On Wed, Aug 1, 2012 at 12:44 PM, Helmut Hullen <Hullen(a)t-online.de> wrote:
Hallo, Bernhard,
Du meintest am 01.08.12:
I am running a couple of relatively small
academic Wikis mainly for
educational uses at university. Thus there is relatively little
traffic apart from course time. Nevertheless, some two years ago I
noticed more and more spam and thus reduced editing rights first to
registered users, then to users of a special group that need my
personal acknowledgement. Now, in recent months there is an
increasing number of new users (robots?) obviously attempting to
write spam which they do not do but they are kind of spamming the
lists of registered users.
Yes - I know these nasty robots ...
I could reduce the registration rights but
on the other hand I want students to register freely in order to
obtain their editing permissions. Is there a decent way to detect and
prevent harmful would-be spammers from setting up an account without
preventing that option for serious users?
Captcha: didn't work reliable (may be due to my external provider).
Then I added the following lines
# reduzieren; 29.5.12
$wgGroupPermissions['*']['edit'] = false;
$wgGroupPermissions['user']['edit'] = true;
$wgGroupPermissions['sysop']['edit'] = true;
#
$wgGroupPermissions['*']['createpage'] = false;
# $wgGroupPermissions['user']['createpage'] = false;
$wgGroupPermissions['user']['createpage'] = true;
$wgGroupPermissions['autoconfirmed']['createpage'] = true;
$wgAutoConfirmAge = 86400 * 4; # 4 Tage oder aelter
#
$wgGroupPermissions['*']['createaccount'] = false;
$wgGroupPermissions['user']['createaccount'] = true;
#
to "LocalSettings.php"; I have (as sysop/bureaucrat) to create an
account for every allowed user, but that's (in my case) much less work
than cleaning the Wiki every day.
Maybe these lines can be elaborated ...
And with a lot of hope and ccordination it may be possible to change the
"createaccount" line for an hour or so and all allowed users have to
create their account within that time.
Viele Gruesse!
Helmut
New account spam can be largely avoided by disabling account creation for
new users and transferring authentication to a service such as
https://www.mediawiki.org/wiki/Extension:OpenID
New account creation is disabled with this line in LocalSettings.php:
$wgGroupPermissions['*']['createaccount'] = false;
The [[MediaWiki:Loginprompt]] can be updated from its default value to
suggest that new users create accounts with an OpenID. Current accounts are
unaffected, and new users often already have an account with one of the
OpenID providers,
http://openid.net/get-an-openid/
Also reported here:
https://www.mediawiki.org/wiki/Manual:Combating_spam#Restrict_editing
--Fred