Updated Wiki Software

In response to this comment:

I did some research and updated wiki.ithacagenerator.org to the latest version of MediaWiki and installed the VisualEditor plugin. This should hopefully alleviate the complexity of editing the Wiki as it is basically a what-you-see-is-what-you-get-editor now. If you prefer ‘old-school’ wiki markdown editing, you can still do that by clicking the pencil icon in edit mode and choosing “Source Editing” instead of “Visual Editing”.

/cc @Xanthe_Matychak

1 Like

One note here is that the update changed slightly how Google login works. You have to at create an account for the Wiki in the conventional way using the Create Account link in the upper right. After doing that, you should be able to Login with Google, should you choose, using the same email address as the Wiki account you created. This might get resolved someday, so that logging in with Google automatically creates an account, once the MediaWiki dev community sorts this out.

I think the old version of the Wiki had some antispam measure that got turned off/not installed with the update. Unless we suddenly got dozens of European twentysomethings as members with hobbies like escort services, video poker, etc.

OK, I think I just forgot to migrate the ConfirmEdit extension. Should be good now.

I think I no longer have admin status on the wiki. If you can fix that, I’ll start doing some cleanup.

Why do you think that?

Unfortunately, it didn’t seem to work. I’m not seeing any Captchas when I create a new user page (I apparently never made one before), and the Special:Version page says we are using version 1.4, not 1.6.

Heh, there appears to be two accounts: “Buddha” created a long time ago, and “Buddha Buck”, created in January. I finally got into the right account. I’m using a dodgy keyboard and it’s an old password, and “Log in with Google” uses the wrong account.

I’ll clean that up as well.

I’ve updated ConfirmEdit to the latest. I’m not sure that is what guards account creation though, if anything does.

I take that back, according to the docs, the defaults for ConfirmEdit are:

$wgCaptchaTriggers['edit'] = false; 
$wgCaptchaTriggers['create'] = false; 
$wgCaptchaTriggers['addurl'] = true; 
$wgCaptchaTriggers['createaccount'] = true;
$wgCaptchaTriggers['badlogin'] = true;

The create user page now has a Captcha. Hopefully that’ll stem the tide.

Looks like that didn’t do the trick. How about we restrict account creation for the moment?

Adding BlockAndNuke wouldn’t be a bad idea either.

OK, @Bez I’ve added BlockAndNuke

1 Like

Huh. Turns out BlockAndNuke doesn’t factor in user pages as ‘contributions’, so our new friends aren’t showing up in the tool. (They’re still creating accounts by the way - think about turning off account creation for the moment.)

@Bez ok I’ve disabled account creation for now, via LocalSettings.php

$wgGroupPermissions['*']['createaccount'] = false;

I would welcome support in how to deal with this new problem. Updating to the latest is usually the more secure thing to do :).

Looks like 421 spam accounts were created - too many to reasonably delete one at a time. I’m not finding a decent bulk user deletion extension, so it may involve maintenance scripts or messing with the database.

Whatever captcha we were using on account creation seems to be ineffective. I’d switch to a new QuestyCaptcha

@Bez, how did you identify the 421 spam accounts… I can run a maintenance script.

Is it everyone listed here?
https://wiki.ithacagenerator.org/index.php?title=Special:Log/block&offset=&limit=500&type=block&user=

… or https://wiki.ithacagenerator.org/index.php?title=Special:Log/newusers&offset=&limit=500&type=newusers&user= and visual inspection?

I have enabled QuestyCaptcha, but account creation is still disabled for the moment until we clean up the fake accounts…

OK, I ran php removeUnusedAccounts.php --delete and it seems to have gotten most of them?

I installed the UserMerge extension which might help…