OESF:Antispam configuration work list

From OESF

(Difference between revisions)
Jump to: navigation, search
(ConfirmEdit extension)

Line 76:

Line 76:

== SpamBlacklist extension ==
== SpamBlacklist extension ==
 +
 +
= blah =

Revision as of 04:58, 24 October 2007

This page is a list of operations to be performed to enhance spam protection of the OESF Wiki. The plan is to implement the suggestions documented in Blocking Spam in MediaWiki.

Contents

Installed software versions

MediaWiki1.11.0
PHP5.1.6 (apache2handler)
MySQL4.0.27-standard-log

Above obtained from Special:Version on 2007-10-21.

Work Environment

Host:login.ibiblio.org (shell account)
User:oesf
Password:(do not disclose)

Although telnet connection is possible, urge use of SSH client for security. Free clients include OpenSSH for Unix-like systems and PuTTY for MS Windows.

Backup files

Backup each file to be changed in following operations. (Paths relative to user oesf home directory: /export/sunsite/users/oesf)

CSS hidden spam

  1. Add following line to LocalSettings.php — DONE Added line in new section of file for OESF Wiki enhancements. -- Meyer (talk) 13:49, 20 October 2007 (EDT) 
$wgSpamRegex = "/\<.*style.*?(display|position|overflow|visibility|height)\s*:.*?>/i";

Blank user agents

  1. Create file html/.htaccess with following contents: — DONE -- Meyer (talk) 13:52, 20 October 2007 (EDT) 
SetEnvIf User-Agent ^$ spammer=yes     # block blank user agents

Order allow,deny
allow from all
deny from env=spammer

ConfirmEdit extension

  1. Create directory: mkdir html/extensions/ConfirmEditDONE -- Meyer (talk) 13:55, 20 October 2007 (EDT)
  2. Download extension files to directory: svn co http://svn.wikimedia.org/svnroot/mediawiki/trunk/extensions/ConfirmEdit/DONE -- Meyer (talk) 13:56, 20 October 2007 (EDT)
  3. Add line near bottom of html/LocalSettings.php: require_once( "$IP/extensions/ConfirmEdit/ConfirmEdit.php" );DONE -- Meyer (talk) 13:57, 20 October 2007 (EDT)
  4. Customize html/extensions/ConfirmEdit/ConfirmEdit.php: — DONE Below suggestions are already set as defaults. Only changed $ceAllowConfirmedEmail from "false" to "true" to allow users who have confirmed their e-mail address to include URIs in their edits without requiring a captcha check. -- Meyer (talk) 14:08, 20 October 2007 (EDT)
    • $wgCaptchaTriggers
    • $ceAllowConfirmedEmail 
$wgGroupPermissions['*'            ]['skipcaptcha'] = false;
$wgGroupPermissions['user'         ]['skipcaptcha'] = false;
$wgGroupPermissions['autoconfirmed']['skipcaptcha'] = false;
$wgGroupPermissions['bot'          ]['skipcaptcha'] = true; // registered bots
$wgGroupPermissions['sysop'        ]['skipcaptcha'] = true;

$wgCaptchaTriggers['edit']          = false; // Would check on every edit
$wgCaptchaTriggers['addurl']        = true;  // Check on edits that add URLs
$wgCaptchaTriggers['createaccount'] = true;  // Special:Userlogin&type=signup

Operations to install extension completed, but captcha not activated for edits by anonymous user. Have performed the following additional operations, but without success (normal operation of wiki seems unimpared):

I don't think it wise to move ahead with extension installation until EditConfirm is working properly. I am out of time tonight. Will investigate further at my next opportunity. -- Meyer (talk) 14:35, 20 October 2007 (EDT)

MediaWiki Extensions FAQ says scripts need to have execution permission set, which the PHP files downloaded in extensions/ConfirmEdit didn't. Set the permission, but still no visible improvement in function. -- Meyer (talk) 00:47, 24 October 2007 (EDT)

Bad Behavior extension

Bad Behavior 2 extension

SpamBlacklist extension

blah

Retrieved from "http://www.oesf.org/index.php?title=OESF:Antispam_configuration_work_list"
Personal tools