Hello, I am one of the administrators of this wiki (http://www.ichscotlandwiki.org/index.php?title=Intangible_Cultural_Heritage_in_Scotland) that I will use for my PhD research. It has been affecting by massive spam for several months. We upgraded the software, we installed both Nuke and Block and Nuke (by putting in the white lists only the administrators) extensions, we regularly change the question for the registration (using Google reCAPTCHA), which also requires the confirmation through email link, and added a black list provided by MediaWiki. However, this wasn't enough to either stop the spam or even slow it down. Can anyone suggest further actions to be undertaken? Any advice welcome.
Topic on Project:Support desk
Hello!
It seems, that you haven't setup ConfirmEdit correctly. If i go (logged out) to Special:UserLogin&type=signup to create a new account i can do that without solving a captcha. Have you set up ConfirmEdit, especially the Triggers, correcly?
To use ConfirmEdit to protect for spam registrations, you should have this line in your LocalSettings.php:
$wgCaptchaTriggers['createaccount'] = true;
Ah, and: Everyone can, without solving a Captcha, edit the contents of this wiki, that's the heavon for spam bots :D
Thank you very much, I'll try this solution.
Hello Florianschmidtwelzow, the command was already $wgCaptchaTriggers['createaccount'] = true; however, we realised that some people are asked for the CAPTCHA question when they are about to fill the form to create an account, others are not. How can this happen?
Ok, now i have a captcha, that's much better :) I can't say, why some users get a captcha and some not. Can you post all ConfirmEdit related configuration settings in your LocalSettings.php (remove the client and secret id from reCaptcha ;))?
I can't do it right now because the person who has access to the local settings lives far from me and he didn't reply me yet. Even though the Captcha, the creation of SPAM user is still ongoing and it is driving me crazy. Isn't there an effective way to stop this apart from adding a Captcha in the registration form?
If your problem is dozens of "people" registering and filling their own user-page with spam each day, I had the same problem a while ago. I managed to keep my wiki spam-free for about a year now. I can only recommend using questy captcha instead of recaptcha, if you are able to come up with really specialised questions that are easy for your users, but merely unsolvable for the spam-workhouses in Bangladesh (or whereever).