MediaWiki Howto
From Cactus Howto
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.
Securing MediaWiki
Always Check Recent changes
http://howto.cactus.de/index.php/Spezial:Letzte_%C3%84nderungen
Requiring Login for editing
The following changes need to be made in LocalSettings.php:
$wgEnableEmail = true; # to allow sending of email notification $wgGroupPermissions['*']['edit'] = false; # per default no one can edit $wgGroupPermissions['user']['edit'] = false; # not even registered users $wgAutopromote['emailconfirmed'] = APCOND_EMAILCONFIRMED; # preparing to allow only registered and # email confirmed users edit rights $wgImplicitGroups[] = 'emailconfirmed'; # Hide group from user list. $wgGroupPermissions['emailconfirmed']['edit'] = true; # Finally, set it to true for the desired group.
Use User Blocking
Note: you need SysOp rights for this: http://wiki-ip/index.php?SepcialPage:BlockIP
Preventing access to Special Pages
howto:/usr/share/mediawiki# grep act LocalSettings.php $wgGroupPermissions['Cactus']['read'] = true; $wgGroupPermissions['Cactus']['Cactus'] = true; howto:/usr/share/mediawiki/includes# grep Cactus SpecialPage.php 'Listgrouprights' => array( 'SpecialPage', 'SpecialListGroupRights', 'Cactus'), 'Listusers' => array( 'SpecialPage', 'Listusers', 'Cactus' ), 'Listfiles' => array( 'SpecialPage', 'Listfiles', 'Cactus' ), 'Allmessages' => array( 'SpecialPage', 'Allmessages', 'Cactus' ), 'Version' => array( 'SpecialPage', 'Version', 'Cactus'), howto:/usr/share/mediawiki/includes#
Adding Captcha for new user creation using Extension ConfirmEdit
NB: standard captcha (math) is not sufficient!
Install Extension confirmedit:
aptitude install mediawiki-extensions-confirmedit
howto:/usr/share/mediawiki# dpkg -l | grep confirmedit ii mediawiki-extensions-confirmedit 2.3squeeze1 Extensions for MediaWiki -- ConfirmEdit extension howto:/usr/share/mediawiki#
Add to end of LocalSettings.php:
require_once( "$IP/extensions/ConfirmEdit/ConfirmEdit.php" ); require_once( "$IP/extensions/ConfirmEdit/FancyCaptcha.php" ); $wgCaptchaClass = 'FancyCaptcha'; $wgCaptchaDirectory = '/usr/share/mediawiki-extensions/confirmedit/captchas'; $wgCaptchaSecret = 'XXX';
Create dir for captchas:
mkdir /usr/share/mediawiki-extensions/confirmedit/captchas
Create captchas:
python ./captcha.py --font=/usr/share/fonts/truetype/ttf-liberation/LiberationSans-Regular.ttf --wordlist=/usr/share/dict/ngerman --key XXX --output=/usr/share/mediawiki-extensions/confirmedit/captchas --count=100
Finally delete users in wikidb that have been added by bots (assuming that users with id 0,1,2,40 and 1577 are real):
delete from revision where not rev_user=0 and not rev_user=1 and not rev_user=2 and not rev_user=40 and not rev_user=1577; delete from mwuser where not user_id=1 and not user_id=0 and not user_id=2 and not user_id=40 and not user_id=1577;
Even with this graphical capture 86 users were created by bots during 120 days.
Setting logo
- copy logo (135x135 pixel) into /var/lib/mediawiki/images
- When using relative pathname for the logo, start with a slash (/). Do not think about it ;-). Example:
howto:/xxx/mediawiki# grep Logo LocalSettings.php $wgLogo = "/images/cactus-logo.jpg";