Preventing spam on MediaWiki: Difference between revisions

From ULYSSIS documentation
No edit summary
 
(8 intermediate revisions by 4 users not shown)
Line 1: Line 1:
==google's recaptcha==
Because MediaWiki allows for unrestricted page editing by anonymous users and unrestricted account creation, MediaWiki websites often suffer from automated spam problems. There are 2 main ways to prevent spam on MediaWiki: using a captcha to block automated edits, or restricting account creation to trusted users.
===What is recaptcha and how/will it help prevent spam ?===
For answers to those questions you can look at google's page about recaptcha(https://google.com/recaptcha)


===Installation===
== Using captcha ==
This installation guide requires mediawiki '''1.26''' or higher
=== About ReCaptcha ===
Google introduced a new generation of ReCaptcha, called NoCaptcha in 2014. Using the MediaWiki extension ConfirmEdit, NoCaptcha can be used to prevent spam on wikis. ConfirmEdit is bundled with MediaWiki by default, but to enable NoCaptcha, you will have to get an API key from Google.


* Go to google's recaptcha administrator page(https://www.google.com/recaptcha/admin) and register your site
=== Installation ===
The NoCaptcha ConfirmEdit extension requires MediaWiki 1.26 or higher.


* Open your *LocalSettings.php* file which is in your mediawiki instalation folder
First, you have to get an API key from Google. Go to Google's ReCaptcha [https://www.google.com/recaptcha/admin administrator page] and register your website. You will need to select '''reCAPTCHA v2''', and '''"I'm not a robot" Checkbox'''. After registering your website, you will be presented with a public '''site key''' and a private '''secret key'''.
** put the following piece of text in the above mentioned file
<code>
require_once "$IP/extensions/ConfirmEdit/ConfirmEdit.php";


wfLoadExtension( 'ConfirmEdit/ReCaptchaNoCaptcha' );
Now you have to install and configure the ConfirmEdit extension. Locate the <code>LocalSettings.php</code> file in your MediaWiki installation folder and add the following lines to it:
$wgCaptchaClass = 'ReCaptchaNoCaptcha';
$wgReCaptchaSiteKey = ' '''your public/site key here''' ';
$wgReCaptchaSecretKey = ' '''your private key here''' ';
</code>
example of public and private key (https://i.imgur.com/vGJKEXx.png)


* mediawiki wil start loading recaptcha in the background and once done wil start using recaptcha for defending you from bots
wfLoadExtensions([ 'ConfirmEdit', 'ConfirmEdit/ReCaptchaNoCaptcha' ]);
$wgCaptchaClass = 'ReCaptchaNoCaptcha';
$wgReCaptchaSiteKey = ''''your public/site key here'''';
$wgReCaptchaSecretKey = ''''your private/secret key here'''';
$wgCaptchaTriggers['edit'] = true; // Trigger captcha for page edits.
$wgCaptchaTriggers['create'] = true; // Trigger captcha for page creation.
$wgCaptchaTriggers['addurl'] = true; // Trigger captcha for page edits containing URLs.
$wgCaptchaTriggers['createaccount'] = true; // Trigger captcha for account creation.
$wgCaptchaTriggers['badlogin'] = true; // Trigger captcha for login hacking attempts.
 
More information about the configuration options for advanced usage can be found here: https://www.mediawiki.org/wiki/Extension:ConfirmEdit#Configuration
 
== Restricting account creation ==
Because MediaWiki allows unregistered (anonymous) users to edit pages, this technique obviously relies on restricting page edits to logged-in users. To enable this, locate the <code>LocalSettings.php</code> file in your MediaWiki installation folder and add the following lines to it:
 
$wgGroupPermissions['*']['edit'] = false;
$wgGroupPermissions['*']['createtalk'] = false;
$wgGroupPermissions['*']['createpage'] = false;
$wgGroupPermissions['*']['writeapi'] = false;
 
Now only registered users can edit or create pages. However, the problem is not solved, as bots can automatically create an account to perform the spamming. There are 3 options to prevent this.
 
=== Centrale KU Leuven Login ===
Wikis connected to the KU Leuven Association can install an extension to use the Centrale KU Leuven Login. For more information about this option, there is the documentation page [[Securing MediaWiki using Centrale KU Leuven Login]].
 
=== Sysop account creation ===
Account creation can be restricted to only website administrators ('sysop'). Add the following line to <code>LocalSettings.php</code>:
 
$wgGroupPermissions['*']['createaccount'] = false;
 
=== Account creation queue ===
Using the extension [https://www.mediawiki.org/wiki/Extension:ConfirmAccount ConfirmAccount], account creation has to be manually confirmed by website administrators. Users are still able to create an account, but the account has to be confirmed before the user can log in. For more information, installation instructions and configuration, refer to the link above.
 
[[Category:Security & anti-spam]]
[[Category:CMSs]]

Latest revision as of 20:16, 24 April 2021

Because MediaWiki allows for unrestricted page editing by anonymous users and unrestricted account creation, MediaWiki websites often suffer from automated spam problems. There are 2 main ways to prevent spam on MediaWiki: using a captcha to block automated edits, or restricting account creation to trusted users.

Using captcha

About ReCaptcha

Google introduced a new generation of ReCaptcha, called NoCaptcha in 2014. Using the MediaWiki extension ConfirmEdit, NoCaptcha can be used to prevent spam on wikis. ConfirmEdit is bundled with MediaWiki by default, but to enable NoCaptcha, you will have to get an API key from Google.

Installation

The NoCaptcha ConfirmEdit extension requires MediaWiki 1.26 or higher.

First, you have to get an API key from Google. Go to Google's ReCaptcha administrator page and register your website. You will need to select reCAPTCHA v2, and "I'm not a robot" Checkbox. After registering your website, you will be presented with a public site key and a private secret key.

Now you have to install and configure the ConfirmEdit extension. Locate the LocalSettings.php file in your MediaWiki installation folder and add the following lines to it:

wfLoadExtensions([ 'ConfirmEdit', 'ConfirmEdit/ReCaptchaNoCaptcha' ]);
$wgCaptchaClass = 'ReCaptchaNoCaptcha';
$wgReCaptchaSiteKey = 'your public/site key here';
$wgReCaptchaSecretKey = 'your private/secret key here';
$wgCaptchaTriggers['edit'] = true; // Trigger captcha for page edits.
$wgCaptchaTriggers['create'] = true; // Trigger captcha for page creation.
$wgCaptchaTriggers['addurl'] = true; // Trigger captcha for page edits containing URLs.
$wgCaptchaTriggers['createaccount'] = true; // Trigger captcha for account creation.
$wgCaptchaTriggers['badlogin'] = true; // Trigger captcha for login hacking attempts.

More information about the configuration options for advanced usage can be found here: https://www.mediawiki.org/wiki/Extension:ConfirmEdit#Configuration

Restricting account creation

Because MediaWiki allows unregistered (anonymous) users to edit pages, this technique obviously relies on restricting page edits to logged-in users. To enable this, locate the LocalSettings.php file in your MediaWiki installation folder and add the following lines to it:

$wgGroupPermissions['*']['edit'] = false;
$wgGroupPermissions['*']['createtalk'] = false;
$wgGroupPermissions['*']['createpage'] = false;
$wgGroupPermissions['*']['writeapi'] = false;

Now only registered users can edit or create pages. However, the problem is not solved, as bots can automatically create an account to perform the spamming. There are 3 options to prevent this.

Centrale KU Leuven Login

Wikis connected to the KU Leuven Association can install an extension to use the Centrale KU Leuven Login. For more information about this option, there is the documentation page Securing MediaWiki using Centrale KU Leuven Login.

Sysop account creation

Account creation can be restricted to only website administrators ('sysop'). Add the following line to LocalSettings.php:

$wgGroupPermissions['*']['createaccount'] = false;

Account creation queue

Using the extension ConfirmAccount, account creation has to be manually confirmed by website administrators. Users are still able to create an account, but the account has to be confirmed before the user can log in. For more information, installation instructions and configuration, refer to the link above.