Mon, 18 Jun 2012
Antispam recommendations for MediaWiki (that are simple, and actually work, and permit anonymous editing)
I've had the honor of working with Will Kahn-Greene at the Participatory Culture Foundation recently. He works on the Miro desktop video player.
He also maintains the PCF's wiki. It runs MediaWiki. It was being spammed to smithereens. In this screenshot, you see WillKahnGreene's account deleting files and spam pages created by bots.
Before
After
As of about a week ago, all the bots can do is create user accounts. That means Will doesn't have to go blocking them and deleting the content they uploaded:
The exceedingly simple antispam strategy
You might be wondering how he did it. Here's what it took, in terms of policy:
- Permit anonymous edits to the wiki. (This is essential for WikiNature.)
- If you are uploading a file, you must be logged in with an account that has confirmed its email address.
- If you are adding a new URL to a page, you must be logged in with an account that has confirmed its email address.
Will had the patience to listen to me and try a few of my ideas, most of which still let some spam through.
Then we came up with the idea of hacking some changes into the CAPTCHA plugin to enforce the above policy. MediaWiki has a permissions system (they call it "user rights"). We use the user-rights system to restrict file uploads, but crucially there is no built-in way to restrict who can add URLs.
So Will had to write some very simple code that, effectively, adds an addurl permission to MediaWiki. He did it extending the ConfirmEdit extension. It's easy to install; you can find instructions on his project page. He wrote a blog post about it.
As far as I can tell, anyone who runs a public MediaWiki install should configure the wiki this way.
Seriously.
If you look at the long, sprawling MediaWiki documentation page about restricting spam, it contains all sorts of nonsense. Ignore it. Just do what Will did.
