OESF:Antispam configuration work list

From OESF

Revision as of 18:34, 20 October 2007

This page is a list of operations to be performed to enhance spam protection of the OESF Wiki. The plan is to implement the suggestions documented in Blocking Spam in MediaWiki.

Installed software versions

Above obtained from Special:Version on 2007-10-21.

Work Environment

Although telnet connection is possible, urge use of SSH client for security. Free clients include OpenSSH for Unix-like systems and PuTTY for MS Windows.

Backup files

Backup each file to be changed in following operations. (Paths relative to user oesf home directory: /export/sunsite/users/oesf)

• html/LocalSettings.php (#CSS hidden spam, #ConfirmEdit extension) — DONE: -> html/LocalSettings.bak.php -- Meyer (talk) 13:44, 20 October 2007 (EDT)
• html/extensions/ConfirmEdit/ConfirmEdit.php (#ConfirmEdit extension) — DONE -> html/extensions/ConfirmEdit/ConfirmEdit.bak.php -- Meyer (talk) 14:03, 20 October 2007 (EDT)

CSS hidden spam

1. Add following line to LocalSettings.php — DONE Added line in new section of file for OESF Wiki enhancements. -- Meyer (talk) 13:49, 20 October 2007 (EDT)

$wgSpamRegex = "/\<.*style.*?(display|position|overflow|visibility|height)\s*:.*?>/i";

Blank user agents

1. Create file html/.htaccess with following contents: — DONE -- Meyer (talk) 13:52, 20 October 2007 (EDT)

SetEnvIf User-Agent ^$ spammer=yes     # block blank user agents

Order allow,deny
allow from all
deny from env=spammer

ConfirmEdit extension

1. Create directory: mkdir html/extensions/ConfirmEdit — DONE -- Meyer (talk) 13:55, 20 October 2007 (EDT)
2. Download extension files to directory: svn co http://svn.wikimedia.org/svnroot/mediawiki/trunk/extensions/ConfirmEdit/ — DONE -- Meyer (talk) 13:56, 20 October 2007 (EDT)
3. Add line near bottom of html/LocalSettings.php: require_once( "$IP/extensions/ConfirmEdit/ConfirmEdit.php" ); — DONE -- Meyer (talk) 13:57, 20 October 2007 (EDT)
4. Customize html/extensions/ConfirmEdit/ConfirmEdit.php: — DONE Below suggestions are already set as defaults. Only changed $ceAllowConfirmedEmail from "false" to "true" to allow users who have confirmed their e-mail address to include URIs in their edits without requiring a captcha check. -- Meyer (talk) 14:08, 20 October 2007 (EDT)
   • $wgCaptchaTriggers
   • $ceAllowConfirmedEmail

$wgGroupPermissions['*'            ]['skipcaptcha'] = false;
$wgGroupPermissions['user'         ]['skipcaptcha'] = false;
$wgGroupPermissions['autoconfirmed']['skipcaptcha'] = false;
$wgGroupPermissions['bot'          ]['skipcaptcha'] = true; // registered bots
$wgGroupPermissions['sysop'        ]['skipcaptcha'] = true;

$wgCaptchaTriggers['edit']          = false; // Would check on every edit
$wgCaptchaTriggers['addurl']        = true;  // Check on edits that add URLs
$wgCaptchaTriggers['createaccount'] = true;  // Special:Userlogin&type=signup

Operations to install extension completed, but captcha not activated for edits by anonymous user. Have performed the following additional operations, but without success (normal operation of wiki seems unimpared):

• Downloaded the file svn co http://svn.wikimedia.org/svnroot/mediawiki/trunk/extensions/ExtensionFunctions.php to directory html/extensions an extension
• Change value of variable IP from "/home/miamlh1/oesf.org" an unknown directory to "/export/sunsite/users/oesf/html" in file html/LocalSettings.php

I don't think it wise to move ahead with extension installation until EditConfirm is working properly. I am out of time tonight. Will investigate further at my next opportunity. -- 203.212.44.40 14:34, 20 October 2007 (EDT)

Bad Behavior extension

Bad Behavior 2 extension

SpamBlacklist extension