OESF:Antispam configuration work list
From OESF
(→Bad Behavior extension) |
(→Bad Behavior extension) |
||
Line 130: |
Line 130: | ||
#* Add code: <code>require_once( "$IP/includes/DatabaseFunctions.php" );</code> | #* Add code: <code>require_once( "$IP/includes/DatabaseFunctions.php" );</code> | ||
#* '''DONE''': [[User:Meyer|Meyer]] ([[User_talk:Meyer|talk]]) 10:03, 25 October 2007 (EDT) | #* '''DONE''': [[User:Meyer|Meyer]] ([[User_talk:Meyer|talk]]) 10:03, 25 October 2007 (EDT) | ||
| - | # Custom patch: | + | # Custom patch: [http://lists.wikimedia.org/pipermail/mediawiki-l/2007-September/023348.html MediaWiki introduces a functional change that breaks some extensions designed for previous versions], including Bad Behavior. Although [http://www.gossamer-threads.com/lists/engine?do=post_view_printable;post=104190;list=wiki at least one person recommends discontinuing use and contacting developers of such extensions, I made the following patch to Bad Behavior that seems to serve: |
| + | #* Add code at end of function bb2_mediawiki_timer (after bad-behavior-mediawiki.php line 122): <code>return 1;</code> | ||
| + | #* '''DONE''': [[User:Meyer|Meyer]] ([[User_talk:Meyer|talk]]) 15:02, 27 October 2007 (EDT) | ||
| + | |||
| + | '''Note:''' There is a bug in the Bad Behavior extension that [http://freeculture.org/pipermail/webteam/2006-December/000012.html messes up formatting at the bottom of the edit article page]. Since it is cosmetic I am leaving it in place for now. | ||
== Bad Behavior 2 extension == | == Bad Behavior 2 extension == | ||
Revision as of 19:02, 27 October 2007
This page is a list of operations to be performed to enhance spam protection of the OESF Wiki. The plan is to implement the suggestions documented in Blocking Spam in MediaWiki.
Contents |
Installed software versions
| MediaWiki | 1.11.0 |
| PHP | 5.1.6 (apache2handler) |
| MySQL | 4.0.27-standard-log |
Above obtained from Special:Version on 2007-10-21.
Work Environment
| Host: | login.ibiblio.org (shell account) |
| User: | oesf |
| Password: | (do not disclose) |
Although telnet connection is possible, urge use of SSH client for security. Free clients include OpenSSH for Unix-like systems and PuTTY for MS Windows.
Backup files
Backup each file to be changed in following operations.
(Paths relative to user oesf home directory: /export/sunsite/users/oesf)
- html/LocalSettings.php (#CSS hidden spam, #ConfirmEdit extension) — DONE: -> html/LocalSettings.bak.php -- Meyer (talk) 13:44, 20 October 2007 (EDT)
- html/extensions/ConfirmEdit/ConfirmEdit.php (#ConfirmEdit extension) — DONE -> html/extensions/ConfirmEdit/ConfirmEdit.bak.php -- Meyer (talk) 14:03, 20 October 2007 (EDT)
Wiki file system root: /public/vhost/o/oesf/html
| Original file | Backup | DONE |
|---|---|---|
| LocalSettings.php | LocalSettings.bak.php | Meyer (talk) 13:33, 24 October 2007 (EDT) |
| extensions/ConfirmEdit/ConfirmEdit.php | extensions/ConfirmEdit/ConfirmEdit.bak.php | Meyer (talk) 13:33, 24 October 2007 (EDT) |
| extensions/Bad-Behavior/bad-behavior-mediawiki.php | extensions/Bad-Behavior/bad-behavior-mediawiki.bak.php | Meyer (talk) 09:49, 25 October 2007 (EDT) |
CSS hidden spam
- Add following line to LocalSettings.php — DONE Added line in new section of file for OESF Wiki enhancements. -- Meyer (talk) 13:33, 24 October 2007 (EDT)
$wgSpamRegex = "/\<.*style.*?(display|position|overflow|visibility|height)\s*:.*?>/i";
Blank user agents
SetEnvIf User-Agent ^$ spammer=yes # block blank user agents Order allow,deny allow from all deny from env=spammer
ConfirmEdit extension
- Create directory:
- Download extension files to directory:
- Command:
$svn co http://svn.wikimedia.org/svnroot/mediawiki/trunk/extensions/ConfirmEdit/ - DONE: Meyer (talk) 13:33, 24 October 2007 (EDT)
- Command:
- Add line near bottom of LocalSettings.php:
- Customize extensions/ConfirmEdit/ConfirmEdit.php: (Below suggestions are already set as defaults.)
$wgGroupPermissions['*' ]['skipcaptcha'] = false; $wgGroupPermissions['user' ]['skipcaptcha'] = false; $wgGroupPermissions['autoconfirmed']['skipcaptcha'] = false; $wgGroupPermissions['bot' ]['skipcaptcha'] = true; // registered bots $wgGroupPermissions['sysop' ]['skipcaptcha'] = true; $wgCaptchaTriggers['edit'] = false; // Would check on every edit $wgCaptchaTriggers['addurl'] = true; // Check on edits that add URLs $wgCaptchaTriggers['createaccount'] = true; // Special:Userlogin&type=signup
Following changes made to default settings:
| Variable | Default | Change | Effect | DONE |
|---|---|---|---|---|
| $ceAllowConfirmedEmail | false | true | Allow users who have confirmed their e-mail address to include URIs in their edits without requiring a captcha check. | Meyer (talk) 13:33, 24 October 2007 (EDT) |
| $wgCaptchaTriggers['edit'] | false | true | Trigger catcha on every page edit. | Meyer (talk) 13:33, 24 October 2007 (EDT) |
| $wgCaptchaTriggers['create'] | false | true | Trigger captcha on new page creation. | Meyer (talk) 13:33, 24 October 2007 (EDT) |
Red herrings
On the first attempt, operations to install extension completed, but captcha not activated for edits by anonymous user. Have performed the following additional operations, but without success (normal operation of wiki seems unimpared):
- Downloaded the file http://svn.wikimedia.org/svnroot/mediawiki/trunk/extensions/ExtensionFunctions.php to directory html/extensions [1]
- Change value of variable IP from "/home/miamlh1/oesf.org" an unknown directory to "/export/sunsite/users/oesf/html" in file html/LocalSettings.php
I don't think it wise to move ahead with extension installation until EditConfirm is working properly. I am out of time tonight. Will investigate further at my next opportunity. -- Meyer (talk) 14:35, 20 October 2007 (EDT)
MediaWiki Extensions FAQ says scripts need to have execution permission set, which the PHP files downloaded in extensions/ConfirmEdit didn't. Set the permission, but still no visible improvement in function. -- Meyer (talk) 00:47, 24 October 2007 (EDT)
Running the wiki PHP scripts from the command line revealed an error in one of the scripts we're trying to install:
$ php ConfirmEdit.php
Parse error: parse error, unexpected T_BOOLEAN_AND, expecting '(' in /export/sunsite/users/oesf/html/extensions/ConfirmEdit/ConfirmEdit.php on line 330
Googling for "mediawiki confirmedit t_boolean_and parse error" found mention of the same problem and a possible fix. Applying the fix makes the script run without error from the command line, but still no captcha. -- Meyer (talk) 03:24, 24 October 2007 (EDT)
Someone else with the same problem but unclear about how they solved it. Pursuing via e-mail. -- 219.67.171.131 04:04, 24 October 2007 (EDT)
- Ironically, source had made same directory mistake I had. -- Meyer (talk) 13:33, 24 October 2007 (EDT)
SUCCESS!!! Mail from Tux made me realize I had mistaken a basic assumption and all the above changes to files had been done in the wrong area. Wiki files are not rooted at /export/sunsite/users/oesf but at /public/vhost/o/oesf. Repeated the above steps Backup files, CSS hidden spam, Blank user agents, and ConfirmEdit extension on the correct files. Only additional configuration change was setting captcha triggers for page edit and creation to true. Wiki now generates captchas for user registration, page create, and page edit (wiki administrators exempt). -- Meyer (talk) 08:48, 24 October 2007 (EDT)
Bad Behavior extension
Installing and Using Bad Behavior on MediaWiki
- Download archive
- URI: http://www.bad-behavior.ioerror.us/download/bad-behavior-2.0.10.zip
- DONE: Meyer (talk) 09:26, 25 October 2007 (EDT)
- Unpack archive
- Integrate into LocalSettings.php
- Patch for MediaWiki 1.10+
- Custom patch: MediaWiki introduces a functional change that breaks some extensions designed for previous versions, including Bad Behavior. Although [http://www.gossamer-threads.com/lists/engine?do=post_view_printable;post=104190;list=wiki at least one person recommends discontinuing use and contacting developers of such extensions, I made the following patch to Bad Behavior that seems to serve:
Note: There is a bug in the Bad Behavior extension that messes up formatting at the bottom of the edit article page. Since it is cosmetic I am leaving it in place for now.
