OESF:Antispam configuration work list

From OESF

Revision as of 18:05, 29 October 2007 by Meyer (Talk | contribs)
Jump to: navigation, search

This page is a list of operations to be performed to enhance spam protection of the OESF Wiki. The plan is to implement the suggestions documented in Blocking Spam in MediaWiki.

Contents

Installed software versions

MediaWiki1.11.0
PHP5.1.6 (apache2handler)
MySQL4.0.27-standard-log

Above obtained from Special:Version on 2007-10-21.

Work Environment

Host:login.ibiblio.org (shell account)
User:oesf
Password:(do not disclose)

Although telnet connection is possible, urge use of SSH client for security. Free clients include OpenSSH for Unix-like systems and PuTTY for MS Windows.

Backup files

Backup each file to be changed in following operations.

(Paths relative to user oesf home directory: /export/sunsite/users/oesf)

Wiki file system root: /public/vhost/o/oesf/html

Original file Backup DONE
LocalSettings.php LocalSettings.bak.php Meyer (talk) 13:33, 24 October 2007 (EDT)
extensions/ConfirmEdit/ConfirmEdit.php extensions/ConfirmEdit/ConfirmEdit.bak.php Meyer (talk) 13:33, 24 October 2007 (EDT)
extensions/Bad-Behavior/bad-behavior-mediawiki.php extensions/Bad-Behavior/bad-behavior-mediawiki.bak.php Meyer (talk) 09:49, 25 October 2007 (EDT)

CSS hidden spam

  1. Add following line to LocalSettings.php — DONE Added line in new section of file for OESF Wiki enhancements. -- Meyer (talk) 13:33, 24 October 2007 (EDT) 
$wgSpamRegex = "/\<.*style.*?(display|position|overflow|visibility|height)\s*:.*?>/i";

Blank user agents

  1. Create file .htaccess with following contents: — DONE -- Meyer (talk) 13:33, 24 October 2007 (EDT) 
SetEnvIf User-Agent ^$ spammer=yes     # block blank user agents

Order allow,deny
allow from all
deny from env=spammer

ConfirmEdit extension

  1. Create directory:
    • Command: mkdir extensions/ConfirmEdit
    • DONE: Meyer (talk) 13:33, 24 October 2007 (EDT)
  2. Download extension files to directory:
  3. Add line near bottom of LocalSettings.php:
    • Command: require_once( "$IP/extensions/ConfirmEdit/ConfirmEdit.php" );
    • DONE: Meyer (talk) 13:33, 24 October 2007 (EDT)
  4. Customize extensions/ConfirmEdit/ConfirmEdit.php: (Below suggestions are already set as defaults.)
    • DONE: Meyer (talk) 13:33, 24 October 2007 (EDT) 
$wgGroupPermissions['*'            ]['skipcaptcha'] = false;
$wgGroupPermissions['user'         ]['skipcaptcha'] = false;
$wgGroupPermissions['autoconfirmed']['skipcaptcha'] = false;
$wgGroupPermissions['bot'          ]['skipcaptcha'] = true; // registered bots
$wgGroupPermissions['sysop'        ]['skipcaptcha'] = true;

$wgCaptchaTriggers['edit']          = false; // Would check on every edit
$wgCaptchaTriggers['addurl']        = true;  // Check on edits that add URLs
$wgCaptchaTriggers['createaccount'] = true;  // Special:Userlogin&type=signup

Following changes made to default settings:

Variable Default Change Effect DONE
$ceAllowConfirmedEmail false true Allow users who have confirmed their e-mail address to include URIs in their edits without requiring a captcha check. Meyer (talk) 13:33, 24 October 2007 (EDT)
$wgCaptchaTriggers['edit'] false true Trigger catcha on every page edit. Meyer (talk) 13:33, 24 October 2007 (EDT)
$wgCaptchaTriggers['create'] false true Trigger captcha on new page creation. Meyer (talk) 13:33, 24 October 2007 (EDT)

Red herrings

On the first attempt, operations to install extension completed, but captcha not activated for edits by anonymous user. Have performed the following additional operations, but without success (normal operation of wiki seems unimpared):

I don't think it wise to move ahead with extension installation until EditConfirm is working properly. I am out of time tonight. Will investigate further at my next opportunity. -- Meyer (talk) 14:35, 20 October 2007 (EDT)

MediaWiki Extensions FAQ says scripts need to have execution permission set, which the PHP files downloaded in extensions/ConfirmEdit didn't. Set the permission, but still no visible improvement in function. -- Meyer (talk) 00:47, 24 October 2007 (EDT)

Running the wiki PHP scripts from the command line revealed an error in one of the scripts we're trying to install: 

$ php ConfirmEdit.php

Parse error: parse error, unexpected T_BOOLEAN_AND, expecting '(' in /export/sunsite/users/oesf/html/extensions/ConfirmEdit/ConfirmEdit.php on line 330

Googling for "mediawiki confirmedit t_boolean_and parse error" found mention of the same problem and a possible fix. Applying the fix makes the script run without error from the command line, but still no captcha. -- Meyer (talk) 03:24, 24 October 2007 (EDT)

Someone else with the same problem but unclear about how they solved it. Pursuing via e-mail. -- 219.67.171.131 04:04, 24 October 2007 (EDT)

Ironically, source had made same directory mistake I had. -- Meyer (talk) 13:33, 24 October 2007 (EDT)

SUCCESS!!! Mail from Tux made me realize I had mistaken a basic assumption and all the above changes to files had been done in the wrong area. Wiki files are not rooted at /export/sunsite/users/oesf but at /public/vhost/o/oesf. Repeated the above steps Backup files, CSS hidden spam, Blank user agents, and ConfirmEdit extension on the correct files. Only additional configuration change was setting captcha triggers for page edit and creation to true. Wiki now generates captchas for user registration, page create, and page edit (wiki administrators exempt). -- Meyer (talk) 08:48, 24 October 2007 (EDT)

Bad Behavior extension

Installing and Using Bad Behavior on MediaWiki

  1. Download archive
  2. Unpack archive
    • Destination directory: extensions (automatically creates extensions/Bad-Behavior)
    • DONE: Meyer (talk) 09:26, 25 October 2007 (EDT)
  3. Integrate into LocalSettings.php
    • Code: require_once( "$IP/extensions/Bad-Behavior/bad-behavior-mediawiki.php" );
    • DONE: Meyer (talk) 09:41, 25 October 2007 (EDT)
  4. Patch for MediaWiki 1.10+
    • After line: if (!defined('MEDIAWIKI')) die();
    • Add code: require_once( "$IP/includes/DatabaseFunctions.php" );
    • DONE: Meyer (talk) 10:03, 25 October 2007 (EDT)
  5. Custom patch: MediaWiki 1.11 introduces a functional change that breaks some extensions designed for previous versions, including Bad Behavior. Although at least one person recommends discontinuing use and contacting developers of such extensions, I made the following patch to Bad Behavior that seems to serve:
    • Add code at end of function bb2_mediawiki_timer (after bad-behavior-mediawiki.php line 122): return 1;
    • DONE: Meyer (talk) 15:02, 27 October 2007 (EDT)

Note: There is a bug in the Bad Behavior extension that messes up formatting at the bottom of the edit article page. Since it is cosmetic I am leaving it in place for now.

Bad Behavior 2 Extended

Bad Behavior 2 Extended

  1. Download files
  2. Add include in LocalSettings.php
    • Code (local customization): require_once( "$IP/extensions/Bad-Behavior/bb2ext.php" );
    • DONE: Meyer (talk) 15:22, 27 October 2007 (EDT)

SpamBlacklist extension

SpamBlacklist

  1. Download files.
  2. Add to LocalSettings.php
    • DONE: Meyer (talk) 14:05, 29 October 2007 (EDT)
    • Code: 
require_once( "$IP/extensions/SpamBlacklist/SpamBlacklist.php");
$wgSpamBlacklistFiles = array(
       "http://meta.wikimedia.org/w/index.php?title=Spam_blacklist&action=raw&sb_ver=1", // Wikimedia's list
       "DB: oesf Spam_Blacklist",
);
Retrieved from "http://www.oesf.org/index.php?title=OESF:Antispam_configuration_work_list"
Personal tools