

If allowable, I would also suggest that you leverage the other global settings like title and spam blacklist, and global abusefilter. 

-- Billinghurst

------ Original Message ------
From: "Denny Vrandečić" <>
Sent: 22/04/2021 3:59:12 AM
Subject: [Cloud] Help with a MediaWiki instance on WMCloud - spammers

Hi all,

I have a MediaWiki instance running on WMCloud:

Is there some recipe or instruction available somewhere on how to manage it?

More specifically, about a week ago, spammers discovered it. I would like to use WSOAuth and PluggableAuth or something similar in order to allow only logins by users with a Wikimedia account, and only allow edits by logged in users.

On a shorter notice, as a stop gap, I would like to disallow account creation by non-logged-in users and edits by non-logged in user, so I can at least stop new spam creation and clean up the existing one.

I am very confused by Puppet, have a rough idea what Vagrant is, and think I have a stable understanding of MediaWiki maintenance. Any help or pointers would be much appreciated.

Thank you!

Wikimedia Cloud Services mailing list (formerly
Wikimedia Cloud Services mailing list (formerly