After installing MediaWiki on my website it's working good. I found several extra apps... installed them and enjoy using them. So far ... so good.
This morning i see a very lot (about 21000) new users who has nothing to do with this website. I have deleted them all by using PhP Admin / page 2 / eh3j-user. It looklikes a "user-bomb" was used to attack my website. Is there a way to avoid such a "user-bomb"?
# Settings for UserPageEditProtection
$wgOnlyUserEditUserPage = false; // edit only by owner of the page
$wgGroupPermissions['sysop']['editalluserpages'] = false; // edit only by sysop-group
$wgGroupPermissions['userpageeditor']['editalluserpages'] = false; // edit only by userpageeditor-group
$wgGroupPermissions['Autoconfirmed users']['editalluserpages'] = true; // edit only by Autoconfirmed users-group
# Settings for ConfirmAccount
$wgMakeUserPageFromBio = false; // Extension by default use content of the person's bio as default content for userpage. This behavior can be disabled.
$wgConfirmAccountRequestFormItems['Biography']['enabled'] = true; // To disable the biography in form.
$wgConfirmAccountRequestFormItems['Biography']['minWords'] = 10; // By default, a 10 word biography is required for the new user to submit the request form.
$wgGroupPermissions['sysop']['createaccount'] = true; // Sysops can still create accounts directly, if not disabled by set.
Ai ai ... now i can't login anymore. When i try i get this message:
There appears to be a problem with your login session. Your action has been halted as a precaution against a security risk (which consists of possible hijacking of this session). Please try submitting the form again.
Found out that my database had reached the maximum size of 2 GB. I managed to reduce it a bit with PhPMyAdmin by emptying the cache and log-files. Now i can login again :-)
I'll try to install the Captcha protection.
Thanks alot for the advice!