MediaWiki Howto

From Cactus Howto
Revision as of 08:29, 20 September 2013 by Tim (talk | contribs) (→‎Setting logo)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigationJump to search
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.

Securing MediaWiki

Always Check Recent changes

http://howto.cactus.de/index.php/Spezial:Letzte_%C3%84nderungen

Requiring Login for editing

The following changes need to be made in LocalSettings.php:

$wgEnableEmail      = true;                                     # to allow sending of email notification
$wgGroupPermissions['*']['edit'] = false;                       # per default no one can edit
$wgGroupPermissions['user']['edit']           = false;          # not even registered users
$wgAutopromote['emailconfirmed'] = APCOND_EMAILCONFIRMED;       # preparing to allow only registered and 
                                                                # email confirmed users edit rights
$wgImplicitGroups[] = 'emailconfirmed';                         # Hide group from user list.
$wgGroupPermissions['emailconfirmed']['edit'] = true;           # Finally, set it to true for the desired group.

Use User Blocking

Note: you need SysOp rights for this: http://wiki-ip/index.php?SepcialPage:BlockIP

Preventing access to Special Pages

Source: http://phlow.net/magazin/netzkultur/technik/445-mediawiki-spezialseiten-vor-unerlaubtem-zugriff-sperren

howto:/usr/share/mediawiki# grep act LocalSettings.php
$wgGroupPermissions['Cactus']['read'] = true;
$wgGroupPermissions['Cactus']['Cactus'] = true;
howto:/usr/share/mediawiki/includes# grep Cactus SpecialPage.php 
'Listgrouprights'           => array( 'SpecialPage', 'SpecialListGroupRights', 'Cactus'),
'Listusers'                 => array( 'SpecialPage', 'Listusers', 'Cactus' ),	
'Listfiles'                 => array( 'SpecialPage', 'Listfiles', 'Cactus' ),
'Allmessages'               => array( 'SpecialPage', 'Allmessages', 'Cactus' ),
'Version'                   => array( 'SpecialPage', 'Version', 'Cactus'),
howto:/usr/share/mediawiki/includes#

Adding Captcha for new user creation using Extension ConfirmEdit

NB: standard captcha (math) is not sufficient!


Install Extension confirmedit:

aptitude install mediawiki-extensions-confirmedit
howto:/usr/share/mediawiki# dpkg -l | grep confirmedit
ii  mediawiki-extensions-confirmedit   2.3squeeze1                  Extensions for MediaWiki -- ConfirmEdit extension
howto:/usr/share/mediawiki# 

Add to end of LocalSettings.php:

require_once( "$IP/extensions/ConfirmEdit/ConfirmEdit.php" );
require_once( "$IP/extensions/ConfirmEdit/FancyCaptcha.php" );
$wgCaptchaClass = 'FancyCaptcha';
$wgCaptchaDirectory = '/usr/share/mediawiki-extensions/confirmedit/captchas';
$wgCaptchaSecret = 'XXX';

Create dir for captchas:

mkdir /usr/share/mediawiki-extensions/confirmedit/captchas

Create captchas:

python ./captcha.py --font=/usr/share/fonts/truetype/ttf-liberation/LiberationSans-Regular.ttf --wordlist=/usr/share/dict/ngerman --key XXX --output=/usr/share/mediawiki-extensions/confirmedit/captchas --count=100

Finally delete users in wikidb that have been added by bots (assuming that users with id 0,1,2,40 and 1577 are real):

delete from revision where not rev_user=0 and not rev_user=1 and not rev_user=2 and not rev_user=40 and not rev_user=1577;
delete from mwuser where not user_id=1 and not user_id=0 and not user_id=2 and not user_id=40 and not user_id=1577;

Even with this graphical capture 86 users were created by bots during 120 days.

  • copy logo (135x135 pixel) into /var/lib/mediawiki/images
  • Edit LocalSettings.php
  • Note: When using relative pathname for the logo, start with a slash (/). Do not think about it ;-).
  • Example config:
howto:/xxx/mediawiki# grep Logo LocalSettings.php 
 $wgLogo             = "/images/cactus-logo.jpg";