Hi,
On 4/3/21 12:48 PM, Jeffrey Walton wrote:
Looking at Special:Version, Guzzle is described as "Guzzle is a PHP HTTP client library." I don't believe our Mediawiki should be making outbound requests like this. We disabled Guzzle by disabling SpamBlacklist.
The default configuration of SpamBlacklist will use the Wikimedia spam blacklist so it's useful out of the box. You can disable this functionality by adjusting $wgBlacklistSettings.
This brings a couple of questions:
- Why is Guzzle filtering Sysops or Administrator actions?
The SpamBlacklist filters all users actions, see https://phabricator.wikimedia.org/T36928 for more details on why.
- Is there another way to get the Spam blacklist? Like a Systemd
service that runs once an hour?
Yes, the SpamBlacklist supports referencing a local file to use as input, see the documentation[1]. You could easily set up a systemd timer to automatically wget/curl the latest version of the blacklist.
[1] https://www.mediawiki.org/wiki/Extension:SpamBlacklist#Examples
-- Legoktm