As a first pass here I removed the write / edit rights from the * group.
So now at least users have to register....
T195725: Add Extension:Nuke on Wikibase bundle docker image would be great for clearing the spam
T195989: Add Extension:ConfirmEdit to the wikibase bundle would enable us to stop it in the first place.
Once locked down I'll go through and purge the spam from the DB.
Lastly I added a new group and the real users currently on the site to the group.
These are the only users that are able to edit the main and user namespaces (where all the spam appears)
# Only trusted users can edit the main and user namespaces # This is the main in route for spam bots.... $wgNamespaceProtection[NS_MAIN] = [ 'Trusted' ]; $wgNamespaceProtection[NS_USER] = [ 'Trusted' ]; $wgNamespaceProtection[NS_USER_TALK] = [ 'Trusted' ]; # Create a Tursted user group $wgGroupPermissions['Trusted'] = $wgGroupPermissions['user'];
We can play around with this at a later stage if this gets in the way at all...
Maybe we should allow people with the Trusted right to give other people the Trusted right or something similar?
I also made the final change, members of the 'Trusted' group can add other users to the 'Trusted' group.
Also there is now also a captcha for page creation for users not in the group.
And I actually changed the namespace protection to allow all autoconfirmed users...