[OpenStack-Infra] Wiki.o.o sustaining spam attack
JP Maxwell
jp at tipit.net
Tue Feb 23 07:57:16 UTC 2016
One final thought, I recall on the mobile view there is a secret word
request in the account creation page:
https://wiki.openstack.org/w/index.php?title=Special:UserLogin&type=signup&returnto=Main+Page&returntoquery=mobileaction%3Dtoggle_view_mobile%26welcome%3Dyes
So, this is probably already setup. It's possible you only need to add the
triggers. Though I might make the question something a human could
reasonably figure out if you want people to continue to be able to edit the
wiki in the meantime:
$wgCaptchaTriggers['edit'] = true;
$wgCaptchaTriggers['create'] = true;
J.P. Maxwell / tipit.net <http://www.tipit.net>
On Tue, Feb 23, 2016 at 1:48 AM, JP Maxwell <jp at tipit.net> wrote:
> Hah. Well, I'm not entirely sure how this is setup to manage code
> changes. I looked in GitHub and just see the puppet configs. Not sure
> where or how I could push changes into LocalSettings.php, otherwise I'd be
> happy to do it :D Gotta catch a little rest now, but will check in on
> this in a few hours.
>
> J.P. Maxwell / tipit.net <http://www.tipit.net>
>
>
> On Tue, Feb 23, 2016 at 1:43 AM, Tom Fifield <tom at openstack.org> wrote:
>
>> Cheers, that's exactly what we need someone to do.
>>
>>
>> On 23/02/16 15:34, JP Maxwell wrote:
>>
>>> OK - so per the info here, you have to set the type of Captcha and add
>>> in editing and create page as triggers requiring Captcha.
>>>
>>> As an example to use QuestyCaptcha a the bottom of the LocalSettings.php
>>> file:
>>>
>>> https://www.mediawiki.org/wiki/Extension:ConfirmEdit#QuestyCaptcha
>>>
>>> And make sure the triggers are set:
>>>
>>> https://www.mediawiki.org/wiki/Extension:ConfirmEdit#Configuration
>>>
>>> So, for example (you might want to change the questions), but the below
>>> should at least stop the bleeding?
>>>
>>> require_once "$IP/extensions/ConfirmEdit/ConfirmEdit.php";
>>>
>>> // Use this line ONLY if your MediaWiki version is 1.25 or newer:
>>> //wfLoadExtension( 'ConfirmEdit/QuestyCaptcha' );
>>> // Use this line ONLY if your MediaWiki version is older than 1.25:
>>> require_once "$IP/extensions/ConfirmEdit/QuestyCaptcha.php";
>>>
>>> $wgCaptchaClass = 'QuestyCaptcha';
>>>
>>> // Add your questions in LocalSettings.php using this format
>>> $wgCaptchaQuestions[] = array( 'question' => "A question?", 'answer' =>
>>> "An Answer");
>>> $wgCaptchaQuestions[] = array( 'question' => 'How much wood would a
>>> woodchuck chuck if a woodchuck could chuck wood?', 'answer' => 'as much
>>> wood as...' );
>>> $wgCaptchaQuestions[] = array( 'question' => "What is this wiki's
>>> name?", 'answer' => "$wgSitename" );
>>> // You can also provide several acceptable answers to a given question
>>> (the answers shall be in lowercase):
>>> $wgCaptchaQuestions[] = array( 'question' => "2 + 2 ?", 'answer' =>
>>> array( '4', 'four' ) );
>>>
>>> $wgCaptchaTriggers['edit'] = true;
>>> $wgCaptchaTriggers['create'] = true;
>>>
>>>
>>> J.P. Maxwell / tipit.net <http://www.tipit.net>
>>>
>>>
>>> On Tue, Feb 23, 2016 at 12:55 AM, Tom Fifield <tom at openstack.org
>>> <mailto:tom at openstack.org>> wrote:
>>>
>>> For wiki.o.o, I believe this is at:
>>>
>>> https://wiki.openstack.org/wiki/Special:Version
>>>
>>> On 23/02/16 14:51, JP Maxwell wrote:
>>>
>>> I did setup a wiki and have a look at this briefly. Can you
>>> confirm
>>> what extensions you are loading? When you setup the wiki it
>>> generates a
>>> localsettings.php file that lists the extensions:
>>>
>>>
>>>
>>> Inline image 1
>>>
>>> # Enabled Extensions. Most extensions are enabled by including
>>> the base
>>> extension file here
>>> # but check specific extension documentation for more details
>>> # The following extensions were automatically enabled:
>>> wfLoadExtension( 'ConfirmEdit' );
>>> wfLoadExtension( 'InputBox' );
>>> wfLoadExtension( 'SpamBlacklist' );
>>> wfLoadExtension( 'TitleBlacklist' );
>>> wfLoadExtension( 'WikiEditor' );
>>>
>>> I think if you have that ConfirmEdit extension you can enable
>>> captcha
>>> when creating new pages / editing existing ones. In addition,
>>> there do
>>> seem to be some spam extensions that come built in.
>>>
>>>
>>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-infra/attachments/20160223/0e98c198/attachment.html>
More information about the OpenStack-Infra
mailing list