MediaWiki Howto
From Cactus Howto
Securing MediaWiki
Always Check Recent changes
http://howto.cactus.de/index.php/Spezial:Letzte_%C3%84nderungen
Requiring Login for editing
The following changes need to be made in LocalSettings.php:
$wgEnableEmail = true; # to allow sending of email notification $wgGroupPermissions['*']['edit'] = false; # per default no one can edit $wgGroupPermissions['user']['edit'] = false; # not even registered users $wgAutopromote['emailconfirmed'] = APCOND_EMAILCONFIRMED; # preparing to allow only registered and # email confirmed users edit rights $wgImplicitGroups[] = 'emailconfirmed'; # Hide group from user list. $wgGroupPermissions['emailconfirmed']['edit'] = true; # Finally, set it to true for the desired group.
Use User Blocking
Note: you need SysOp rights for this: http://wiki-ip/index.php?SepcialPage:BlockIP
Preventing access to Special Pages
howto:/usr/share/mediawiki# grep act LocalSettings.php $wgGroupPermissions['Cactus']['read'] = true; $wgGroupPermissions['Cactus']['Cactus'] = true; howto:/usr/share/mediawiki/includes# grep Cactus SpecialPage.php 'Listgrouprights' => array( 'SpecialPage', 'SpecialListGroupRights', 'Cactus'), 'Listusers' => array( 'SpecialPage', 'Listusers', 'Cactus' ), 'Listfiles' => array( 'SpecialPage', 'Listfiles', 'Cactus' ), 'Allmessages' => array( 'SpecialPage', 'Allmessages', 'Cactus' ), 'Version' => array( 'SpecialPage', 'Version', 'Cactus'), howto:/usr/share/mediawiki/includes#
Adding Captcha for new user creation using Extension ConfirmEdit
NB: standard captcha (math) is not sufficient!
Install Extension confirmedit:
aptitude install mediawiki-extensions-confirmedit
howto:/usr/share/mediawiki# dpkg -l | grep confirmedit ii mediawiki-extensions-confirmedit 2.3squeeze1 Extensions for MediaWiki -- ConfirmEdit extension howto:/usr/share/mediawiki#
Add to end of LocalSettings.php:
require_once( "$IP/extensions/ConfirmEdit/ConfirmEdit.php" ); require_once( "$IP/extensions/ConfirmEdit/FancyCaptcha.php" ); $wgCaptchaClass = 'FancyCaptcha'; $wgCaptchaDirectory = '/usr/share/mediawiki-extensions/confirmedit/captchas'; $wgCaptchaSecret = 'XXX';
Create dir for captchas:
mkdir /usr/share/mediawiki-extensions/confirmedit/captchas
Create captchas:
python ./captcha.py --font=/usr/share/fonts/truetype/ttf-liberation/LiberationSans-Regular.ttf --wordlist=/usr/share/dict/ngerman --key XXX --output=/usr/share/mediawiki-extensions/confirmedit/captchas --count=100
Finally delete users in wikidb that have been added by bots (assuming that users with id 0,1,2,40 and 1577 are real):
delete from revision where not rev_user=0 and not rev_user=1 and not rev_user=2 and not rev_user=40 and not rev_user=1577; delete from mwuser where not user_id=1 and not user_id=0 and not user_id=2 and not user_id=40 and not user_id=1577;
Even with this graphical capture 86 users were created by bots during 120 days.
Setting logo
- copy logo (135x135 pixel) into /var/lib/mediawiki/images
- Edit LocalSettings.php
- Note: When using relative pathname for the logo, start with a slash (/). Do not think about it ;-).
- Example config:
howto:/xxx/mediawiki# grep Logo LocalSettings.php $wgLogo = "/images/cactus-logo.jpg";