• Updated 2023-07-12: Hello, Guest! Welcome back, and be sure to check out this follow-up post about our outage a week or so ago.

spammers

ChristTrekker

Well-known member
Lots of spammers on the wiki lately. Is there anything that can be done on the technical side to try to stop them?

 

Cory5412

Daring Pioneer of the Future
Staff member
So I'm having this "whoa, wait, what?" moment, but aren't the accounts here and there linked? Or am I just like... crazy?

On my personal wiki at stenoweb.net/wiki the thing I did that ultimately stopped the spam accounts was to disable editing of pages by nonregistered users, and then to disable account registrations.

I already more or less did that to the phpBB side of things, and it sounds like not necessarily every forum registrant wants to edit things on the wiki, so we could just turn off registrations and make it so that somebody has to contact you or I (a wiki sysop, basically) in order to get an account created on the wiki.

Thoughts? I don't know *that* much about wiki (or phpBB2) security, just what I did on my own wiki, which has 100% completely stopped spam. (but it has also stopped a lot of the helpful types of adhoc contributions that are actually helpful, since to edit an account must be created by me.)

 

ChristTrekker

Well-known member
No, the accounts are not linked. That kind of integration* would be a really useful feature, though.

* Envisioned as four things. 1) Account creation on the forums creates a wiki account. 2) Account creation on the wiki just takes you to the forum registration page, see #1. 3) Wiki authentication checks against the forum credentials. 4) Forum profile page has a link to the wiki user page.

 

Cory5412

Daring Pioneer of the Future
Staff member
I really had thought it existed like that -- but since it doesn't, that actually makes doing some of the forum-related things a *lot* easier for me. My thoughts are that I'm going to update the forum and wiki software and do some of the protection stuff I'd thought about for the wiki.

 

PowerPup

Well-known member
So umm... Which version of phpBB are we running? That way I can run a fresh copy of that version on my computer and see if I can tweak the extension if need be. I'm no professional web programer. But I'll see what (or if) I can do. ;)

 

Cory5412

Daring Pioneer of the Future
Staff member
we're on 3.07-PL1.

let us know what you find. I would definitely set aside time to do this.

 

PowerPup

Well-known member
Cool, the extension requires phpBB3 minimum so it should be able to be implemented right away. I'll go ahead and do a test setup just to make sure it works without a hitch. ;)

 

PowerPup

Well-known member
Okay, did a quick setup on my computer, and it works great. :D

Just follow the instructions on the extension page. (It goes in the extensions directory of mediawiki, nothing to phpBB is changed.)

Just make sure that "$wgAuth_Config['UseWikiGroup']" is false and "$wgAuth_Config['UseExtDatabase']" is true. (I assume that the wiki and phpbb databases are separate for the latter. If so make sure to un-comment the MySQL settings and set them accordingly.)

Also make sure that "$wgAuth_Config['UserTB']", "$wgAuth_Config['GroupsTB']" and "$wgAuth_Config['User_GroupTB']" are properly set, took me 5 minutes before I realized that they were set to "phpbb3_---" instead of "phpbb_---" :p

Oh, and that "$wgAuth_Config['PathToPHPBB']" is set to '../forums' ;)

You can also implement "additional security" to prevent banned users from logging in to the wiki.

 

ChristTrekker

Well-known member
Alright guys, the solution has been specified—how soon can we put it in place? It's going to take me plenty long to clean up the crap the wiki has already accumulated, and it's only getting worse the longer we wait.

 

Cory5412

Daring Pioneer of the Future
Staff member
Sorry for the delay -- I've ensured that the wiki requires a login to edit, and I've ensured that no new accounts can be created. (baby steps, you see.)

I'm going to look at backing everything up and installing the appropriate add-ins for authentication based on phpBB credentials.

 

Cory5412

Daring Pioneer of the Future
Staff member
I just completed some well-needed spring cleaning of the wiki. wow.

Unfortunately any user that was already registered is sitll done so, but in my [anecdotal] experience, they tend to go inactive after the first few things they post.

It would be both hilarious and sad to bring a wiki online and just leave it blank and see how much spam it accumulates.

I'll look at the user management plugins and the phpBB plugins... one day!

 

Cory5412

Daring Pioneer of the Future
Staff member
Just as another update on this issue, I'm going to be updating MediaWiki this week -- information here: viewtopic.php?f=1&t=17520

After I do that (like, after I do the forum too) I'll look at adding some extensions for better user management functionality.

 

Cory5412

Daring Pioneer of the Future
Staff member
Hey uh... the upgrade hasn't gone how I thought it would.

so... don't edit anything for a while.

I have a backup of the database and the file structure from earlier today.

Also, the phpBB upgrade is looking like it's not going to go very well either. so... yeah.

I'm probably going to have to copy this all to a local VM and do a test upgrade there, so once again, it may be awhile. (whoops.)

 

Cory5412

Daring Pioneer of the Future
Staff member
I rolled back the changes I'd made and the wiki should now be in the state it was in before about 4 p.m. today.

It turns out that when you skip a bunch of versions and have a bunch of customizations, on, say, mediawiki and phpBB, upgrading it is ridiculously complicated.

 
Top