OESF:Antispam configuration work list

From OESF

This page is a list of operations to be performed to enhance spam protection of the OESF Wiki. The plan is to implement the suggestions documented in Blocking Spam in MediaWiki.

Contents 1 Installed software versions 2 Work Environment 3 Backup files 4 CSS hidden spam 5 Blank user agents 6 ConfirmEdit extension 7 Bad Behavior extension 8 Bad Behavior 2 extension 9 SpamBlacklist extension

Installed software versions

MediaWiki	1.11.0
PHP	5.1.6 (apache2handler)
MySQL	4.0.27-standard-log

Above obtained from Special:Version on 2007-10-21.

Work Environment

Host:	login.ibiblio.org (shell account)
User:	oesf
Password:	(do not disclose)

Although telnet connection is possible, urge use of SSH client for security. Free clients include OpenSSH for Unix-like systems and PuTTY for MS Windows.

Backup files

Backup each file to be changed in following operations. (Paths relative to user oesf home directory: /export/sunsite/users/oesf)

• html/LocalSettings.php (#CSS hidden spam, #ConfirmEdit extension) — DONE: -> html/LocalSettings.bak.php -- Meyer (talk) 13:44, 20 October 2007 (EDT)
• html/extensions/ConfirmEdit/ConfirmEdit.php (#ConfirmEdit extension) — DONE -> html/extensions/ConfirmEdit/ConfirmEdit.bak.php -- Meyer (talk) 14:03, 20 October 2007 (EDT)

CSS hidden spam

1. Add following line to LocalSettings.php — DONE Added line in new section of file for OESF Wiki enhancements. -- Meyer (talk) 13:49, 20 October 2007 (EDT)

$wgSpamRegex = "/\<.*style.*?(display|position|overflow|visibility|height)\s*:.*?>/i";

Blank user agents

1. Create file html/.htaccess with following contents: — DONE -- Meyer (talk) 13:52, 20 October 2007 (EDT)

SetEnvIf User-Agent ^$ spammer=yes     # block blank user agents

Order allow,deny
allow from all
deny from env=spammer

ConfirmEdit extension

1. Create directory: mkdir html/extensions/ConfirmEdit — DONE -- Meyer (talk) 13:55, 20 October 2007 (EDT)
2. Download extension files to directory: svn co http://svn.wikimedia.org/svnroot/mediawiki/trunk/extensions/ConfirmEdit/ — DONE -- Meyer (talk) 13:56, 20 October 2007 (EDT)
3. Add line near bottom of html/LocalSettings.php: require_once( "$IP/extensions/ConfirmEdit/ConfirmEdit.php" ); — DONE -- Meyer (talk) 13:57, 20 October 2007 (EDT)
4. Customize html/ConfirmEdit.php (check directory):
   • $wgCaptchaTriggers
   • $ceAllowConfirmedEmail

$wgGroupPermissions['*'            ]['skipcaptcha'] = false;
$wgGroupPermissions['user'         ]['skipcaptcha'] = false;
$wgGroupPermissions['autoconfirmed']['skipcaptcha'] = false;
$wgGroupPermissions['bot'          ]['skipcaptcha'] = true; // registered bots
$wgGroupPermissions['sysop'        ]['skipcaptcha'] = true;

$wgCaptchaTriggers['edit']          = false; // Would check on every edit
$wgCaptchaTriggers['addurl']        = true;  // Check on edits that add URLs
$wgCaptchaTriggers['createaccount'] = true;  // Special:Userlogin&type=signup

Bad Behavior extension

Bad Behavior 2 extension

SpamBlacklist extension